improve if else conditions in Laravel

Question

I have a Laravel Project which is about to go Live in like two days. I have a lot of quires running in backend and on frontend. I am working on improving speed of application as there will be lot more users in live production. In my controllers I used this code a lot.

 public function createCutting()
    {
      if (Auth::user()->admin == 0 && Auth::user()->roles()>first()>pivot->role_id == 7) 
        {

            $type_of_cuts = Type::where('field', 2)->get();
            $type_of_damages = Type::where('field', 3)->get();
            $number_of_boxes = Type::where('field', 4)->get();
            $size_of_boxes = Type::where('field', 5)->get();
            return view('web.cutting.working_orders.create', compact('type_of_cuts', 'type_of_damages', 'number_of_boxes', 'size_of_boxes'));
        } else {
            return redirect()->route('working.orders.index')->with('alert', 'You cannot access this page');
        }

and blade view is this

@if ($admin != 1)
       @if ($role_id == 7)
         <a href="{{ route('cutting.working.orders.create') }}" class="btn btn-label-brand btn-bold">
            <i class="la la-plus"></i> Create Cutting</a>
        @endif
       @if ($role_id == 6)
       <a href="{{ route('packaging.working.orders.create') }}" class="btn btn-label-brand btn-bold">
   <i class="la la-plus"></i> Create Packaging</a>
       @endif
       @endif
@endif

have a look at if condition in code I have to use it on two places first in controller and then on front-end (to hide links this method in controller). Is there a better way to use condition in one place and not running same queries twice in app? Maybe like using middleware or so. Regards,

Maybe you could store in cookies the role id and wether or not the user is an admin. But you will need to think about a way to ensure that the user has not modified its cookie. — Pierre Ftn, Aug 08 '21 at 18:43
Why do not you make a new class, create a function, and make instances of that? — Parsa Samandizadeh, Aug 08 '21 at 17:18
@ParsaSamandizadeh Thanks but it would not solve the problem...I have edited the post and added the view part as well to understand better. — Saad Ramay, Aug 09 '21 at 08:56

Lawrence E Bosumbe · Answer 1 · 2021-08-09T11:21:00.650

As per the source code you provided, is not about improving if else condition. You are trying to implement User Access Control by granting privileges to users based on the appropriate roles.

To implement User Access Control regardless whether you're developing a Small Business Application or Enterpise-Level Application, It's not recommended to create your own security for access control. This practice is vunerable to Cross-site request forgery.

The best practice of implementing a User Access Control requires:

Authentication: He/she (user) must provide the Identity on who he/she claims he/she is. This is typically done by forcing user to provide his/her username and password in your Login form. This is already implemented by Laravel using default Laravel Auth.
Authorization: Here you have to authorize the authenticated users to perform certain actions based on their respective roles. This is what is called User Access Control.

As far as security is concerned, you must not implement your own User Access Control. I will recommend you to use Laravel-Permission Package called Spatie which is the best User Access Control for Laravel in my opinion.

It's easy to install and easy to use.

It assigns roles to users
It grants permission to different roles.

Please check the link below for Spatie Official Documentantion and installation's instructions.

https://spatie.be/docs/laravel-permission/v4/installation-laravel

You have to spent time to read documentation carefully so that you cannot miss anything when installing the package.

In adition for Spatie Permission, you can download Admin Panel (GUI) for Spatie Permission created by Laravel Daily using the link below.

https://github.com/LaravelDaily/Laravel-CoreUI-AdminPanel

Thanks but this is not what I asked for...I have implemented that already...I just want it like condition is written in one place and executed 1 time and effects both backend and frontend. is this possible? — Saad Ramay, Aug 09 '21 at 09:06
@Saad Ramay, I can see that you might not understand what you're asking for. You're trying to implement your own security. — Lawrence E Bosumbe, Aug 09 '21 at 11:33

score 0 · Accepted Answer · answered Aug 09 '21 at 11:54

What you are trying to do is the mixture of magic numbers and verbosity programming. This is your code:

@if ($admin != 1)
   @if ($role_id == 7)
     <a href="{{ route('cutting.working.orders.create') }}" class="btn btn- 
       label-brand btn-bold">
        <i class="la la-plus"></i> Create Cutting</a>
    @endif
   @if ($role_id == 6)
   <a href="{{ route('packaging.working.orders.create') }}" class="btn btn- 
   label-brand btn-bold">
  <i class="la la-plus"></i> Create Packaging</a>
      @endif
     @endif
   @endif

You should have used Spatie Blade Directives like so:

//if the user is an admin he/she can perform the action.
@hasrole('admin')

   //Granting different admin users different permissions.

   @can('create cutting order')
    // only the admin who can create cutting...
    <a href="{{ route('cutting.working.orders.create') }}"></a>
   @endcan
   
   @can('create packaging order')
    // only the admin who can create packaging...
    <a href="{{ route('packaging.working.orders.create') }}"></a>
   @endcan

@else
//he/she is not an admin, then he/she is not allowed to do anything.

@endhasrole

improve if else conditions in Laravel

2 Answers2