Support the ongoing development of Laravel.io →
Authentication Security Eloquent
Last updated 2 years ago.
0

I just do not understand why this needs to be so complex, why cant u just add a isAdmin field, default it to false, if u want to exclude admins from lists, User::where('isAdmin','!=','true');

Last updated 2 years ago.
0

You can use contexts for this. To cut this short, just check this out http://culttt.com/2014/03/31/multi-tenancy-laravel-4/. Though I don't think this is the best implementation of this concept, still can be useful and point you in the right direction.

Last updated 2 years ago.
0

thanks jarek,

although its not quite what I'm after, there are a few queues i can take from it.

if it was an app just for me i wouldn't worry about just adding an is_admin db field and using this in every query.

the problem is hopefully the system will be used by plugin developers just like wordpress is, and i want to make it as simple for them as possible, while also making sure a simple thing like listing users excludes admins without the plugin author explicitly stating it from a security point of view.

User::where('isAdmin','!=','true');

would work fine, but i want admins to be listed on a "explicitly requested" basis and not during normal user calls.

thinking about it this way is there a way within the model to always add a where clause to any call to the model?

is there like a build query event or something like that?

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

leemason leemason Joined 4 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.