I'm trying to shorten my controller code, and I want to know the conventions to use with Laravel while validating and storing.
Controller
public function store(Request $request)
{
// Validation
$user_id = Auth::user()->id;
$request->validate([
'lname' => 'required|max:255',
'fname' => 'required|max:255',
'ar_lname' => 'required|max:255',
'ar_fname' => 'required|max:255',
'tel' => 'required|digits:10|unique:infos',
'level' =>'required|max:50',
'goal' =>'required',
'img' => 'required|image|mimes:jpeg,bmp,png',
'cin' => 'required|image|mimes:jpeg,bmp,png',
]);
// Store
info::create([
'user_id' => $user_id,
'lname' => $request->lname,
'fname' => $request->fname,
'ar_fname' => $request->ar_fname,
'ar_lname' => $request->ar_lname,
'bday' => $request->bday,
'tel' => $request->tel,
'level' => $request->level,
'goal' => $request->goal,
'img' => $request->file('img')->store('images', 'public'),
'cin' => $request->file('cin')->store('cins/' . $request->lname . ' '. $request->fname ),
'registered' => true,
]);
// Redirect
return redirect()->route('user.index');
}
First of all you can isolate the validation in a dedicated class following the Laravel way by creating a custom Request with your rules.
php .\artisan make:request StoreInfoRequest
StoreInfoRequest
class StoreInfoRequest extends FormRequest
public function authorize(): bool
{
return true;
}
public function rules(): array
{
return [
'lname' => 'required|max:255',
'fname' => 'required|max:255',
'ar_lname' => 'required|max:255',
'ar_fname' => 'required|max:255',
'bday' => 'date',
'tel' => 'required|digits:10|unique:infos',
'level' => 'required|max:50',
'goal' => 'required',
'img' => 'required|image|mimes:jpeg,bmp,png',
'cin' => 'required|image|mimes:jpeg,bmp,png',
];
}
}
Then this can't be called a Laravel way but it will be very short and clean:
public function store(StoreInfoRequest $request)
{
info::create(
array_merge(
['user_id' => Auth::user()->id],
$request->safe()->except(['img', 'cin']),
['img' => $request->file('img')->store('images', 'public')],
['cin' => $request->file('cin')->store('cins/' . $request->lname . ' ' . $request->fname)],
['registered' => true],
)
);
return redirect()->route('user.index');
}
If you are using Laravel 9 you can do return to_route('user.index');
It is a good practice to create separate classes for each concerns, like for your controller it should only handle receiving and returning the output of your http request.
So you should create classes for the FF:
Class that will handle the validation
Class that you will handle the business logic
As what Medilies answered you have to create a separate file for validating all incoming data. You need to create a Request file that will handle it.
php artisan make:request StoreInfoRequest
StoreInfoRequest
class StoreInfoRequest extends FormRequest
public function authorize(): bool
{
return true;
}
public function rules(): array
{
// declare here everything even it is not required
return [
'lname' => 'required|max:255',
'fname' => 'required|max:255',
'bday' => 'date',
];
}
this will return an array of the validated columns you entered in your StoreInfoRequest $validated.
Then create a service file that will handle your business logic say InfoService. Within this file you can do the eloquent saving. By then you can have clean and thin controller like this.
public function store(StoreInfoRequest $request)
{
$this->InfoService->store($request->$validated);
return redirect()->route('user.index');
}
Don't forget to instantiate the service file in your controller's __constructor method.
public function __constructor(StoreInfoRequest $storeInfoRequest)
{
$this->storeInfoRequest = $storeInfoRequest;
}
Related
I want to add Department field in User entity, so I decided to extend the default UserCrudController from this package https://github.com/Laravel-Backpack/PermissionManager.
So I created a custom controller with this command php artisan make:controller Admin\UserController
In file \app\Providers\AppServiceProvider.php I also add this (as instructed)
public function register()
{
$this->app->bind(
\Backpack\PermissionManager\app\Http\Controllers\UserCrudController::class,
\App\Http\Controllers\Admin\UserController::class,
);
}
Then here is the content of \App\Http\Controllers\Admin\UserController
namespace App\Http\Controllers\Admin;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Backpack\PermissionManager\app\Http\Controllers\UserCrudController;
use Backpack\CRUD\app\Library\CrudPanel\CrudPanelFacade as CRUD;
class UserController extends UserCrudController
{
public function setupCreateOperation()
{
parent::setupCreateOperation();
$fields['departments'] = [
'label' => 'Departments',
'type' => 'select2_multiple',
'name' => 'tags',
'entity' => 'tags',
'attribute' => 'name',
'model' => "App\Models\Tag",
'pivot' => true,
'wrapper' => ['class' => 'form-group col-6 col-md-4'],
'options' => (function ($query) {
return $query->where('type', 'Department')->get();
}),
];
foreach($fields as $key=>$field) {
CRUD::addField($field);
}
}
public function setupUpdateOperation()
{
parent::setupUpdateOperation();
$this->setupCreateOperation();
}
}
All seems fine, I can see all default information such as: username, email, roles, permission and my custom department fields.
The problem is, when I try to modify an existing user adding some Departments, I got this error
The email has already been taken.
The password field is required.
Somehow it's treated as new user registration. What could be the problems?
Somehow, I solved it by copying setupCreateOperation to setupUpdateOperation.
namespace App\Http\Controllers\Admin;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Backpack\PermissionManager\app\Http\Controllers\UserCrudController;
use Backpack\CRUD\app\Library\CrudPanel\CrudPanelFacade as CRUD;
class UserController extends UserCrudController
{
...
public function setupUpdateOperation()
{
parent::setupUpdateOperation();
$fields['departments'] = [
'label' => 'Departments',
'type' => 'select2_multiple',
'name' => 'tags',
'entity' => 'tags',
'attribute' => 'name',
'model' => "App\Models\Tag",
'pivot' => true,
'wrapper' => ['class' => 'form-group col-6 col-md-4'],
'options' => (function ($query) {
return $query->where('type', 'Department')->get();
}),
];
foreach($fields as $key=>$field) {
CRUD::addField($field);
}
}
}
Hopefully there's a shorter way to reduce this duplication.
I am manually implementing user registration within my application and I have failed to understand this section of laravel 8 docs
If you are manually implementing registration within your application instead of using a starter kit, you should ensure that you are dispatching the Illuminate\Auth\Events\Registered event after a user's registration is successful:
use Illuminate\Auth\Events\Registered;
event(new Registered($user));
I tried different approaches but in the end i failed to understand this and email is not being sent
Here is my registration code
public function storeUser(Request $request){
$validated = $request->validate([
'first_name' => 'required',
'last_name' => 'required',
'email' => 'required|email:rfc,dns',
'password' => ['required','confirmed', Password::min(8)],
'phone_number' => 'required'
]);
$registeredDetails = User::create([
'first_name' => $request->first_name,
'last_name' => $request->last_name,
'email' => $request->email,
'password' => Hash::make($request->password),
'phone_number' => $request->phone_number
]);
}
My question is where do I dispatch this event the documentation is saying?
Here is the top of my UserControler
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\Password;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Auth\Events\Registered;
and here is the mail code in env
MAIL_MAILER=smtp
MAIL_HOST=kokayazanzibar.com
MAIL_PORT=465
MAIL_USERNAME=demo#kokayazanzibar.com
MAIL_PASSWORD=ienteredmypasswordhere
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=demo#kokayazanzibar.com
MAIL_FROM_NAME="${APP_NAME}"
Here is EventServiceProvider
class EventServiceProvider extends ServiceProvider
{
/**
* The event listener mappings for the application.
*
* #var array
*/
protected $listen = [
Registered::class => [
SendEmailVerificationNotification::class,
],
];
/**
* Register any events for your application.
*
* #return void
*/
public function boot()
{
//
}
}
You would dispatch this after the user is created in your application.
In your case:
$validated = $request->validate([
'first_name' => 'required',
'last_name' => 'required',
'email' => 'required|email:rfc,dns',
'password' => ['required','confirmed', Password::min(8)],
'phone_number' => 'required'
]);
$registeredDetails = User::create([
'first_name' => $request->first_name,
'last_name' => $request->last_name,
'email' => $request->email,
'password' => Hash::make($request->password),
'phone_number' => $request->phone_number
]);
event(new Registered($registeredDetails));
I did not implement the interface on my User Model.
It was
class User extends Authenticatable
{
I thought I put it well but I was missing this implementation and was supposed to be like this
class User extends Authenticatable implements MustVerifyEmail
{
and now its working.
In BroadcastServiceProvider.php I've got data when user joins the channel and I would like to store it to DB. I am wondering how to override this storeUser() function to make it work (I've used this function before but it was in other circumstances).
public function storeUser() {
UserInfo::create([
'ip' => Request::ip(),
'name' => Auth::user()->name
]);
}
BroadcastServiceProvider.php
Broadcast::channel('chat', function ($user) {
$ip = Request::ip();
if (auth()->check()) {
return [
'id' => $user->id,
'ip' => $ip,
'name' => $user->name
];
}
});
Update the UserInfo model to have the storeUser method.
class UserInfo
{
public static function storeUser() {
UserInfo::create([
'ip' => Request::ip(),
'name' => Auth::user()->name
]);
}
Then you can call it in the broadcaster
Broadcast::channel('chat', function ($user) {
$ip = Request::ip();
if (auth()->check()) {
UserInfo::storeUser();
return [
'id' => $user->id,
'ip' => $ip,
'name' => $user->name
];
}
});
You can also call it in the same way UserInfo::storeUser(); in the users controller where ever you need it.
In my controllers a lot of code, about 1000 lines
Advise how you can make more convenient, for example to make a piece of code in trait
components/ProductTrait.php
trait ProductTrait{
protected function getProductProvider(Product $model){
$dataProductProvider = new CActiveDataProvider('Product', array(
'criteria' => array(
'limit' => $pageLimit,
'condition' => 't.creatorId = :creatorId AND t.categoryId =:categoryId',
'order' => 't.created DESC',
'params' => array(
':creatorId' => $model->creatorId,
':categoryId' => $model->categoryId,
),
),
'pagination' => false,
'sort' => false,
));
return $dataProductProvider;
}
}
Controller
class DealerController extends Controller{
use ProductTrait;
public function actionView($id){
$model = $this->loadModel($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
$renderParams['productProvider'] = $this->getProductProvider($model);
}
}
You can use Trait, but you can also use behaviors.
First you declare your behavior
class ProductBehavior extends CBehavior
{
protected function getProductProvider(Product $model){
$dataProductProvider = new CActiveDataProvider('Product', array(
'criteria' => array(
'limit' => $pageLimit,
'condition' => 't.creatorId = :creatorId AND t.categoryId =:categoryId',
'order' => 't.created DESC',
'params' => array(
':creatorId' => $model->creatorId,
':categoryId' => $model->categoryId,
),
),
'pagination' => false,
'sort' => false,
));
return $dataProductProvider;
}
}
Then you use it in your controller (don't forget to attach it, I've done it in the init method)
class DealerController extends Controller{
public function init() {
//Attach the behavior to the controller
$this->attachBehavior("productprovider",new ProductBehavior);
}
public function actionView($id){
$model = $this->loadModel($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
//We use the behavior methods as if it is one of the controller methods
$renderParams['productProvider'] = $this->getProductProvider($model);
}
}
The main point of behaviors is it's working in php 5.3 whereas trait are not.
Now here's some difference between traits and behaviors:
A first difference with behaviors is that traits can not be parameterized.
In your controller you could declare the behaviors this way:
public function behaviors(){
return array(
'ProductBehavior ' => array(
'class' => 'components.behaviors.ProductBehavior',
'firstAttribute' => 'value',
'secondAttribute' => 'value',
)
);
}
Your ProductBehavior class would have 2 public attributes: firstAttribute and secondAttribute.
One thing traits lack when compared to behaviors is runtime attachement. If you want to extend a given (let's say 3rdParty) class with some special functionality, behaviors give you a chance to attach them to the class (or more specifically to instances of the class). Using traits, you had to to modify the source of the class.
A Wiki about behaviors
The Yii Guide
The CBehavior doc
Back in May, I posted this question. I'm trying to do the same thing again on a different app, but I haven't found a solution to this problem. I do have more information and better code, so I'm hoping you guys can help me sort this out.
Use Case:
Doctor's office has a website with admin users. The users login successfully with CakePHP's Auth via User model and UsersController.
Doctors have referring physicians with completely different profiles and actions. Doctors need to login via example.com/physicians/login. However, this login is failing with this
authError => 'You are not authorized to access that location.'
Here is my code in AppController:
class AppController extends Controller {
public $helpers = array('Form', 'Html', 'Time', 'Session', 'Js' => array('Jquery'));
public $components = array(
'Session',
'Auth' => array(
'autoRedirect' => false,
'authorize' => 'Controller'
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view', 'edit', 'display', 'featured', 'events', 'contact', 'signup', 'search', 'view_category', 'view_archive', 'addComment', 'schedule', 'login');
}
}
And here is my UsersController that is working:
class UsersController extends AppController {
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'userModel' => 'User',
'fields' => array(
'username' => 'username',
'password' => 'password'
)
)
),
'loginRedirect' => array('controller' => 'users', 'action' => 'admin'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'index'),
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'sessionKey' => 'Admin'
)
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add', 'login', 'logout');
}
function isAuthorized() {
return true;
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
public function logout() {
$this->Session->destroy();
$this->redirect($this->Auth->logout());
}
Here is my PhysiciansController code that is NOT working:
class PhysiciansController extends AppController {
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'userModel' => 'Physician',
'fields' => array(
'username' => 'username',
'password' => 'password'
)
)
),
'loginRedirect' => array('controller' => 'physicians', 'action' => 'dashboard'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'index'),
'loginAction' => array('controller' => 'physicians', 'action' => 'login'),
'sessionKey' => 'Physician'
)
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->authorize = array(
'Actions' => array(
'userModel' => 'Physician',
'actionPath' => 'physicians'
)
);
$this->Auth->allow('login', 'logout');
// $this->Session->write('Auth.redirect','/physicians/index');
}
function isAuthorized() {
return true;
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect(array('controller' => 'physicians', 'action' => 'dashboard'));
} else {
$this->Session->read();
debug($this->Auth);
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
public function logout() {
$this->Session->destroy();
$this->redirect($this->Auth->logout());
}
I really don't want to start over and switch to ACL -- I'm not sure that's necessary for just two logins. Help would be very much appreciated!
EDIT: Joshua's answer below is awesome and super helpful. I implemented it, but I'm still receiving an unauthorized error when I try to login as a Physician via /phys/physican/login (prefix/controller/action). The Admin setup works great. Here's the debug code when I try to login:
object(AuthComponent) {
components => array(
(int) 0 => 'Session',
(int) 1 => 'RequestHandler'
)
authenticate => array(
'Form' => array(
'userModel' => 'Physician'
)
)
authorize => false
ajaxLogin => null
flash => array(
'element' => 'default',
'key' => 'auth',
'params' => array()
)
loginAction => array(
'controller' => 'physicians',
'action' => 'phys_login'
)
loginRedirect => null
logoutRedirect => '/'
authError => 'You are not authorized to access that location.'
allowedActions => array()
request => object(CakeRequest) {
params => array(
'prefix' => '*****',
'plugin' => null,
'controller' => 'physicians',
'action' => 'phys_login',
'named' => array(),
'pass' => array(),
'phys' => true,
'_Token' => array(
'key' => 'ad1ea69c3b2c7b9e833bbda03ef18b04079b23c3',
'unlockedFields' => array()
),
'isAjax' => false
)
data => array(
'Physician' => array(
'password' => '*****',
'username' => 'deewilcox'
)
)
query => array()
url => 'phys/physicians/login'
base => ''
webroot => '/'
here => '/phys/physicians/login'
}
response => object(CakeResponse) {
}
settings => array()
}
OK I've got a way to do it. You know about prefix routing? If not, read my answer here: CakePHP/MVC Admin functions placement That answer describes how to set up a single routing prefix ('admin'). But you can have any number - just like this:
Configure::write('Routing.prefixes', array('admin','phys','member','user'));
// now we have admin, phys, member and user prefix routing enabled.
What you can do is have all the doctor's methods use 'admin' prefix routing, and all the physicians methods use 'phys' prefix routing.
So the below is code I've hacked together pretty quickly, so it might not be perfect but it should show the concept. Here it is in pseudo code for the before filter method of your app controller:
if (USER IS TRYING TO ACCESS AN ADMIN PREFIXED METHOD) {
Then use the users table for auth stuff
} else if (USER IS TRYING TO ACCESS A PHYS PREFIXED METHOD) {
Then use the physicians table for auth stuff
} else {
It's neither an admin method, not a physicians method. So just always allow access. Or always deny access - depending on your site
}
Here's my app controller code:
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array('Security','Cookie','Session','Auth','RequestHandler');
public $helpers = array('Cache','Html','Session','Form');
function beforeFilter() {
if ($this->request->prefix == 'admin') {
$this->layout = 'admin';
// Specify which controller/action handles logging in:
AuthComponent::$sessionKey = 'Auth.Admin'; // solution from https://stackoverflow.com/questions/10538159/cakephp-auth-component-with-two-models-session
$this->Auth->loginAction = array('controller'=>'administrators','action'=>'login');
$this->Auth->loginRedirect = array('controller'=>'some_other_controller','action'=>'index');
$this->Auth->logoutRedirect = array('controller'=>'administrators','action'=>'login');
$this->Auth->authenticate = array(
'Form' => array(
'userModel' => 'User',
)
);
$this->Auth->allow('login');
} else if ($this->request->prefix == 'phys') {
// Specify which controller/action handles logging in:
AuthComponent::$sessionKey = 'Auth.Phys'; // solution from https://stackoverflow.com/questions/10538159/cakephp-auth-component-with-two-models-session
$this->Auth->loginAction = array('controller'=>'users','action'=>'login');
$this->Auth->logoutRedirect = '/';
$this->Auth->authenticate = array(
'Form' => array(
'userModel' => 'Physician',
)
);
} else {
// If we get here, it is neither a 'phys' prefixed method, not an 'admin' prefixed method.
// So, just allow access to everyone - or, alternatively, you could deny access - $this->Auth->deny();
$this->Auth->allow();
}
}
public function isAuthorized($user){
// You can have various extra checks in here, if needed.
// We'll just return true though. I'm pretty certain this method has to exist, even if it just returns true.
return true;
}
}
Note the lines:
AuthComponent::$sessionKey = 'Auth.Admin'; // solution from https://stackoverflow.com/questions/10538159/cakephp-auth-component-with-two-models-session
and
AuthComponent::$sessionKey = 'Auth.Phys'; // solution from https://stackoverflow.com/questions/10538159/cakephp-auth-component-with-two-models-session
What that does is allows a person to be logged in as both a physician, and an admin, in the one browser, without interfering with each other's session. You may not need it in the live site, but it's certainly handy while testing.
Now, in you're respective controllers, you'll need straight-forward login/logout methods, with the appropriate prefix.
So, for admin prefixing, in your users controller:
public function admin_login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
}
public function admin_logout() {
$this->Session->setFlash('Successfully Logged Out');
$this->redirect($this->Auth->logout());
}
And in your physicians controller:
public function phys_login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
}
public function phys_logout() {
$this->Session->setFlash('Successfully Logged Out');
$this->redirect($this->Auth->logout());
}
Like I said, that all code I hacked together pretty quickly, so it might not work verbatim, but it should show the concept. Let me know if you have any questions.
Instead of
$this->Session->write('Auth.redirect','/physicians/index');
you should use
setcookie("keys", value);