Require logged in user for certain models

[yakatz]

I want my LDAP to enforce certain security requirements for visibility and modifications of objects. Additionally, the default user does not have any permission to modify objects. I know I can use the $stayAuthenticated option for a single request, but I am wondering if there is a way to require that as part of the model.

In my LoginController, I am saving the user's password so I can access it later:

protected function authenticated(Request $request, $user)
{
    // Cache LDAP password for future user operations
    session()->put([
        'ldap_user' => [
            'username' => $user->getLdapAttribute()->getDn(),
            'password' => Crypt::encryptString($request->input('password')),
        ],
    ]);
}

For example, we have a mailing list/mail alias model:

namespace App\Ldap\FreeIPA\Mail;

use App\Ldap\FreeIPA\User;
use LdapRecord\Models\FreeIPA\Entry as Model;

class Alias extends Model
{
    protected $connection = 'idm';

    /**
     * The object classes of the LDAP model.
     *
     * @var array
     */
    public static $objectClasses = [];

    public function owners()
    {
        return $this->hasManyIn(User::class, 'owner');
    }
}

FreeIPA enforces that users can only access and modify certain attributes of the entry. Is there any way to make sure in the Model that it is using the stored bind?
It also seems incorrect to access session() in a model, so I am not sure where to put this information. Maybe a service provider that creates a dynamic $connection? Looking for other ideas.

[yakatz]

Possible solution: DirectoryTree/LdapRecord#332