How to Authenticate User based on their Status, and also hide few Resource Pages based on the Role

Sorry if this has already been asked but I couldn't find it, I want to basically whenever someone is trying to login into the dashboard, I want to also check if the user being logged in has their Status='Approved' or not in the SQL Table, I just have the base authentication page automatically made so I am not sure where to edit it, and also it would be great if it could also show an error saying the user is not approved. and also, I have some pages like Users, Products etc that I only want to show for the admin and I have a column called 'role' in my database and there are two types, Admin and User Thank you!
Solution:
and also, I have some pages like Users, Products etc that I only want to show for the admin and I have a column called 'role' in my database and there are two types, Admin and User
Laravel model policies can be used for this. The Filament docs explain it more, and the Laravel docs explain how to create the policy and how it works. https://filamentphp.com/docs/3.x/panels/resources/getting-started#authorization https://laravel.com/docs/authorization#creating-policies...
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
Jump to solution
20 Replies
krekas
krekas•12mo ago
First check docs for authorization
Billi 🌻
Billi 🌻OP•12mo ago
I did try reading it but I couldn't understand it
krekas
krekas•12mo ago
Then read laravel docs. Check tutorials for policies
Michal ÄŚabala
Michal Čabala•12mo ago
1. For custom login page and behaviour, check this tutorial: https://laraveldaily.com/post/filament-3-login-with-name-username-or-email But you need to customize it for your needs. 2. Try looking at the Shield plugin. I think it's very easy to use and it's working very well for me.
Solution
DrByte
DrByte•12mo ago
and also, I have some pages like Users, Products etc that I only want to show for the admin and I have a column called 'role' in my database and there are two types, Admin and User
Laravel model policies can be used for this. The Filament docs explain it more, and the Laravel docs explain how to create the policy and how it works. https://filamentphp.com/docs/3.x/panels/resources/getting-started#authorization https://laravel.com/docs/authorization#creating-policies
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
Michal ÄŚabala
Michal Čabala•12mo ago
Also, what User status = approved means? According on what conditions? Do you have more statuses? Some things can be done in easier ways that are in Laravel (and Filament core) like softdeletes etc.
Billi 🌻
Billi 🌻OP•12mo ago
Thank you so much for this, I'm not exactly looking to make a custom page, I was just thinking maybe if it runs a query on mysql and fetches all the users and if the credentials match, it logs in, and I was hoping to check status from that user data as well I see, I'll take a deeper look at the docs again, thank you. Appreciate it. User status approved means that, let's say I run this query, SELECT * FROM users and I get all the users, and then authenticate, so I want to check inside the User data, and one of the column from my database is status and I am checking if that one has it's value as approved
awcodes
awcodes•12mo ago
You shouldn’t need to query all the users. Laravel’s authentication will return the user as authenticated or not. Then you would authorize them based on the properties of the authenticated user. Authentication and authorization are two separate concepts. So a user is authenticated if the email and password are correct. But they are only authorized to access the app if they are “approved”
Billi 🌻
Billi 🌻OP•12mo ago
Yeah I realized I can actually do these check on the Laravel side where I'm getting the user based on the credentials and like also check for
WHERE status="approved"
WHERE status="approved"
or however it's done on Laravel. I recently moved to Laravel so I'm struggling, thanks a lot for this.
awcodes
awcodes•12mo ago
Hang in there. It’ll all start to add up. All of Filaments auth logic defaults to laravel. It doesn’t do anything opinionated with it.
Billi 🌻
Billi 🌻OP•12mo ago
Okay, thank you I'm really liking Filament and how convenient it is. I'm coming from Flutter. One last thing, can you please tell me if I make an admin using the filament panel, where does it usually make the calls if you can specify. It's okay, I'll look for it myself too
awcodes
awcodes•12mo ago
What calls are you referring to?
Billi 🌻
Billi 🌻OP•12mo ago
Sorry for the confusion, I meant the one that is basically checks the authentication at admin/login, and it's the default one that filament makes.
awcodes
awcodes•12mo ago
It’s laravel’s authentication method.
Billi 🌻
Billi 🌻OP•12mo ago
Okay, thank you, I'll take a look at it. Sorry for confusion.
awcodes
awcodes•12mo ago
Check the Login class and the Authenticate middleware in filaments core. Should give you some insight. It’s in the Panels package on GitHub.
Billi 🌻
Billi 🌻OP•12mo ago
Yes, I'll take a look at that. Thanks
krekas
krekas•12mo ago
Just add logic to canAccessFilament() method on a user model
Billi 🌻
Billi 🌻OP•12mo ago
Thanks for the help everyone, I've managed to do it
Want results from more Discord servers?
Add your server