How to set company_id in role_user table

I'm able to assign roles and everything works great, but the currently logged in company_id (multi-tenancy) doesn't get saved to the pivot table (remains null) Is there a way to set the pivot table with the currently logged in company_id when assigning roles to a user? I'm using a UserResource to do this, and I just add the roles selector component using: Forms\Components\Select::make('roles') ->label(__('Role(s) (Must select at least 1)')) ->required() ->relationship( name: 'roles', titleAttribute: 'name', modifyQueryUsing: fn (Builder $query) => $query->whereNotIn('perm_name', array('admin', 'super-admin')), ) ->native(false) ->multiple() ->searchable() ->preload(), The company itself will be assigning the roles (not a site admin)
10 Replies
tuto1902
tuto190217mo ago
So, when you say pivot table, do you mean the role_user pivot table? I just want to be clear on the objective. The company (aka Tenant) is not considered an entity. The company does not logs in or assigns roles. The company is just a tool of separation. When you set the Company as a Tenant, filament will separate all your resources by tenant. Every new resource you create requires a relationship called company(). And every time a resource record is created (ie. a new user via the UserResource), filament will take care of relating the currently selected tenant to the new resource record.
JamesTechDude
JamesTechDudeOP17mo ago
Yes that's correct. And yes that works perfectly in filament, everything is separated like it should be. The problem is roles & permissions, I want to allow a company Owner to create new users with things like Client, Manager, Breeder, etc... This is where filament fails for now, so I made my own Role system that uses role_user table to decide what Role they are, and based on that Role (like Owner, Manager, Breeder, Client), they will have certain Panels and certain capabilities (like adding/deleting other users, adding/deleting records, and more) But I need a way to specify each company for each row in role_user pivot table, so when a user switches companies, they have their specific role For instance, lets say [email protected] signs up as a Owner to their own company (they create a company) Then [email protected] also gets added as a Client to another company If they switch companies, I wont have a way to make sure they have the specific Client or Owner permission without setting the company_id in role_user table... but filament doesn't insert this extra column value automatically Hopefully this makes sense. I understand if you're unable to help with this as well
tuto1902
tuto190217mo ago
Ok, I understand what you are trying to do now. It makes sense. I don’t know how to accomplish this, but I’m sure I can figure it out. Allow me some time to look for a solution and I’ll come back to you with an answer 😉
JamesTechDude
JamesTechDudeOP17mo ago
Alright I appreciate it 🙂 I figure worse case, it will just show all companies available to them, and whatever panel they are in will be the "role". Like if they are in a Company Panel, they can only do Company Role type stuff, and Client Panel can only do Client Role stuff... And the role itself (in role_user table) would just be to allow access to those Panels in general, but wouldn't control much else past this I suppose I would also have to make sure each Panel is only allowed to do specific things for the specific Role, but the problem with this is that I definitely wouldn't be able to use any permissions to narrow it down even further (where someone can make a new Role and assign it certain Permissions like allowing someone to add/edit a User within the Company while restricting other Users from doing so) So yeah if you figure out an idea let me know - I only ask because I couldn't find it on my own 😦 and sadly a lot of the examples are for version 2 which haven't worked on version 3 :/
tuto1902
tuto190217mo ago
I understand. I’ll do my best to steer you in the right direction. It’s definitely a complex issue and I believe we can all learn from it. FYI. I haven’t forgotten about this. I’m still looking for an acceptable answer. Currently looking into model life cycle hooks and updateExistingPivot()
JamesTechDude
JamesTechDudeOP17mo ago
All good, thank you for the dedication!
tuto1902
tuto190217mo ago
Short Answer: Unfortunately, you can't have roles for each Tenant (company). Long Answer: A user role defines the identity of such user across all Panels and Tenants. If you identify a user as a "Client", this defines the user (and what the user can see and do) across all of the application (Panels, Tenants, Resources). Therefore you need to design your application around Roles first. Create a Panel just for Clients and another for Admins, for example. Decide what Resources the Client Panel has access to (maybe you just want them to see invoices and manage their own orders). If you decide to add multi-tenancy, then keep in mind this is third in the hierarchy (Roles being first, and Panels second). Think of it like this: a User has many or belongs to many Companies, and will have the same role in all of them. Having said that, there are ways to fine tune what a user can/cannot do with the Resources they have access to. By default, Filament will observe any model polices registered in your application. You can read more about Model Policies here: https://laravel.com/docs/10.x/authorization#creating-policies Sorry if the answer is not what you expected. I hope this gives a bit more clarity into the subject and that I was, at the very least, somewhat helpful.
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
JamesTechDude
JamesTechDudeOP17mo ago
Okay thank you. That's what I thought, I can't have Permissions for each Role. I just have to make it Role only and design each Panel based on that Role - and that's probably the easiest simplest idea until a potential package/etc is introduced I appreciate the help forsure, and the time you have put into helping me! And yes, they would have the same Role in all of them - no way to separate - so I'll keep that in mind with my designing as well I just thought of a different way to do it as well, where I have just 1 panel for Company. Within this Panel, I would only allow resources for certain Roles For instance, If they have Owner and Client Role, they would see all Owner and Client resources If they only had Client role, they would use the same Panel, but would only see Client resources - that may be the easier approach so they don't have to switch paths just to access a different Role. I just have to think more
tuto1902
tuto190217mo ago
Sound like a good idea 👍 Let me know how it goes. And if you need any more help, feel free to open a new post. Happy coding! 😉
JamesTechDude
JamesTechDudeOP17mo ago
By the way, I missed a step... https://filamentphp.com/docs/3.x/panels/tenancy#customizing-the-ownership-relationship-name This is mainly for things to belong to a company though, but I think this will let me get rid of updating the company_id through the create method in the model (when creating a new record) Don't miss this step like I did haha - I'll let you know if it fixes my issues 🙂
Want results from more Discord servers?
Add your server