Use polymorphic relationship

[thibaultlavoisey]

Could be useful for issuing tokens for organization accounts.

[rennokki]

I think that a better idea would be the ability to change the Personal Access Token model like Passport: https://laravel.com/docs/5.8/passport#overriding-default-models

Then you would extend the PersonalAccessToken model and change the user relation in the model and set the new model using usePersonalAccessTokenModel()

It is already in #18

[thibaultlavoisey]

@rennokki Correct me if I'm wrong, changing the personal access token model will allow you to issue token to another model than the user one but not several models, right?

[rennokki]

Create a new model App\MyCustomTokenModel that extends the base model and replace the user() relation:

<?php

namespace App;

use Laravel\Airlock\PersonalAccessToken;

class MyCustomTokenModel extends PersonalAccessToken
{
    public function user()
    {
        return $this->morphTo();
    }
}

Make use of the function in boot():

use App\MyCustomTokenModel;
use Laravel\Airlock\Airlock;

Airlock::usePersonalAccessTokenModel(
    MyCustomTokenModel::class
);

Make sure you ignore the migrations in the register() in AppServiceProvider.php:

use Laravel\Airlock\Airlock;

Airlock::ignoreMigrations();

Publish the migrations or copy the migration file from the package in your database/migraitons/ folder and replace the user_id field with a morph field:

Schema::create('personal_access_tokens', function (Blueprint $table) {
    ...

    $table->morphs('user'); // let the name 'user' alone because morphTo is greedy due to the user() relationship

    ...
});

In your model (either it's User, Organisation or whatever) that uses the HasApiTokens trait in use, replace the tokens() method to make use of the morphMany:

use Laravel\Airlock\Airlock;

public function tokens()
{
    return $this->morphMany(Airlock::$personalAccessTokenModel, 'model');
}

Jobs done.

[thibaultlavoisey]

IMHO it would be simpler that Airlock handle this out of the box using a polymorphic relationship :) Your solution works but it's a bit of extra work for a common use case.

[rennokki]

I took Passport's example on this case. I think stuff should be simple out-of-the-box. :male_shrug:

[socheatsok78]

I agree to this, I was struggling to customize Laravel Passport to support polymorphic relationship. And I still resolve to use custom HTTP Header hack to get around it.

References:

• Passport Multi-Auth passport#161
• Passport Multi-Auth (Implementation) passport#982
• Use getAuthIdentifier() instead of getKey() to retrieve current user identifier passport#1006

[thibaultlavoisey]

@taylorotwell Would you accept a PR for this?

[socheatsok78]

@taylorotwell

Thank you kind sir!
👏 👏 👏