Navigation group not respecting shield permissions
When I don't have a builder navigation group in the app service provider's boot method, Filament Shields permissions are respected, and navigation items hidden according to permission.
But when I add my navigation groups using builder, all users can see every resource in the navigation sidebar.. Is there something I can do to get it to respect the permissions in the same way?
Maybe something I need to put in ->isActiveWhen without manually hard coding each one to each specific permission that is already set in shield?
Filament::navigation(function (NavigationBuilder $builder): NavigationBuilder {
return $builder
->items([
NavigationItem::make('Dashboard')
->icon('heroicon-o-home')
->activeIcon('heroicon-s-home')
->isActiveWhen(fn (): bool => request()->routeIs('filament.pages.dashboard'))
->url(route('filament.pages.dashboard')),
])
->groups([
NavigationGroup::make('Settings')
->items([
...Profile::getNavigationItems(),
]),
NavigationGroup::make('Site Admin')
->items([
...UserResource::getNavigationItems(),
]),
NavigationGroup::make('Super Admin')
->items([
...CompanyResource::getNavigationItems(),
...AllUserResource::getNavigationItems(),
...RoleResource::getNavigationItems(),
]),
]);
});11 Replies
the permissions are not applied in getNavigationItems(), if that makes sense
...(CompanyResource::canViewAny() ? CompanyResource::getNavigationItems() : []),That works great, thanks!
But how do I hide the actual section also? (see screenshot)
Also, my custom page doesn't have a "canViewAny" permission, so I'm getting an error. I'm just using the "pages" section to hide it in Filament Guard.
This doesn't work:
...(Profile::canViewAny() ? Profile::getNavigationItems() : []),
What would be the correct nomenclature for this?
where is your auth check for the profile page?
In Filament shield:
Do I need to add a hard coded check too?
to be honest i dont know where it does that check
might be worth asking how to check in #shield
No problem!
Also, I'm guessing shouldRegisterNavigation() is getting overridden by the nav group in the service provider..
I need to figure out an equivalent for return auth()->user()->hasPermissionTo('view_any_all::user'); for my resource with a shared model
Or just not use the nav group
if there are no items in the group then it probably shouldnt show?
You would think so, but it does!
I've reverted back to the traditional nav group method for now.
Hi @benshawuk did you ever get a working solution to this?
Hi, no, I just ended up using the other navigation group method instead. Sorry!