How to set company_id in role_user table
I'm able to assign roles and everything works great, but the currently logged in
company_id
(multi-tenancy) doesn't get saved to the pivot table (remains null)
Is there a way to set the pivot table with the currently logged in company_id
when assigning roles to a user?
I'm using a UserResource
to do this, and I just add the roles selector component using:
Forms\Components\Select::make('roles')
->label(__('Role(s) (Must select at least 1)'))
->required()
->relationship(
name: 'roles',
titleAttribute: 'name',
modifyQueryUsing: fn (Builder $query) => $query->whereNotIn('perm_name', array('admin', 'super-admin')),
)
->native(false)
->multiple()
->searchable()
->preload(),
The company itself will be assigning the roles (not a site admin)10 Replies
So, when you say pivot table, do you mean the
role_user
pivot table?
I just want to be clear on the objective. The company (aka Tenant) is not considered an entity. The company does not logs in or assigns roles. The company is just a tool of separation. When you set the Company as a Tenant, filament will separate all your resources by tenant. Every new resource you create requires a relationship called company()
. And every time a resource record is created (ie. a new user via the UserResource), filament will take care of relating the currently selected tenant to the new resource record.Yes that's correct. And yes that works perfectly in filament, everything is separated like it should be. The problem is roles & permissions, I want to allow a company Owner to create new users with things like Client, Manager, Breeder, etc... This is where filament fails for now, so I made my own Role system that uses
role_user
table to decide what Role they are, and based on that Role (like Owner, Manager, Breeder, Client), they will have certain Panels and certain capabilities (like adding/deleting other users, adding/deleting records, and more)
But I need a way to specify each company for each row in role_user
pivot table, so when a user switches companies, they have their specific role
For instance,
lets say [email protected] signs up as a Owner to their own company (they create a company)
Then [email protected] also gets added as a Client to another company
If they switch companies, I wont have a way to make sure they have the specific Client or Owner permission without setting the company_id
in role_user
table... but filament doesn't insert this extra column value automatically
Hopefully this makes sense. I understand if you're unable to help with this as wellOk, I understand what you are trying to do now. It makes sense. I don’t know how to accomplish this, but I’m sure I can figure it out. Allow me some time to look for a solution and I’ll come back to you with an answer 😉
Alright I appreciate it 🙂 I figure worse case, it will just show all companies available to them, and whatever panel they are in will be the "role". Like if they are in a Company Panel, they can only do Company Role type stuff, and Client Panel can only do Client Role stuff... And the role itself (in
role_user
table) would just be to allow access to those Panels in general, but wouldn't control much else past this I suppose
I would also have to make sure each Panel is only allowed to do specific things for the specific Role, but the problem with this is that I definitely wouldn't be able to use any permissions to narrow it down even further (where someone can make a new Role and assign it certain Permissions like allowing someone to add/edit a User within the Company while restricting other Users from doing so)
So yeah if you figure out an idea let me know - I only ask because I couldn't find it on my own 😦 and sadly a lot of the examples are for version 2 which haven't worked on version 3 :/I understand. I’ll do my best to steer you in the right direction. It’s definitely a complex issue and I believe we can all learn from it.
FYI. I haven’t forgotten about this. I’m still looking for an acceptable answer. Currently looking into model life cycle hooks and
updateExistingPivot()
All good, thank you for the dedication!
Short Answer:
Unfortunately, you can't have roles for each Tenant (company).
Long Answer:
A user role defines the identity of such user across all Panels and Tenants. If you identify a user as a "Client", this defines the user (and what the user can see and do) across all of the application (Panels, Tenants, Resources). Therefore you need to design your application around Roles first. Create a Panel just for Clients and another for Admins, for example. Decide what Resources the Client Panel has access to (maybe you just want them to see invoices and manage their own orders). If you decide to add multi-tenancy, then keep in mind this is third in the hierarchy (Roles being first, and Panels second). Think of it like this: a User has many or belongs to many Companies, and will have the same role in all of them.
Having said that, there are ways to fine tune what a user can/cannot do with the Resources they have access to. By default, Filament will observe any model polices registered in your application.
You can read more about Model Policies here: https://laravel.com/docs/10.x/authorization#creating-policies
Sorry if the answer is not what you expected. I hope this gives a bit more clarity into the subject and that I was, at the very least, somewhat helpful.
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
Okay thank you. That's what I thought, I can't have Permissions for each Role. I just have to make it Role only and design each Panel based on that Role - and that's probably the easiest simplest idea until a potential package/etc is introduced
I appreciate the help forsure, and the time you have put into helping me!
And yes, they would have the same Role in all of them - no way to separate - so I'll keep that in mind with my designing as well
I just thought of a different way to do it as well, where I have just 1 panel for Company. Within this Panel, I would only allow resources for certain Roles
For instance,
If they have Owner and Client Role, they would see all Owner and Client resources
If they only had Client role, they would use the same Panel, but would only see Client resources - that may be the easier approach so they don't have to switch paths just to access a different Role. I just have to think more
Sound like a good idea 👍 Let me know how it goes. And if you need any more help, feel free to open a new post. Happy coding! 😉
By the way,
I missed a step...
https://filamentphp.com/docs/3.x/panels/tenancy#customizing-the-ownership-relationship-name
This is mainly for things to belong to a company though, but I think this will let me get rid of updating the company_id through the create method in the model (when creating a new record)
Don't miss this step like I did haha - I'll let you know if it fixes my issues 🙂