Auth Gate for admin page

obviouslynotfranz · Post by **obviouslynotfranz** » 16 Mar 2021, 14:57

Win 10x64
PHP 7.4.16
aimeos-laravel 2020.10.6
Laravel Framework 6.20.7

Good day everybody,
I followed the setup guide from the github page and everything so far works as intendet.
The challange I am facing is how to grant non super users access to the admin page. With the super user I created from the command line I am able to login and grant other accounts the editor role, however that other user cannot access the admin page.
What follows is the Gate as described by the github readme.

Code: Select all

Gate::define('admin', function($user, $class, $roles) {
    if( isset( $user->superuser ) && $user->superuser ) {
        return true;
    }
    return app( '\Aimeos\Shop\Base\Support' )->checkUserGroup( $user, $roles );
});

I understand that the user model has a flag for the super users, and therefore only allows superusers access to the admin page, all other users are forwarded to '\Aimeos\Shop\Base\Support'. My understanding is that the support class should check all permissions, however it forwards the editors to the index page of my app instead of the admin interface.

How can I check if the user has the role of either admin or editor to allow them access to the admin panel?
Or am I missing something on how to setup aimeos correctly with different sites etc.?
My assumtion is that if I create the default site it should work out of the box if I promote a user to editor in the admin interface.
Any hints would be much appreciated!

Kind regards Anton

Post by **aimeos** » 19 Mar 2021, 06:39

The checkUserGroup() method tests if the user has either the "admin" or the "editor" group assigned:
https://github.com/aimeos/aimeos-larave ... hp#L61-L88

You can add one of that groups in the Customer panel of the admin backend.

obviouslynotfranz · Post by **obviouslynotfranz** » 23 Mar 2021, 14:38

Ok I managed to figure out what happened.

When I create a new user via the admin page everything works fine, but if I assign an already existing user the admin/editor role it didn't work.
Reason beeing that already existing users have the column siteid empty.
I suppose it doesn't hurt adding the siteid 1. as default to the user model.
As far as I could see it is not possible to see which sites a user has access to in the admin package?

Post by **aimeos** » 24 Mar 2021, 18:16

Yes, if users register via the Laravel registration form, the siteid column is empty. It's not possible to set a site ID of "1." by default in the Aimeos source because in multi-vendor setups, this would lead to all customers belong to the default site (or not a non-existing site if the default site has been deleted and created again).

For the admin backend, the value of the siteid column determines the site (only one) the user has access too.

Help for Aimeos