Laravel Boilerplate Versions Save

Added

• Added GitAds to README, putting here for transparency.
• Ported over validation for default language files from 6.x BP
• Added Czech language files

Changed

• Changed default gravatar to be more generic.
• Use Laravel bootable traits with UUID trait.

Changed

• Update Laravel, proxy, and mockery min versions

Force updates to the Laravel security patch

Laravel Security Patch: https://blog.laravel.com/security-release-laravel-61827-7220

Added

• Added gravatar to frontend navbar
• Added breadcrumbs on the frontend on pages that it would benefit on. Added a config item to be able to turn it off. If there are no breadcrumbs for a page the bar won't show.
• Added SuperAdminCheck, AdminCheck and UserCheck middleware
• Added scopes for user types
• Added GET form component
• Added back ARCANEDEV/LogViewer
• Add container to all frontend views
• Publish laravel error pages

Changed

• Update to Laravel commit: 791c87a80d1c5eebd75e1bf499f86899d6b2b26f
• Change alpine.js @click and @change methods to use x-on/x-change to not interfere with Vue
• Default old request for user edit page
• Wrapped backend breadcrumbs in conditional so if there are no breadcrumbs for that page the just don't show.
• Allow UserTypeCheck to accept multiple types
• Full width frontend messages partial
• Prefix all admin permissions with admin. and refactor.
• Italian language updates

Removed

• Removed an un-needed redirect from LoginController
• Remove container from frontend master view

Added

• Added method and scope to get users by type
• Added headerActions to frontend card component

Changed

• Be explicit when showing type labels in the backend
• Moved frontend user routes to own file
• Change default password expiration days to 180
• Change default 'change email' status to true

This release completely changes the way the previous authentication system worked. I probably went through 5 different iterations of a multi auth/guard architecture, but it became too messy and there are too many variables when dealing with different user tables and multiple different sessions. The solution I came up with I think serves the same purpose without the complexities. There is a new type column on the users table that is a predefined list of user types that your system supports, and a middleware to lock parts down to different types. The roles and permissions also have a corresponding type column to organize what roles and permissions are available to what user types, and the backend will only let you choose from the correct ones. For example: Any user of type admin can access the admin area, but they cannot do anything without a corresponding role or permission to a given section. This will let you structure your applications better if the use multiple different user types that have access to different areas, without using different guards, all with one users table and one login form.

Added

• Add user type check middleware
• User accounts no longer require roles
• The roles and permissions a user can have are now constrained by their type
• Change isAdmin to hasAllAccess, because isAdmin now repurposed to check type
• Update UserService to reflect type, no longer assign default role to users
• Delete view backend permission as all users of admin type can view the backend.
• Add type column to user/role tables
• Update the global gate to check hasAllAccess instead of isAdmin, since now an admin may not have all access
• Remove redirect and default user role from boilerplate config
• Update factories and seeders
• When creating a user from the backend, a new type dropdown is available, and will show the correct roles/permissions for that type to be able to choose from and validate on the backend
• Update all old instances of isAdmin to hasAllAccess, and use new isAdmin where applicable
• Frontend user dashboard now limited to user type
• When creating/editing a role, only the permissions related to the type will be available to choose from
• Add spatie/activitylog
• Add events for roles and users
• Add role event subscriber
• Boolean for whether or not 2FA is required for admin
• Added Terms & Conditions checkbox with validation to registration
• Added dummy Terms & Conditions page
• Added UUID trait back if needed
• Added ability to only allow users to be assigned roles from the backend and not additional permissions

Changed

• Change password histories to be polymorphic
• Make alert banners shorter vertically
• Refactor system to use user types to define who can view certain areas, then use roles and permissions from there to narrow down further.
• Update all tests
• Require 2FA to be enabled to access admin
• Change 2FA restricted redirect to enable 2FA page
• Automatically load roles and permissions for users and permissions for role models
• Move user event namespace
• Move HomeController out of auth domain
• Change account tabs from vertical to normal because they respond better

Removed

• Removed accountant package

Changed

• Updated breadcrumbs to be more readable
• Update link utility to allow slot
• Add note for Gate::after in AuthServiceProvider if wanted
• Change title bar delimiter from - to |
• Update yarn and composer

Changed

• Revert UserRoleSeeder change

Added

• Missing captcha functionality for login/register

Changed

• Seed second role in production not just testing

Removed

• Duplicate user tests
• Terser in mix file