DEV Community

Cover image for Laravel: Making secure filters for Eloquent Models
Fouladgar.dev
Fouladgar.dev

Posted on • Edited on

Laravel: Making secure filters for Eloquent Models

Introduction

In the previous post, I introduced a package that allowed you to filter for your Eloquent models in Laravel.As you can see here.

The latest version of this package is available in Github repository: v1.0.1

As I explained earlier,you may need to filter a model in your project like User model.For example, filtering users based on gender, age, online / offline status and etc... .

Now, you may check if the authenticated user actually has the authority to apply a given filter. For example, you may determine if a user has a premium account or is admin, can apply the StatusFilter to get listing the online or offline people.

Let's have a practical example below for a better understanding.

Setup EloquentBuilder package

In the first, if you have not Laravel,run below command:

$ composer create-project --prefer-dist laravel/laravel authorize-filter
Enter fullscreen mode Exit fullscreen mode

Now go to root of the your application and install EloquentBuilder:

$ cd authorize-filter
$ composer require mohammad-fouladgar/eloquent-builder
Enter fullscreen mode Exit fullscreen mode

Now, you should create a new directory in the ‍‍app directory as EloquentFilters.This directory is the storage place of the model filters.

Create Route and Controller

In this step, we need to create a Route for users listing.So open your routes/web.php file and add following route:

Route::get('users', 'UserController@index');
Enter fullscreen mode Exit fullscreen mode

Then,you should create a controller named UserController:

Now you can open bellow url on your browser:

http://localhost:8000/users
Enter fullscreen mode Exit fullscreen mode

If you running this URL, users listing will be returned.
In the next step, we will implement the gender and status filters.

Gender Filter

At this point, we want to filter users based on gender.
First of all, you should create a new directory as User inside EloquentFilters.This directory contains user model filters.
Next, create a new file named GenderFilter.php:

app/EloquentFilters/User/GenderFilter.php

after creating above filter, open your browser and run this url for apply filter on your query:

http://localhost:8000/users?filter[gender]=male
Enter fullscreen mode Exit fullscreen mode

By running this url,users are listed who have the gender as male.

StatusFilter

This filter has a authorize method.within method we want to check if a user has a premium account, can apply the StatusFilter to get listing the online or offline people.

Take a look at the following filter:

app/EloquentFilters/User/StatusFilter.php

For apply the above filter,in browser open the below url:

http://localhost:8000/users?filter[gender]=male&filter[status]=online
Enter fullscreen mode Exit fullscreen mode

For see more details click here please.

Conclusion

In this article, we learned how to use the EloquentBuilder package in the Laravel framework.

Also learned:

  • How to make a filter for a model
  • How to apply filters on query builder
  • How to check the authorization to apply a given filter

And finally having a clean code, readable and extensible.

I hope this article will be of interest to you. I'm glad to have your valuable comments.

Good luck...

Top comments (0)