courses 1Home page
courses 2Search form in every page
courses 3Course categories
courses 4Courses in each categories
courses 5Student dashboard - All my courses
courses 6All courses with "registered" label when students logged in
courses 7Course detail page with "registered or not" label when students logged in
courses 8Teacher dashboard
courses 9Course detail shows student list for teachers
courses 10Admin user panel
Source code: https://github.com/sunnygreentea/laravel-course-registration
This courses demo is to simulate the process of course registration and management.
All the courses have a name, category, teacher, students, room, date and time, and description. Courses can be classified by category. Users can search courses by name and category.
When students log in, they can see their list of registered courses and course detail, they can register a course or remove a course from their list.
When a teacher logs in, he/she can see a list of courses that he/she teaches. For each course, the teacher can see all the students registered in this course.
The login panel for both students and teachers share the same look as the website.
When an admin user logs in, he/she has a different layout of admin panel. Admin user has the authorization of managing users, permission, courses, categories, etc.
All admin users, teachers, and students are stored in “Users” table, each course has one teacher, and may have many students, so courses and teachers have a “one to many” relationship, courses and students have a “Many to Many” relationship.
Totally separated frontend website, teachers and students panel, and admin panel
- Routes: three groups: front, user and admin.
- Controllers: three folders: front, user and admin.
- Views: two layouts: front and admin. Frontend website and normal user panel share same layout while admin panel has a different layout. Three folders for blade files: front, user, and admin
Triple layers of admin authentication and authorization:
- Route: admin middleware applies to routes: beside Laravel default middleware “auth” added to both route groups “User” and “Admin”, the route group “Admin” also has another middleware “admin” to check if the current user is admin or regular user, if yes, redirect to admin panel, if not admin redirect to regular user panel.
- Gates: a middleware “AuthGates” defines different permissions what admin user and regular user (teacher and student) can do. The gates are applied in each admin controller to check if the current user has the right permission to access the page, if not redirect to 403 forbidden page.
- Form request authorization: the method “authorize” in form request class also using Gates to checks if the authenticated user actually has the authority to do the actions like CRUD for a given resource.
With these three layers of protection, regular users even do not know the admin panel exits, they cannot do anything for protected admin resources.