Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel User Is Admin
Assessments

Laravel User Is Admin Laravel Package

lvlup-dev/laravel-user-is-admin

View on GitHub
Deep Wiki
Context7

Getting Started

Minimal Setup

  1. Installation:

    composer require lvlup-dev/laravel-user-is-admin
php artisan migrate

    The package auto-registers its migration (is_admin boolean column on users table) and middleware alias (admin).

  2. First Use Case: Protect an admin route in routes/web.php:

    Route::middleware(['auth', 'admin'])->group(function () {
    Route::get('/admin', [AdminController::class, 'dashboard']);
});
    • Unauthenticated users → AuthenticationException (Laravel’s default).
    • Authenticated non-admins → 403 (AccessDeniedHttpException).

  3. Where to Look First:

    • Middleware: app/Http/Middleware/EnsureUserIsAdmin.php (customize logic if needed).
    • Migration: database/migrations/[timestamp]_add_is_admin_to_users_table.php (verify column type).
    • Tests: Check tests/Feature/AdminMiddlewareTest.php for edge cases.

Implementation Patterns

Core Workflows

  1. Route Protection:

    • Basic: Use admin middleware alongside auth in route groups. 
      Route::middleware(['auth:sanctum', 'admin'])->group(function () {
    // Admin-only routes
});
    • API Routes: Works seamlessly with API middleware (e.g., auth:api). 
      Route::middleware(['auth:api', 'admin'])->get('/admin/data', ...);

  2. Dynamic Admin Checks:

    • Extend the middleware to fetch is_admin from a custom column or API: 
      // app/Http/Middleware/EnsureUserIsAdmin.php
public function handle($request, Closure $next) {
    if (!$request->user()->is_admin) {
        abort(403, 'Custom admin message');
    }
    return $next($request);
}

  3. Blade Directives:

    • Show/hide admin UI elements: 
      @admin
    <div>Admin Panel</div>
@endadmin
      Register the directive in AppServiceProvider: 
      Blade::if('admin', fn () => auth()->check() && auth()->user()->is_admin);

  4. Seeding Admins:

    • Add to DatabaseSeeder.php: 
      User::create([
    'name' => 'Admin User',
    'email' => 'admin@example.com',
    'password' => bcrypt('password'),
    'is_admin' => true,
]);

  5. Policy Integration:

    • Combine with Laravel’s policies for granular control: 
      // app/Policies/AdminPolicy.php
public function viewAny(User $user) {
    return $user->is_admin;
}

Integration Tips

  • Testing: Use actingAsAdmin() helper (if added) or mock the middleware: 
    $this->actingAs(User::factory()->is_admin(true)->create());
  • Localization: Customize the 403 message in the middleware’s abort() call.
  • Caching: If is_admin rarely changes, cache the check in the User model: 
    public function getIsAdminAttribute() {
    return cache()->remember("user-{$this->id}-is_admin", now()->addHours(1), fn () => $this->is_admin);
}

Gotchas and Tips

Pitfalls

  1. Migration Conflicts:

    • If the users table already exists, manually add the is_admin column: 
      ALTER TABLE users ADD COLUMN is_admin BOOLEAN DEFAULT false;
    • Tip: Run php artisan migrate:fresh in a staging environment to test.

  2. Middleware Alias Overrides:

    • Ensure no other package registers an admin middleware alias. Check config/app.php under aliases.

  3. Case Sensitivity:

    • The migration uses is_admin (snake_case). Avoid isAdmin in your code to match the DB column.

  4. Default Value:

    • The migration sets DEFAULT false. New users will not be admins by default.

  5. API Tokens:

    • If using API tokens (e.g., Sanctum), ensure the user() helper resolves correctly in middleware.

Debugging

  • Check User Data: 
    dd(auth()->user()->is_admin); // Debug in middleware
  • Log 403s: Add logging to the middleware: 
    \Log::debug('Non-admin access attempt by: ' . $request->user()->email);
  • Verify Middleware Registration: Run php artisan package:discover if the admin alias isn’t recognized.

Extension Points

  1. Custom Logic: Override the middleware to check against a role or external service:

    public function handle($request, Closure $next) {
    if (!$this->isAdmin($request->user())) {
        abort(403);
    }
    return $next($request);
}

protected function isAdmin(?User $user) {
    return $user && $user->is_admin && $this->externalService->validateAdmin($user);
}

  2. Dynamic Admin Roles: Use a trait to add dynamic admin checks:

    // app/Traits/HasDynamicAdminRole.php
public function is_admin() {
    return $this->is_admin || $this->email === 'dynamic@example.com';
}

  3. Bulk Admin Updates: Add a command to update admins via email:

    // app/Console/Commands/MakeAdmins.php
public function handle() {
    User::whereIn('email', ['admin1@example.com', 'admin2@example.com'])
        ->update(['is_admin' => true]);
}

  4. Soft Deletes: If using SoftDeletes, ensure the middleware respects deleted users:

    if ($request->user()->is_admin && !$request->user()->deleted_at) { ... }

Performance

  • Avoid N+1 Queries: Eager-load is_admin when fetching users: 
    $users = User::with(['posts' => fn ($q) => $q->where('published', true)])
    ->get();
// No impact on `is_admin` (boolean column), but good practice.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle