Big respect from morocco i have 4 years exp im so proud to watch ur videos

This is so true ! I recently experiment this kind of double auth, it's a terrible idea 🙈

I think this is the hard part of any project: to separe concerns. It would be great for many of us to teach us how to proper start a project arhitecture rather than keep teaching us how to code in Laravel. The coding is much easier if a developer has a good start.

It is normally indifferent but huge different in database with huge amount of users and also normalization. Index sizes, first row admin vulnerabilities, etc in my opinion

Great video! This is a skill that I can use for many projects. I’m grateful for your guidance and expertise. Thanks for sharing your knowledge!

I am creating a project where the User can have one of three roles: Admin, Teacher, or Student. To achieve this, I created a "users" table for authentication purposes and fields that are commonly owned by "users", such as "name", "profile_picture", and "phone_number". Additionally, I created a separate table for each role (admins, teachers, and students), each with its own specific fields. For example, the teachers table has a "subject" field, and the students table has a "class_group_id" field (foreign key). Does this match the setup described in the video?

Caleb porzio made the parental package which is great and could be combined with this approach where each model could have a separate profile linked.

I see no issues with separate guards and using polymorphism for logic sharing. I see more issues with using single guard for two different kind of users which can at times cause vulnerability and require lot's of logic to separate concerns. There's no better way until the project at hand demands you pick one approach instead of the other.

I do agree with you. There should be on table for users and if needed should have separate profile tables.

User role or user type can be helpful, depending on user role or user type. This allows user to choose between login as doctor or as user or switching if they need it from the same ui.

In those cases, I used global scopes for each model and interfaces implemented for different data

Thanks for the explanation! What if the user can have multiple roles ( for instance: doctor and patient)?

Your logic makes sense, thank you.

yep i did regret having seprate auths for a project that later i needed to add more functions to the different users

I think you are right and this is a proper way in most cases

Si extiendo mis tablas como profesores y estudiantes con la de usuarios y esta tabla de usuarios tiene una relación con roles, que puedo hacer para que solo ciertos roles accedan al sistema, por ejemplo: que solos los usuarios de la tabla profesores (que tendrá rol de profesor en la de usuarios) y los usuarios con rol de admin puedan acceder al sistema, y los usuarios de la tabla de estudiantes no puedan acceder al sistema web pero si a la autenticación por API

It doesn't work in a scenario where a customer can signup in multiple stores as a different user using the same email and phone number. Where the user types are: Admins Store owner Customers Because a table will be forced to have duplicate emails and phone numbers with store_id as the composite key to uniquely identify a user for a specific store. I believe in this scanerio you will need a new table for customers.

Basically in a fin tech system or system that handles money, please make sure you seperatate concerns as much as possible, do not mix match users and admins, when one is bridged, you're finished.

more videos on DB + vanilla php like this please.

just recently i made 2 school managment projects i used spatie permissions in the first project to separate between (admins, teachers, students and parents) and honestly i regret that, the project was a mess and i had to write a lot of if statements and now i'm working on the second project and i'm using guards to separate them and it is looking good (i didnt finish yet but for now i like what i see)

The app I'm currently working on, I don't have an option I have to use seperate guards ( although, I'm usung the same user table different guard names ) I have role categories, not roles. My boss wants vendors to have the ability to create roles eg accountant, users etc Then the system_users can create roles in their own end There's no logical way to do this with the available roles package and im not ready to recreate my own So I'm using multi authentication guards and extended spatie permissions to allow system users be true global roles and then vendor roles are normal roles Have i encountered issues, yes. Am i encountering issues, yes But that's my only option

i see it as an area if some users type allowed to enter this area but some of them has limitation inside it. it`s ok to be one table one auth but if it`s a different area not all user allowed to enter it like dashboard it just allowed for admins to enter this area i see it`s better to be a separate table with separate guard and auth

When ever I’ve done this before it’s made so much sense. Then the code goes to crap as two different entities make more complex not more secure

User types and roles are different things. So having "admins" and "users" tables is impractical. There should be a single users table. Then you can differenciate users (types) by using sub-tables (see Class Table Inheritance). Roles/permissions, on the other hand, is a seperate issue and should have its own tables.

If both the patient and doctor have an address, is it okay to repeat all the address fields in both tables or create a new polymorphic address table? In this sceneario an admin doesn't need an address but it's required for a patient and doctor.

Great, Thank you🧑‍💻 🙌🙌💯👍

Email issue: Lets use your Patient/Doctor example, but it can be User/Admin, whatever. I'm assuming that the email is defined as unique, so, lets get to the issue: A patient can in practice be a doctor too, because doctors can get sick also. In this situation then a person can register as a patient and as doctor, but unfortunately they cant use the same email, though it would be pratical that they should be able to. I imagine you can circumvent this by not specifying as unique and they put some registration logic to check email and role to permit email duplication but restrict it if the user has the same role. What would be your approach to work-around this? Table wise, logic, etc, how would be your best solution for this?

Nice video sir as always ❤

Hello, your lessons are very good! Thanks you! I have a question about not this video. Why you choose laravel instead of symfony? If you record video about that, it will be awesome

What is the best practice : table for user and admin or merge users and admins in same table?

What is the name of tool you used design the tables shown.

I prefer separate admin and user logins. The administrator cannot have the option of reminding/resetting the password and you can additionally protect against unwanted number of incorrect logins to the system or restrict access only from a specific IP.

Separate Databases should be concerned with different things. In Laravel, Eloquent relationships do not work well across different connections (database configurations). If you want to separate concerns in different databases, user profiles are not the way to go. I personally don't do it because my projects are not big enough to require it but assuming the database driver is used for some of the configs, things that can be moved to a separate database are the job tables (failed_jobs, jobs), the session table (sessions) and the cache table (assuming you use the database driver for cache instead of something like redis). I think it's overkill anyways.

Really cant say which one is better. If using guards makes things better why not use them??? I had similar situation where i created online vacancy portal. I maintained that with guards admin for admins and default web guards for user. Roles and permissions were maintained only for admins as admins had two roles maker and checker. Was that a bad approach then????

Thanks sir.

Hi can u make a Complete video on laravel spatie roles and permissions?? Please , It will be so helpful!!

Video title is kind of Misleading, Roles are not considers as Users. What here talked about is User Type and it's separate profiles. I consider role as group of permissions, One user can have n number of roles as per requirement. Depends on size of application may be one or multiple roles for user.

I didn’t know that you are answering questions on twitter.. probably cause i dont use twitter.. you mind if i share some code with you for your review? Am trying to become a better laravel developer and your help would be highly appreciated.

How can you do this? that’s treason