F
Filament2y ago
Prodex

Policy not enforced

Hi, I created a "LocationPolicy" that looks like this: 
    public function view(User $user, Location $location)
    {
        $allowedLocations = $user->locations;
        return $allowedLocations->contains($location);
    }
    public function view(User $user, Location $location)
    {
        $allowedLocations = $user->locations;
        return $allowedLocations->contains($location);
    }
and registered it like so: 
    protected $policies = [
        User::class => LocationPolicy::class
    ];

    public function boot(): void
    {
        $this->registerPolicies();
    }
    protected $policies = [
        User::class => LocationPolicy::class
    ];

    public function boot(): void
    {
        $this->registerPolicies();
    }
But this policy doesn't seem to be enforced when using a select multiple: 
                    Forms\Components\Select::make('locations')
                                           ->label(trans('locations.plural'))
                                           ->multiple()
                                           ->searchable()
                                           ->relationship('locations', 'name')
                                           ->preload()
                                           ->required(),
                    Forms\Components\Select::make('locations')
                                           ->label(trans('locations.plural'))
                                           ->multiple()
                                           ->searchable()
                                           ->relationship('locations', 'name')
                                           ->preload()
                                           ->required(),
Currently the user can still choose all locations, where it should only be those relateded with the user model. What am I missing here? Thank you!
18 Replies
Kenneth Sese
Kenneth Sese2y ago
You need to register the policy on your Location class, not User class
Prodex
ProdexOP2y ago
okay, I did that now but it doesn't seem to work either. 
protected $policies = [
        Location::class => LocationPolicy::class
    ];
protected $policies = [
        Location::class => LocationPolicy::class
    ];
Kenneth Sese
Kenneth Sese2y ago
That correct now. I would assume the select would honor that policy now. Unfortunately, I’m walking out the door to work. Hopefully someone else can step in for the meantime. I’ll check back in an few hours to see if this is resolved.
Prodex
ProdexOP2y ago
if I dd() the view policy or return null nothing happens in the frontend, so I assume that this policy never gets called
Kenneth Sese
Kenneth Sese2y ago
dd() $user in view method in your policy. If it's registered correctly and being called correctly, then that should dump the user. I'll be back
Prodex
ProdexOP2y ago
dd($user) doesn't dump anything :/
Dennis Koch
Dennis Koch2y ago
A Select doesn't rely on policies. Neither does ListPage. It's because policies work on the model, but we already need to filter on DB level
Prodex
ProdexOP2y ago
so for this to work, I need to make a custom query for the select which respects the users locations?
Dennis Koch
Dennis Koch2y ago
Yes.
Prodex
ProdexOP2y ago
the only thing that comes to my mind by doing that is, that you might be able to "hack" it by just passing other ids to the select field and save. Or is this not possible? 😅
Patrick Boivin
Patrick Boivin2y ago
Add validation 
    ->options( ... )
    ->rule(Rule::in( ... ))
    ->options( ... )
    ->rule(Rule::in( ... ))
Kenneth Sese
Kenneth Sese2y ago
The relationship method can take a query argument at the end so try something like: ->relationship('locations', 'name', fn (Builder $query) => $query->where('user_id', auth()->id())
Prodex
ProdexOP2y ago
thank you, I did that, can you give me more context for that rule?
Kenneth Sese
Kenneth Sese2y ago
Not a tule. On your relationship method
Prodex
ProdexOP2y ago
yes I did that and it works. Just wonder how this ->rule() should look like that @pboivin mentioned
Kenneth Sese
Kenneth Sese2y ago
Ok cool!
Patrick Boivin
Patrick Boivin2y ago
Just a sec, I'll find a more complete example (I know I have one, lol) @prodex I think this should work (had to change it a bit to simplify): 
Select::make('bolt_type_id')
    ->options(BoltType::whereCategory($category)->pluck('id', 'title'))
    ->rule(Rule::in(BoltType::whereCategory($category)->pluck('id'))
    // ...
Select::make('bolt_type_id')
    ->options(BoltType::whereCategory($category)->pluck('id', 'title'))
    ->rule(Rule::in(BoltType::whereCategory($category)->pluck('id'))
    // ...
Oh I forgot about the ->relationship() for a bit... I guess my solution is a bit more "manual", there may be a better way Yeah nevermind, it looks like the Select field is doing all that for you with ->relationship() 😄
Prodex
ProdexOP2y ago
okay 😄
Want results from more Discord servers?
Add your server