When a user tries to register as a Patient, they can choose a team/clinic.
But we don't want users to register for the Master Team.
app/Http/Controllers/Auth/RegisteredUserController.php:
use App\Models\Team;use Illuminate\View\View; class RegisteredUserController extends Controller{ public function create(): View { $teams = Team::where('name', '!=', 'Master Admin Team')->pluck('name', 'id'); return view('auth.register', compact('teams')); } // ...}resources/views/auth/register.blade.php:
// ... <!-- Email Address --><div class="mt-4"> <x-input-label for="email" :value="__('Email')" /> <x-text-input id="email" class="block mt-1 w-full" type="email" name="email" :value="old('email')" required autocomplete="username" /> <x-input-error :messages="$errors->get('email')" class="mt-2" /></div> <!-- Team/Clinic --><div class="mt-4"> <x-input-label for="team_id" :value="__('Team')" /> <select name="team_id" id="team_id" class="block mt-1 w-full border-gray-300 focus:border-indigo-500 focus:ring-indigo-500 rounded-md shadow-sm"> <option>-- SELECT TEAM --</option> @foreach($teams as $id => $name) <option value="{{ $id }}">{{ $name }}</option> @endforeach </select> <x-input-error :messages="$errors->get('team_id')" class="mt-2" /></div> <!-- Password --><div class="mt-4"> <x-input-label for="password" :value="__('Password')" /> <x-text-input id="password" class="block mt-1 w-full" type="password" name="password" required autocomplete="new-password" /> <x-input-error :messages="$errors->get('password')" class="mt-2" /></div> // ...When a user is created, we must set the current_team_id, then set the team ID using the setPermissionsTeamId() helper from the Spatie package, and assign a role.
app/Http/Controllers/Auth/RegisteredUserController.php:
use App\Enums\Role;use App\Models\Team;use Illuminate\Support\Facades\DB;use App\Http\Controllers\Controller;use App\Models\User;use Illuminate\Auth\Events\Registered;use Illuminate\Http\RedirectResponse;use Illuminate\Http\Request;use Illuminate\Support\Facades\Auth;use Illuminate\Support\Facades\Hash;use Illuminate\Validation\Rules;use Illuminate\View\View; class RegisteredUserController extends Controller{ // ... public function store(Request $request): RedirectResponse { $request->validate([ 'name' => ['required', 'string', 'max:255'], 'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class], 'password' => ['required', 'confirmed', Rules\Password::defaults()], 'team_id' => ['required', 'exists:teams,id'], ]); $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), 'current_team_id' => $request->team_id, ]); event(new Registered($user)); Auth::login($user); setPermissionsTeamId($request->team_id); $user->assignRole(Role::Patient); return redirect(route('dashboard', absolute: false)); }}When using teams with the Spatie package, they recommend using the Middleware to...
amazing lesson!
Note in this case the Master Admin Team is removed from the patient registration form drop down but a bad actor could still pass this to the controller and create it. you'd want to double check this at the creation step too before passing it to DB.