In demo access to my site without authorization

[mstdmstdd]

  Hello,
In my Laravel 5.4 application I want to protect my pages from unauthorized access :
I do in my controller:

public function __construct()
{
parent::__construct();
$this->middleware('auth'); 
}

and in app/Providers/AuthServiceProvider.php:

public function boot()
{
$this->registerPolicies();

Gate::define('attributes_authorization', function ($loggedUser, $action='') { // check attributes pages authorization
if ( empty($loggedUser) or empty($loggedUser->active_status) ) {
\Session::flash('action_text', 'You are not logged !' );
\Session::flash('action_status', 'danger');
return false;
}

But sometimes I want to give access to my site without authorization :
say I want to make demo of my site and anyone could open my pages under some already logged default user.


Which is the bets/simple way to make it?

Thanks!

[maxxd]

Why would you want to sometimes turn off authentication in order to let a random user do whatever they want to the data? It makes much more sense to create a demo user with appropriate rights and give those credentials to the people who need them. That way, you can track who's doing what and where if you want, your data is protected by basically sandboxing the site using the demo user role, and you don't have to change your code.

[Psycho]

Create a link/page that authenticates the user as the "demo" user with whatever limited rights are appropriate. But, depending on your application, that may mean that all demo users see the same data that every other demo user creates/edits. This could be a problem. If so, you many need to create a process to create unique demo users for each person and/or a way to create some "sample" data. Not knowing your application or your specific needs it's impossible to say what you should do.

[mstdmstdd]

Thank you for feedback!

Actually I mean different : while app is under development I need to give ref to some pages, say in forum

if I need  design/html help.

Also I supposed that this link could have some url like :

&nologin=888

and anyone would be able to open this page.

Are there some simple decisions, maybe some plugings?

[maxxd]

If it's during development and you're looking for online review and help, you could always turn off authorization entirely by stubbing in a class that returns true to the auth check. Just remember to remove the stub and test again thoroughly before you go live. Or, set up the demo user and publish the credentials when you ask for help (which could probably be the better way to go).

[mstdmstdd]

turn off authorization entirely by stubbing in a class that returns true to the auth check

 

 

Can you point at the shortest way to make it?

It tried but it appeared not simple for me...

[maxxd]

Can you point at the shortest way to make it?

It tried but it appeared not simple for me...

 

I assume you've got the authorization functionality working? So, instead of hitting the database and checking the user's access level or user role, just return the appropriate value to allow the user in thereby fooling the system into thinking the authorization mechanism returned true.