Upgrade Guide v2.4
Authentication and Authorization
Tipp
Before upgrading do the following mysqlquery:
SELECT roleName, modelName, view, create, update, delete FROM authrole_core;
This query displays the relationship between roles, models and permissions. Save it to a file - it greatly improves the upgrade process, because you know exactly which abilities should be set.
With v2.4 of NMS Prime the authorization and authentication got reworked to be more in line with Laravel 5.
This required some deep changes to the core framework, which results in some work, if you used NMS Prime with v.2.3 or lower.
Changes to 2.3 and lower
The breaking Changes are:
- "Support" is the new Standard role. All previous Superadmins became "Support" as a standard. The Support can not set or change Abilities.
- The new "admin" role is initially set to the User with the id of 1 (initial superuser).
- Using the API is now an ability and the API can be accessed by every user with this ability using "Basic Auth" → Login credentials are E-Mail and Password.
IMPORTANT: The relationship between the other roles and users is still there. Only "superadmin" role changed into "support" and "admin"
Depending on which points affect your installation, you can do the following:
If you have the credentials for "initial superuser":
- Log in and set the abilities of the roles according to the Tutorial in Authentication and Authorization
If you don't have an "initial superuser" or don't know the credentials:
- Create a new User or use an existing User and assign the admin role to him as described in Authentication and Authorization
- Log in and set the abilities of the roles according to the Tutorial in Authentication and Authorization
If you want to access the API:
There are several possibilities to catch this use case:
- connect as an User with the "admin" role to the API.
- Log in as an User with the "admin" role and create a new role "API" and assign the role to the users that should use the API like described in Authentication and Authorization
- [ Log in as an User with the "admin" role and assign the ability to use the API to an existing role (not recommended by us, if you can, use one of the above methods) ]