F
Filament9mo ago
WEBMAS

User account status (enabled/disabled)?

Hello everyone. I need to be able to disable the user's account and block access to the panel. If the user is authorized, then display a page informing him that his account has been disabled/suspended. 1. Tell me how to implement disabling/suspending a user account? Add a status field with values 0 and 1 to the users table? Or the is_active field with values 0 or 1. How to do it better? What's good practice? 2. How to display a separate page with a message that the user’s account has been disabled/suspended? How to do it better? What's good practice?
11 Replies
toeknee
toeknee9mo ago
1. Is good practice and the correct way. 2. Build a public page, if login failed with active then redirect to a disabled page.
WEBMAS
WEBMASOP9mo ago
1. Is the status or is_active field better? 2. Where to check and redirect?
toeknee
toeknee9mo ago
1. It doesn't matter it's a personal preference depending on your requirements. is_active makes sense for active accounts and disabling them, you can have status for suspending accounts too if you require that. 2. Depending where they are logging in, you could build a simple middleware that redirects them to a page always if there status === suspended .
WEBMAS
WEBMASOP9mo ago
1. It is possible that the status field has a larger meaning and can have more than two statuses. And is_active has only two values. 2. Is Event or Middleware more suitable for this?
toeknee
toeknee9mo ago
1. Of course 2. Middleware makes sense providing you apply it to each. Event is more secure and redirect to a public page
WEBMAS
WEBMASOP9mo ago
Thank you. Is it necessary to add the Middleware class to AdminPanelProvider.php or is it enough to add it only to Kernel.php?
toeknee
toeknee9mo ago
Kernal should be enough, AdminPanelProvider is more for just the admin panel and that one alone.
WEBMAS
WEBMASOP9mo ago
Thank you.
GHOST-117
GHOST-1179mo ago
.
WEBMAS
WEBMASOP9mo ago
I made this middleware. public function handle(Request $request, Closure $next): Response { if ($request->user() && !$request->user()->is_active) { $redirectTo = route('filament.app.pages.account-disabled'); if (url()->current() !== $redirectTo && url()->current() !== route('filament.app.auth.logout')) { return redirect()->intended($redirectTo); } } return $next($request); } This is fine? I had to exclude the address for redirecting and logging out. Maybe this is done some other way more correctly?
toeknee
toeknee9mo ago
Looks fine
Want results from more Discord servers?
Add your server