F
Filament2y ago
DianaMujoiu

Authentication: All users can access Filament

Hello, guys. I have two applications: client(the website) and api with Filament. I am using Laravel Sanctum for register/login only to the website not in the admin panel but as I saw, all the users created from the website can also access the Filament Admin Panel. How can I allow only the filament user(or specific user ) to access the admin panel? I say something like this, I put it in the User Model but it's not working
'public function isFilamentAdmin() { return $this->email === '[email protected]'; }'
15 Replies
krekas
krekas2y ago
did you add implements FilamentUser? and for code use proper syntax. read #✅┊rules
DianaMujoiu
DianaMujoiuOP2y ago
Yes, I added FilamentUser
krekas
krekas2y ago
add dd($this->email) to check if it gets email
DianaMujoiu
DianaMujoiuOP2y ago
it doesn't display anything
Dennis Koch
Dennis Koch2y ago
Where do use isFilamentAdmin()? And where did you add canAccessFilament()?
Dennis Koch
Dennis Koch2y ago
Did you read the docs on this? https://filamentphp.com/docs/2.x/admin/users#authorizing-access-to-the-admin-panel
Filament
Users - Admin Panel - Filament
The elegant TALL stack admin panel for Laravel artisans.
DianaMujoiu
DianaMujoiuOP2y ago
Yes, I read the documentation. I added canAccessFilament() and isFilamentAdmin() in UserModel
Dennis Koch
Dennis Koch2y ago
You only showed isFilamentAdmin(). Can you show the full model? Is the APP_ENV set to something else than local?
DianaMujoiu
DianaMujoiuOP2y ago
APP_ENV is set to local. 
<?php

namespace App\Models;

use Laravel\Sanctum\HasApiTokens;
use Filament\Models\Concerns\IsFilamentUser;
use Illuminate\Notifications\Notifiable;
use Filament\Models\Contracts\FilamentUser;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable implements FilamentUser
{
    use HasApiTokens;
    use HasFactory;
    use Notifiable;
    /**
     * The attributes that are mass assignable.
     *
     * @var array<int, string>
     */
    protected $fillable = [
        'name',
        'email',
        'password',
        'status'
    ];

    /**
     * The attributes that should be hidden for serialization.
     *
     * @var array<int, string>
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast.
     *
     * @var array<string, string>
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];

    public function isFilamentAdmin()
    {
        return $this->email === '[email protected]';
    }

    public function canAccessFilament(): bool
    {
        return true;
    }
}
<?php

namespace App\Models;

use Laravel\Sanctum\HasApiTokens;
use Filament\Models\Concerns\IsFilamentUser;
use Illuminate\Notifications\Notifiable;
use Filament\Models\Contracts\FilamentUser;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable implements FilamentUser
{
    use HasApiTokens;
    use HasFactory;
    use Notifiable;
    /**
     * The attributes that are mass assignable.
     *
     * @var array<int, string>
     */
    protected $fillable = [
        'name',
        'email',
        'password',
        'status'
    ];

    /**
     * The attributes that should be hidden for serialization.
     *
     * @var array<int, string>
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast.
     *
     * @var array<string, string>
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];

    public function isFilamentAdmin()
    {
        return $this->email === '[email protected]';
    }

    public function canAccessFilament(): bool
    {
        return true;
    }
}
Dennis Koch
Dennis Koch2y ago
That's the issue. canAccessFilament() only has an effect on non-local environments Btw. code formatting required backticks. If you can't find them on your keyboard, you can copy them from #✅┊rules 😅
DianaMujoiu
DianaMujoiuOP2y ago
Understood now Should I do some changes in my model ? I pushed the changes to integration and has no effect. I can sign in with all the users. I hope I am clear because I don't know how to explain 😅
Dennis Koch
Dennis Koch2y ago
Which changes? Did you change the APP_ENV to something non-local?
DianaMujoiu
DianaMujoiuOP2y ago
APP_ENV=staging
Dennis Koch
Dennis Koch2y ago
Okay, but you still haven't restricted them in any way, right? 
    public function canAccessFilament(): bool
    {
        return true;
    }
    public function canAccessFilament(): bool
    {
        return true;
    }
DianaMujoiu
DianaMujoiuOP2y ago
Right Done. I put a rule in canAccessFilament(). Thank you 😀
Want results from more Discord servers?
Add your server