Filament•2y ago

How to enforce policy on list pages

Hi, I noticed that the view() method of the policies doesn't work on the ListPages. What would be a good way to enforce some authorization on the ListPages?

7 Replies

awcodes•2y ago

viewAny() that will restrict access to the whole page

KanalaetxebarriaOP•2y ago

That won't do it. I need different users to only be able to see their own records. Normally I'd use a policy like $user->id === $product->vendor_id. But it doesn't seem to work on the list pages

awcodes•2y ago

ah, that would need to be handled with the query on the ListRecords class. on tables the policies only limits what actions can be taken against the records.

KanalaetxebarriaOP•2y ago

Great! How can I modify that? The class seems to be burried in the vendor directory

awcodes•2y ago

It's on ListPages. Assuming 'Page' is your resource, that's the one that extends ListRecords. You can override the query there.

protected function getTableQuery(): Builder
{
    return parent::getTableQuery()->extraMethods();
}

protected function getTableQuery(): Builder
{
    return parent::getTableQuery()->extraMethods();
}

KanalaetxebarriaOP•2y ago

Great, thanks! 🙂

KanalaetxebarriaOP•2y ago

For anybody else looking for this, you can also modify the query for the entire resource: https://filamentphp.com/docs/2.x/admin/resources/listing-records#customizing-the-eloquent-query

Filament

Listing records - Resources - Admin Panel - Filament

The elegant TALL stack admin panel for Laravel artisans.

Gaming

Programming

How to enforce policy on list pages

Did you find this page helpful?