allow registration only for users not others like admin, super-admin etc.

[khan-umer]

Hello everyone,

my application requirement is to allow register only for users.
admins & other should create through backend.

I didn't found any example or docs for this kind of use cases in shield.
please share me if any helpful example for this.

[datamweb]

Hi,

my application requirement is to allow register only for users.

This is the default. Maybe I did not understand your meaning correctly.

admins & other should create through backend.

you should implement this.
I think you can implement the desired items with a combination of filter permission OR group and the links below
https://github.com/codeigniter4/shield/blob/develop/docs/install.md#controller-filters
see https://codeigniter4.github.io/shield/quickstart/#managing-users
for more help #333 (comment)

[khan-umer]

@datamweb

This is the default. Maybe I did not understand your meaning correctly.

you are correct, default added in user group.
and also i'm able to create admin through different route such /admin-register.

but /admin-register is public and anyone can create admin which i don't want to allow this.

you should implement this.

i was looking create super-admin user through command line.
if some how able to create super admin through command line then after login as super admin, we can create admins n all.

sorry for my English :(
is it possible to register super admin though command line?
please let me know how to do this.

thanks.

[datamweb]

I understand what you want.

Step1: Identify the user ID that you want to add to group superadmin with the following command.

php spark db:table users

Data of Table "users":

+----+----------+--------+----------------+--------+-------------+--------------------+--------------------+------------+------------+-----------+--------+
| id | username | status | status_message | active | last_active | created_at         | updated_at         | deleted_at | first_name | last_name | avatar |
+----+----------+--------+----------------+--------+-------------+--------------------+--------------------+------------+------------+-----------+--------+
| 1  | datamweb |        |                | 1      |             | 2022-12-18 20:1... | 2022-12-18 20:1... |            |            |           |        |
| 2  | khanumer |        |                | 1      |             | 2022-12-19 10:2... | 2022-12-19 10:2... |            |            |           |        |
+----+----------+--------+----------------+--------+-------------+--------------------+--------------------+------------+------------+-----------+--------+

Now we want to add group superadmin to user number 2 (khanumer ).

Step2: add group superadmin for user(id = 2)

1. run command :

php spark make:seeder ShieldAddSuperAdminGroup

2. edit app\Database\Seeds\ShieldAddSuperAdminGroup.php

<?php

namespace App\Database\Seeds;

use CodeIgniter\Database\Seeder;
use CodeIgniter\I18n\Time;

class ShieldAddSuperAdminGroup extends Seeder
{
    public function run()
    {
        $data = [
            ['user_id' => 2, 'group' => 'superadmin', 'created_at' => Time::now()],
        ];
        $this->db->table('auth_groups_users')->insertBatch($data);
    }
}

3. run command :

php spark db:seed ShieldAddSuperAdminGroup

step3: limit route via group filter

$routes->group('admin', ['filter' => 'group:superadmin'], static function ($routes) {
    $routes->get('/admin-register', 'Admin::adminRegister');
    $routes->post('/admin-register', 'Admin::adminRegister');
});

Note: Now, if the user is not in group superadmin, you will be transferred to page http://localhost:8080/. See the link below to show the error of lack of access
see #535 (comment)

Note: You can use the method described below to limit the viewing of the Admin panel.
https://github.com/codeigniter4/shield/blob/32e4bcdade30121ce32f29dae6bef190cd2d7258/docs/customization.md#custom-redirect-urls

@khan-umer I haven't put things into practice, but it looks like it will work. Please let me know if it is the same so that other users can use it if needed.

Regarding command line, currently Shield does not have a specific command for this purpose. If needed, users can submit a feature request.