0

This is my first post. I'm new to such big works so I'm wondering if I'm using the right architecture for the stuff I'm doing.

I'm working on a project made in php and react, with Laravel framework. It's a sort of ERP.

  • There is a father company and many child companies
  • Each company can have different user roles, and each role can do certain actions
  • The users of father companies can do actions (role-based) on child companies too
  • The users of child companies CANNOT do actions (role-based) on the father company
  • If a user log, he must only see certain submenus and forms (based on his role)

My questions:

  1. What's the best way to do a safe login? Should I use Laravel Passport? It should be based on a single user table and the system should provide a response based on the role of the user

  2. For the authentication I read it could be useful to use Laravel Policies. But actually I figured could be better to use a middleware that will check if the user token sent with the api request corresponds to the user and another middleware to check if that specific user has the permission to call that precise endpoint. How should I set the permissions in this case? With a database table for the users like linux chmod system? With a chain of if that checks the roles?

  3. Do you think it's a good architecture or it's not the best way to do what I need? would you suggest me a better way? or articles to learn more about this?

I hope my question is not silly and I hope you can help me. If this is not the right place to ask this, can you please tell me where should I post this? Thanks.

theduck
  • 2,589
  • 13
  • 17
  • 23
eva9231
  • 1
  • 1
  • Re: #2, there's already a middleware *for* checking against policies. https://laravel.com/docs/5.8/authorization#via-middleware If you need something more elaborate see something like https://github.com/spatie/laravel-permission. – ceejayoz Nov 07 '19 at 18:15

1 Answers1

0

1) If you want a basic authentication

Laravel ships with several pre-built authentication controllers, just run the following commands: 

composer require laravel/ui --dev

php artisan ui vue --auth

It will generate a basic authentication, with login, register and reset password routes.

The next step will be to add roles and permissions to your users. You could do it by adding a role table and pivot table linking to the users, but I would recommend pulling a package like spatie/laravel-permission

2) If you want to authenticate through an API

Now if you plan on building an API, and since you are working with React, I would suggest installing jwt-auth that would allow users to authenticate with a JSON web token.

Laravel Passport is indeed a good solution. It is using JWT and is probably easier to use in my opinion. And it will allow you to use third party authentication if you need to in the future.

You can read more about differences between JWT and Laravel Passport: Laravel Passport vs JWT vs Oauth2 vs Auth0 and how to build authentication into your Laravel API with JSON Web Tokens (JWT)

pimarc
  • 3,621
  • 9
  • 42
  • 70