Jump to content
mstdmstdd

In demo access to my site without authorization

Recommended Posts

  Hello,
In my Laravel 5.4 application I want to protect my pages from unauthorized access :
I do in my controller:

public function __construct()
{
parent::__construct();
$this->middleware('auth'); 
}

and in app/Providers/AuthServiceProvider.php:

public function boot()
{
$this->registerPolicies();

Gate::define('attributes_authorization', function ($loggedUser, $action='') { // check attributes pages authorization
if ( empty($loggedUser) or empty($loggedUser->active_status) ) {
\Session::flash('action_text', 'You are not logged !' );
\Session::flash('action_status', 'danger');
return false;
}

But sometimes I want to give access to my site without authorization :
say I want to make demo of my site and anyone could open my pages under some already logged default user.


Which is the bets/simple way to make it?

Thanks!

Share this post


Link to post
Share on other sites

Why would you want to sometimes turn off authentication in order to let a random user do whatever they want to the data? It makes much more sense to create a demo user with appropriate rights and give those credentials to the people who need them. That way, you can track who's doing what and where if you want, your data is protected by basically sandboxing the site using the demo user role, and you don't have to change your code.

  • Like 1

Share this post


Link to post
Share on other sites

Create a link/page that authenticates the user as the "demo" user with whatever limited rights are appropriate. But, depending on your application, that may mean that all demo users see the same data that every other demo user creates/edits. This could be a problem. If so, you many need to create a process to create unique demo users for each person and/or a way to create some "sample" data. Not knowing your application or your specific needs it's impossible to say what you should do.

Share this post


Link to post
Share on other sites

Thank you for feedback!

Actually I mean different : while app is under development I need to give ref to some pages, say in forum

if I need  design/html help.

Also I supposed that this link could have some url like :

&nologin=888

and anyone would be able to open this page.

Are there some simple decisions, maybe some plugings?

Share this post


Link to post
Share on other sites

If it's during development and you're looking for online review and help, you could always turn off authorization entirely by stubbing in a class that returns true to the auth check. Just remember to remove the stub and test again thoroughly before you go live. Or, set up the demo user and publish the credentials when you ask for help (which could probably be the better way to go).

Share this post


Link to post
Share on other sites
turn off authorization entirely by stubbing in a class that returns true to the auth check

 

 

Can you point at the shortest way to make it?

It tried but it appeared not simple for me...

Share this post


Link to post
Share on other sites

Can you point at the shortest way to make it?

It tried but it appeared not simple for me...

 

I assume you've got the authorization functionality working? So, instead of hitting the database and checking the user's access level or user role, just return the appropriate value to allow the user in thereby fooling the system into thinking the authorization mechanism returned true.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.