View Source

This page describes how NMS Prime uses middlewares for authentication checking, to restrict access to certain parts of the system.

General

We use middlewares to restrict access to certain parts of the NMS.

To secure routes, two types of middlewares are used - the "web" and the "can" middleware. Both are provided by Laravel. If you want to learn more about these middlewares, please look into the official Laravel documentation.

With php artisan route:list command, you get a table with all the routing information as well as a column Middleware:

[nmsprime@nmsprime-demo nmsprime]$ php artisan route:list
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+------------------------------------------------------+
| Domain | Method   | URI                                                      | Name                                 | Action                                                                                  | Middleware  										   |
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+------------------------------------------------------+
...
| 		 | GET|HEAD | admin/Contract                                           | Contract.index                       | Modules\ProvBase\Http\Controllers\ContractController@index                              | web,can:view,Modules\ProvBase\Entities\Contract 	   |
|        | POST     | admin/Contract                                           | Contract.store                       | Modules\ProvBase\Http\Controllers\ContractController@store                              | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/autocomplete/{column}                     | Contract.autocomplete                | Modules\ProvBase\Http\Controllers\ContractController@autocomplete_ajax                  | web,can:view,Modules\ProvBase\Entities\Contract      |
|        | GET|HEAD | admin/Contract/create                                    | Contract.create                      | Modules\ProvBase\Http\Controllers\ContractController@create                             | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | POST     | admin/Contract/create                                    | Contract.create                      | Modules\ProvBase\Http\Controllers\ContractController@create                             | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/datatables                                | Contract.data                        | Modules\ProvBase\Http\Controllers\ContractController@index_datatables_ajax              | web,can:view,Modules\ProvBase\Entities\Contract      |
|        | GET|HEAD | admin/Contract/import                                    | Contract.import                      | Modules\ProvBase\Http\Controllers\ContractController@import                             | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | POST     | admin/Contract/import_parse                              | Contract.import_parse                | Modules\ProvBase\Http\Controllers\ContractController@import_parse                       | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | POST     | admin/Contract/import_process                            | Contract.import_process              | Modules\ProvBase\Http\Controllers\ContractController@import_process                     | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | PUT      | admin/Contract/{Contract}                                | Contract.update                      | Modules\ProvBase\Http\Controllers\ContractController@update                             | web,can:update,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/{Contract}                                | Contract.edit                        | Modules\ProvBase\Http\Controllers\ContractController@edit                               | web,can:view,Modules\ProvBase\Entities\Contract      |
|        | DELETE   | admin/Contract/{Contract}                                | Contract.destroy                     | Modules\ProvBase\Http\Controllers\ContractController@destroy                            | web,can:delete,Modules\ProvBase\Entities\Contract    |
|        | PATCH    | admin/Contract/{Contract}                                | Contract.update                      | Modules\ProvBase\Http\Controllers\ContractController@update                             | web,can:update,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/{Contract}/log                            | Contract.guilog                      | \App\Http\Controllers\GuiLogController@filter                                           | web,can:view,Modules\ProvBase\Entities\Contract      |
...

General

Workflows

Middleware Authentication checking

Login Workflow