General
We use middlewares to restrict access to certain parts of the NMS.
To secure routes, two types of middlewares are used - the "web" and the "can" middleware to address the authentication topic. This is recommend from L5.See . Both are provided by Laravel. If you want to learn more about these middlewares, please look into the official Laravel documentation.
With php artisan route:list command table field middleware, you get a table with all the routing information as well as a column Middleware:
Code Block |
---|
title | auth middlewareGeneric Routes with Middleware |
---|
|
[schmto@mablx10nmsprime@nmsprime-demo laranmsprime]$ php artisan route:list
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------+-------------+
| Domain | Method | URI | Name | Action | Middleware | Middleware |
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------+-------------+
...
| | | POST GET|HEAD | admin/Contract | Contract.storeindex | Modules\ProvBase\Http\Controllers\ContractController@store ContractController@index | auth:create web,can:view,Modules\ProvBase\Entities\Contract |
| | | POST | GET|HEAD | admin/Contract | Contract.indexstore | Modules\ProvBase\Http\Controllers\ContractController@index\ContractController@store | web,can:create,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/autocomplete/{column} | Contract.autocomplete | auth:view Modules\ProvBase\Http\Controllers\ContractController@autocomplete_ajax | web,can:view,Modules\ProvBase\Entities\Contract |
| POST | GET|HEAD | admin/Contract/create | Contract.create | Modules\ProvBase\Http\Controllers\ContractController@create | authweb,can:create,Modules\ProvBase\Entities\Contract |
| | | POST | GET|HEAD | admin/Contract/create | Contract.create | Modules\ProvBase\Http\Controllers\ContractController@create | authweb,can:create,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/datatables | Contract.data | Modules\ProvBase\Http\Controllers\ContractController@index_datatables_ajax | authweb,can:view,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/dump import | Contract.dumpallimport | Modules\ProvBase\Http\Controllers\ContractController@dumpallContractController@import | web,can:create,Modules\ProvBase\Entities\Contract |
| auth:view | POST | admin/Contract/import_parse | PATCH | admin/Contract/{Contract} | Contract.import_parse | Contract.update Modules\ProvBase\Http\Controllers\ContractController@import_parse | web,can:create,Modules\ProvBase\Http\Controllers\ContractController@updateEntities\Contract |
| | POST | admin/Contract/import_process | Contract.import_process | auth:edit Modules\ProvBase\Http\Controllers\ContractController@import_process | web,can:create,Modules\ProvBase\Entities\Contract |
| | PUT DELETE | admin/Contract/{Contract} | Contract.destroyupdate | Modules\ProvBase\Http\Controllers\ContractController@destroy ContractController@update | auth:deleteweb,can:update,Modules\ProvBase\Entities\Contract |
| | PUT GET|HEAD | admin/Contract/{Contract} | Contract.updateedit | Modules\ProvBase\Http\Controllers\ContractController@updateContractController@edit | auth:editweb,can:view,Modules\ProvBase\Entities\Contract |
| | | DELETE | GET|HEAD | admin/Contract/{Contract}/dump | Contract.dumpdestroy | Modules\ProvBase\Http\Controllers\ContractController@destroy | web,can:delete,Modules\ProvBase\Http\Controllers\ContractController@dumpEntities\Contract |
| | PATCH | admin/Contract/{Contract} | Contract.update | auth:view Modules\ProvBase\Http\Controllers\ContractController@update | web,can:update,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/{Contract}/editlog | Contract.edit guilog | Modules\ProvBaseApp\Http\Controllers\ContractController@editGuiLogController@filter | auth:view | web,can:view,Modules\ProvBase\Entities\Contract |
... |
Workflows
Middleware Authentication checking
Drawio |
---|
border | true |
---|
viewerToolbar | true |
---|
| |
---|
fitWindow | false |
---|
diagramName | auth-workflow2 |
---|
simpleViewer | false |
---|
width | |
---|
diagramWidth | 1121 |
---|
revision | 1 |
---|
|
Login Workflow
Please take care that there are two AuthController's
The routes will define which one is used. This is normal L5 stuff – no magic.
Drawio |
---|
border | true |
---|
viewerToolbar | true |
---|
| |
---|
fitWindow | false |
---|
diagramName | authlogin-workflow |
---|
simpleViewer | false |
---|
width | |
---|
diagramWidth | 11211831 |
---|
revision | 1 |
---|
|