I recently finished a Java OCA course and we did a bit of PHP and I got interested in it. So to teach myself I'm making a phone book. The problem I've come across is that i have a few regular users who each have separate data entered and they can only see what they entered. I do this by having a "creator_id" being a foreign key in the contacts table so whenever a new contact is added they have their "creator_id" added and i can filter it out so they only see their own data.
I also added an admin user and i would like for him to be able to select a user and then go into that users contacts and manage them, like update, delete, add new ones etc. I got so far as to viewing the different users and i have a button under the form "show contacts" that should redirect me to that users contact table based o the "creator_id".
This is the ContactsController it has a search field and pagination:
public function index(Contacts $contacts)
{
$filter = request('filter', NULL);
$contacts = NULL;
if ($filter == NULL)
$contacts = Contacts::query()->where('creator_id', auth()->id())->sortable()->paginate(5);
else
$contacts = Contacts::query()->where('creator_id', auth()->id())->where('name', 'like', '%'.$filter.'%')
->orWhere('number', 'like', '%'.$filter.'%')
->sortable()->paginate(5);
return view('contacts.index')->withContacts($contacts);
}
This is how a new contact is stored with the creator_id:
public function store(Contacts $contact)
{
$validated = request()->validate([
'name' => 'required|min:3|max:255|unique:contacts,name',
'number' => 'required|min:5|unique:contacts,number'
]);
Contacts::create($validated + ['creator_id' => auth()->id()]);
return redirect(route('contacts.index'))->withSuccess('Contact Created Successfully');
}
I have a ContactsPolicy with:
public function view(User $user, Contacts $contacts)
{
return $contacts->creator_id == $user->id;
}
That's the only thing in there.And there's an AdminController which i have a middleware for:
public function handle($request, Closure $next)
{
if(auth()->user()->isAdmin())
{
return $next($request);
}
return redirect('home');
}
That i use for my routes so only the person log in under admin can use in the users table i have a user type there's default and admin.
namespace App;
use Illuminate\Support\Facades\Hash;
use Illuminate\Notifications\Notifiable;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use Notifiable;
const ADMIN_TYPE = 'admin';
const DEFAULT_TYPE = 'default';
public function isAdmin()
{
return $this->type === self::ADMIN_TYPE;
}
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function setPassword($password)
{
$this->password = Hash::make($password);
}
}
The only part in stuck on is allowing the admin to view other users contacts and add new ones or editing them under their creator_id?
You can show a list of all the creators in the Admin form to create a contact.
<select name="creator_id">
@foreach($creators as $creator)
<option value="{{ $creator->id }}">{{ $creator->name }}</option>
@endforeach
</select>
So whenever you post the form in the controller you can find the $creator by it's id and use that one to store a new contact.