F
Filamentβ€’2y ago
Kanalaetxebarria

How to enforce policy on list pages

Hi, I noticed that the view() method of the policies doesn't work on the ListPages. What would be a good way to enforce some authorization on the ListPages?
7 Replies
awcodes
awcodesβ€’2y ago
viewAny() that will restrict access to the whole page
Kanalaetxebarria
KanalaetxebarriaOPβ€’2y ago
That won't do it. I need different users to only be able to see their own records. Normally I'd use a policy like $user->id === $product->vendor_id. But it doesn't seem to work on the list pages
awcodes
awcodesβ€’2y ago
ah, that would need to be handled with the query on the ListRecords class. on tables the policies only limits what actions can be taken against the records.
Kanalaetxebarria
KanalaetxebarriaOPβ€’2y ago
Great! How can I modify that? The class seems to be burried in the vendor directory
awcodes
awcodesβ€’2y ago
It's on ListPages. Assuming 'Page' is your resource, that's the one that extends ListRecords. You can override the query there. 
protected function getTableQuery(): Builder
{
    return parent::getTableQuery()->extraMethods();
}
protected function getTableQuery(): Builder
{
    return parent::getTableQuery()->extraMethods();
}
Kanalaetxebarria
KanalaetxebarriaOPβ€’2y ago
Great, thanks! πŸ™‚
Kanalaetxebarria
KanalaetxebarriaOPβ€’2y ago
For anybody else looking for this, you can also modify the query for the entire resource: https://filamentphp.com/docs/2.x/admin/resources/listing-records#customizing-the-eloquent-query
Filament
Listing records - Resources - Admin Panel - Filament
The elegant TALL stack admin panel for Laravel artisans.
Want results from more Discord servers?
Add your server