Authentication and Authorization in Laravel

Before Proceeding to implementation, let us understand difference between these terminologies.

In Authentication, the Web application identifies users via credential they provide. If it finds that the
credentials are valid, user will be authenticated and given access to the functions which are allowed. In case
of incorrect credentials, the access will be denied.

In Authorization, the Web application checks if the authenticated user can access the resources/views that
they are being accesses. In other words, authorization checks rights and permissions over requested
resources.

There are two ways to implement Authentication,

• Laravel’s built-in authentication

• Manual authentication

Let us proceed towards implementing Laravel’s built-in Authentication.

Authentication
First, install Laravel/ui package that provide a quick way to scaffold all the necessary routes and views you
need for authentication using a few simple commands.

Note: Below commands will work on project that you build from scratch, commands will not work on
downloaded or copy paste projects. For Successful implementation, you need to maintain Sequence of
command as written below.

Composer require laravel/ui

Once it’s completed then run below command

php artisan ui vue --auth

After successful completion of these commands, suggestion found like,

Please run “npm install && npm run dev” to compile your fresh scaffolding.

So download node.js from Link and install it, then run command npm install && npm run dev.

When you run php artisan serve and open link localhost you can view two buttons on welcome page.
When you will click on login button, you can view page like below. Your login page default is little change
from below picture because I added some CSS inside this.

When you will click on Register button, you can view page like below. Your Register page default is little
change from below picture because I added some CSS inside this.
Now let us, look inside code as I discussed earlier, after installation of laravel/ui package and authentication
command inside your project some routes and view will created. You can check these inside below picture.

Now our login and register views, routes and migrations will be created, so migrate tables in database.

php artisan migrate

If already migrated so use php artisan migrate:refresh

After Successful migration, now we can use our Login and Register pages. Let’s first register some users
so that we can login.
When I click on the Register button (screen in the previous screen), it takes me to the URL
http://127.0.0.1:8000/home and shows a logout option.

When I clicked on logout, it redirected me to the index page of my project.

After logout, when I access the home page, http://127.0.0.1:8000/home, it redirects me to the login screen.

After successful login, a user is normally redirected to HOME screen. We can redirect a user to the webpage
that we desire. Below I will redirect my user from the HOME page to list page.

File path: App\Http\Controllers\Auth\LoginController

Redirect to list page

After successful login, I should was redirected to the list route as shown below.

Similarly, we can change redirect for Register in RegisterController.

Path: App\Http\Controllers\Auth\RegisterController
Authorization
Here, if a user wants to access some resources, authorization will be performed to check if this user is
eligible to access the resource.

We use Laratrust for authorization.

Composer require santigarcor/laratrust

Once it’s completed then run below command

php artisan vendor:publish –tag=”laratrust”

It will publish all configuration files. If this command not work so first run php artisan config: clear

Now run setup command. This will generate migrations of tables used for authorization, role and permission
model.
php artisan laratrust:setup

Once it has completed then you can view role and permission model, LaratrustSeeder and migrations in
project.
sometimes command run successfully but we cannot see Laratrustseeder inside Seeds. To resolve this, we
need to download the file LaratrustSeeder.php, paste the downloaded file inside “database\seeds\” and then
proceed.

Now dump autoload with below command.

composer dump-autoload

Now check Laratrust_Seeder file inside config folder to edit and check roles. You can edit roles and name
of roles, as you need inside this file

Now inside database we have seed folder in which we have two seeders:

(i) Database Seeder, and

(ii) LaratrustSeeder
Now last step is seeding and migration so, for seeding first open database seeder file and inside run function
call LaratrustSeeder.

Now last step is migration so

php artisan migrate --seed

if this command does not work, then use

php artisan migrate:refresh --seed

Now all roles and permission granted to users. Some login added in user table inside database due to
seeding.
After run above command, if login not added inside database due to seeding like below.

Then, you need to change single line of code inside config\laratrust_seeder.php as below. In your
laratrust_seeder.php file, default create_users variable is set to false as below.
Therefore, you need to set value true as below and proceed.

Now I want when student user login so it will redirect to student view. So inside Login controller write
function.

Means if user is teacher so it will redirected to teacher page.

So when I login for teacher so I will redirected to teacher view.

However, problem is that inside teacher role if I want to access student role, I can do this.

Therefore, for this problem you need to add some code in Student Controller.
Now inside teacher role if you want to access student role so error occur.

Thus, teacher is not authorized to access student record.

***