General settings allow you to configure various aspects of the application via Settings interface, without directly modifying configuration files.
Overview
What is Settings?
Settings is an interface to configure:
- Site information (name, description)
- OAuth configuration (enabled/disabled, credentials)
- Administrator email
- Maintenance mode
Settings vs Environment
| Type | When to use | Examples |
|---|
| Settings | Modifiable configurations from UI | OAuth credentials, site name |
| Environment (.env) | Infrastructure configurations | Database connection, cache driver |
Use Settings for everything an administrator might want to modify without developer assistance.
Spatie Laravel Settings
Zuora Workflow Manager uses Spatie Laravel Settings package for:
- Saving settings to database
- Automatic type casting (bool, array, etc.)
- Automatic settings caching
- Evaluation without repeated queries
Settings Access
Prerequisites
- Account with
super_admin role
- Access to admin panel
Navigation
- Log in to admin panel
- Navigate to Settings in the sidebar under Settings group
- Select General Settings
Only users with super_admin role can access Settings.
Settings Sections
Site Name
| Property | Value |
|---|
| Field | siteName |
| Type | String |
| Required | No |
| Default | ”Zuora Workflow Manager” |
- Page title
- Email notifications
- Various UI elements
Site Description
| Property | Value |
|---|
| Field | siteDescription |
| Type | String |
| Required | No |
| Default | Null |
- Meta description (SEO)
- Dashboard header
- Notifications
OAuth Configuration
OAuth Enabled
| Property | Value |
|---|
| Field | oauthEnabled |
| Type | Boolean |
| Required | No |
| Default | false |
- true: Shows “Sign in with Google” button on login page
- false: Traditional login only (email + password)
Disable OAuth if you don’t want to allow Google-based access.
Allowed Domains
| Property | Value |
|---|
| Field | oauthAllowedDomains |
| Type | Array |
| Required | If OAuth enabled |
| Default | [] (empty array) |
example.com
company.org
*.startup.io
If OAuth enabled but Allowed Domains is empty, OAuth access might be restricted.
*.example.com: Allows user@example.com, admin@example.comcompany.org: Allows only @company.org exactly
Google Client ID
| Property | Value |
|---|
| Field | oauthGoogleClientId |
| Type | String |
| Required | If OAuth enabled |
| Default | Null |
123456789-abcdefghijklmnop.apps.googleusercontent.com
Get Client ID from Google Cloud Console → APIs & Services → Credentials.
Google Client Secret
| Property | Value |
|---|
| Field | oauthGoogleClientSecret |
| Type | String (encrypted) |
| Required | If OAuth enabled |
| Default | Null |
GOCSPX-abcdefghijklmnopqrstuvwxyz123456
The Client Secret is automatically encrypted in the database. It’s not shown in plain text after being saved.
Application Configuration
Admin Email
| Property | Value |
|---|
| Field | admin_email |
| Type | String (email) |
| Required | No |
| Default | Null |
- Email notifications
- System alerts
- From address for emails
Format:
Maintenance
Maintenance Mode
| Property | Value |
|---|
| Field | maintenanceMode |
| Type | Boolean |
| Required | No |
| Default | false |
- true: Application shows maintenance page to all users
- false: Application is operational
Users with super_admin role can still access during maintenance mode.
Saving Settings
Procedure
- Modify desired fields in various sections
- Click on Save in bottom right
- Changes are saved to database
Feedback
- Success: Green notification “Settings saved successfully”
- Error: Red notification with error message
- Validation: Validation errors on fields
Settings vs Environment Variables
Priority
Settings configured via UI have priority over environment variables:
// In config/services.php
'google' => [
'client_id' => env('OAUTH_GOOGLE_CLIENT_ID')
?? app(GeneralSettings::class)->oauthGoogleClientId,
'client_secret' => env('OAUTH_GOOGLE_CLIENT_SECRET')
?? app(GeneralSettings::class)->oauthGoogleClientSecret,
'enabled' => env('OAUTH_ENABLED')
?? app(GeneralSettings::class)->oauthEnabled,
],
If a setting is configured both in .env and via UI, the UI value takes precedence.
When to use Settings
Use Settings for:
| Situation | Example |
|---|
| Configurations that admin frequently modifies | OAuth credentials, site name |
| Values that don’t require application restart | Email templates, feature toggles |
| Values specific to multi-tenant instance | Customer-specific settings |
| Sensitive settings you don’t want in .env | API secrets |
When to use .env
Use .env for:
| Situation | Example |
|---|
| Infrastructure configurations | Database connection, cache driver |
| Values that never change | APP_KEY, APP_URL |
| Configurations that require restart | Queue driver, log level |
| Settings critical for deployment | Environment (production/development) |
Caching Settings
Automatic Cache
Spatie Laravel Settings automatically caches:
// First call: database query
$settings = app(GeneralSettings::class);
// Subsequent calls: cache (no query)
$settings = app(GeneralSettings::class);
Cache Clearing
To update settings immediately after modification:
# Clear settings cache
lando artisan settings:clear
# Clear all cache
lando artisan cache:clear
After modifying settings, clear cache to apply changes.
Cache Duration
The cache lasts until explicitly cleared or server is restarted.
Accessing Settings via Code
In Controller/Service
// Get settings instance
$settings = app(GeneralSettings::class);
// Access properties
$siteName = $settings->siteName;
$oauthEnabled = $settings->oauthEnabled;
$allowedDomains = $settings->oauthAllowedDomains;
// Modify settings
$settings->siteName = 'New Name';
$settings->save(); // Saves to database and clears cache
In Blade Template
{{-- Direct access --}}
{{ app(App\\Settings\\GeneralSettings::class)->siteName }}
{{-- In variable --}}
@php
$settings = app(App\\Settings\\GeneralSettings::class);
@endphp
{{ $settings->siteDescription }}
In CLI/Tinker
lando artisan tinker
>>> $settings = app(GeneralSettings::class)
>>> $settings->siteName
"Zuora Workflow Manager"
>>> $settings->oauthEnabled
true
>>> $settings->oauthAllowedDomains
[
"example.com",
"company.org"
]
Settings Migration
Migrating Settings
When adding or removing settings:
- Update
GeneralSettings class
- Run migration if necessary
- Clear settings cache
# Clear cache
lando artisan settings:clear
# Verify new settings
lando artisan tinker
>>> $settings = app(GeneralSettings::class)
>>> dd($settings)
Default Values
Default values are defined in GeneralSettings.php:
class GeneralSettings extends Settings
{
public string $siteName = 'Zuora Workflow Manager';
public bool $oauthEnabled = false;
public array $oauthAllowedDomains = [];
// ...
}
Troubleshooting
Settings not saving
Symptom: Click “Save” but changes not saved
Possible causes:
-
Validation error:
- Check red notifications
- Verify required fields
-
Database error:
- Verify database connection
- Check logs
-
Cache not cleared:
lando artisan cache:clear
Solutions:
-
Verify validation:
- All required fields filled?
- Email formats valid?
- Password requirements?
-
Check logs:
lando logs -f | grep -i "settings"
OAuth not working after changes
Symptom: Modified OAuth settings but login doesn’t work
Possible causes:
-
Incorrect credentials:
- Verify Client ID and Secret
-
Cache not cleared:
lando artisan cache:clear
-
Redirect URI:
- Verify on Google Cloud Console
- Must be:
{APP_URL}/oauth/google/callback
Solutions:
See OAuth Management for detailed troubleshooting.
Settings not visible
Symptom: Settings page empty or errors
Possible causes:
-
Not super_admin:
- Only super_admin can see Settings
-
Class not registered:
- Verify SettingsServiceProvider
-
Migration not run:
Solutions:
-
Verify role:
>>> auth()->user()->roles
-
Verify ServiceProvider:
- Check
app/Providers/SettingsServiceProvider.php
- Verify that
GeneralSettings is registered
-
Run migrations:
lando artisan migrate:refresh
Best Practices
Settings Management
1. Documentation:
- Document every added setting
- Explain purpose and valid values
- Configuration examples
2. Versioning:
- Track settings changes
- Note date and author of changes
- Keep backup of important settings
3. Testing:
- Test settings in staging environment before production
- Verify changes work as expected
- Test fallbacks if settings missing
Security
1. Access Protection:
- Only super_admin can modify settings
- Log all settings changes
- Consider MFA for critical settings
2. Encryption:
- Client Secret and other secrets encrypted
- Don’t show secrets in plain text after saving
- Use strong APP_KEY
3. Validation:
- Validate all settings inputs
- Sanitize to prevent XSS/SQL injection
- Use appropriate type casting
1. Caching:
- Use settings cache (automatic with Spatie)
- Clear cache only when necessary
- Avoid repeated queries
2. Lazy Loading:
- Don’t load settings if not needed
- Access via
app() only when needed
3. Optimize:
- Group settings changes into single
save() call
- Avoid repeated saves
API Reference
GeneralSettings Class
class GeneralSettings extends Settings
{
public string $siteName;
public string|null $siteDescription;
public bool $oauthEnabled;
public array $oauthAllowedDomains;
public string|null $oauthGoogleClientId;
public string|null $oauthGoogleClientSecret;
public string|null $adminEmail;
public bool $maintenanceMode;
// Helper methods can be added
public function isOAuthEnabled(): bool
{
return $this->oauthEnabled;
}
public function isEmailDomainAllowed(string $email): bool
{
$domain = Str::after($email, '@');
return in_array($domain, $this->oauthAllowedDomains);
}
}
Access Pattern
// Singleton pattern (recommended)
$settings = app(GeneralSettings::class);
// Facade pattern (if defined)
use App\\Facades\\Settings;
$siteName = Settings::get('siteName');
// Dependency Injection (in service)
class MyService
{
public function __construct(
private GeneralSettings $settings
) {}
public function doSomething(): void
{
$enabled = $this->settings->oauthEnabled;
}
}
Next Steps
After configuring settings:
