When to move from different panels to user permissions.

I have the following situation: there is an invoices resource. admins can view and edit all invoices users can view and create invoices assingned to them managers view all invoices but not create new ones. my current implementation is to create a new panel for every user type, I am wondering if implementing user roles is worth it at the moment or should I stick with the current implementation. If I should go with user permissions what plugin should I use / does filament have a permission system of it's own?
4 Replies
ModestasV
ModestasV13mo ago
Filament uses policies for most of the actions. If it's not there, you can usually add it via ->hidden() attribute on a lot of things. There is Shield plugin that seems to be quite popular. As for when to move into different panels - that depends. In my eyes, I would only move to different panels if the forms differ. For example, it's not just limited who can do what with a resource, but which resources are managed by who. In your case, it seems like you focus on invoices and specific actions around them, so I'm not sure if it's the best option to split yet.
King Dice
King DiceOP13mo ago
the main difference between the invoice resource for admins and regular users is this line:
->modifyQueryUsing(fn (Builder $query) => $query->where('user_id', 'is', Auth::id()))
->modifyQueryUsing(fn (Builder $query) => $query->where('user_id', 'is', Auth::id()))
now that I think about it I could add a condition to apply this only if the logged in user is not an admin, but as the app grows I am sure I'll need to add more roles so this conditional will grow..
ModestasV
ModestasV13mo ago
You can add scopes for that, but I would not worry about this until you see the need. Unless you already know that it's going to be there 100% - then probably implementing something to manage it - would be beneficial
King Dice
King DiceOP13mo ago
sounds good, thanks for the help
Want results from more Discord servers?
Add your server