When we log in to a more complex system, this system generally has authorization levels for each user, that is, we have to ensure that only authenticated users can access specific pages.
Solital has an authentication system to protect your user pages from other database tables.
You must use the Guardian
class to authorize the pages. You can authorize using a specific database table or using a specific email.
For example, if you have a table in the database called tb_admin
and you want only users who have been saved in that table to be allowed to access a specific page, you would use the allowFromTable
method.
Guardian::allowFromTable('tb_admin');
If you have users saved in another table (for example: tb_users
), these users will be redirected to the login page. When redirected, a message will be displayed to the unauthorized user. You can customize this message.
Guardian::allowFromTable('tb_admin', 'No permission');
Alternatively, if you want users of a database table to not access a specific page, you can use the denyFromTable()
method.
Guardian::denyFromTable('tb_users');
// With a custom message
Guardian::denyFromTable('tb_users', 'No permission');
In some cases, you may want only a single specific user to be allowed to access a page rather than allowing multiple users of a database table. For these cases, you can use the allowUser()
method.
Guardian::allowUser('solital@email.com');
// With a custom message
Guardian::allowUser('solital@email.com', 'No permission');
Alternatively, you can deny a single specific user instead of denying the entire database table.
Guardian::denyUser('solital@email.com');
// With a custom message
Guardian::denyUser('solital@email.com', 'No permission');