F
Filament12mo ago
Tiago Moises

filament not login inactive user?

I managed to implement it using the code below: public function canAccessPanel(Panel $panel): bool { return $this->is_active == true ; } The problem is that it returns page 403 FORBIDDEN, and I can no login access the admin/login route to log in with another user. It always stays on page 403 FORBIDDEN What solution to this problem?
7 Replies
jaocero
jaocero12mo ago
You can delete the session in the browser session storage and try to refresh the page again.
Hussain4real
Hussain4real12mo ago
Is the user you're trying to login with has the 'is_active' attribute to be true?
Tiago Moises
Tiago MoisesOP12mo ago
Even if I type the url /admin/login it is not directed to the login screen. It is only on screen 403 I wouldn't want to do that, but it will be an option at the moment. Tks
Hussain4real
Hussain4real12mo ago
That's because the session is still active Try the url/dashboard for default Laravel, there you will know if the user is logged in then you can logout
Rahman Ramsi
Rahman Ramsi12mo ago
you can use a middleware to check if the user is active, if not then logout the user
Watoka
Watoka12mo ago
I use this: 
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class EnsureUserIsActive
{

    public function handle(Request $request, Closure $next)
    {
        if (!$request->user()->isActive()) {
            \Session::flush();
            abort(403, 'Your account is inactive.');
        } else {
            return $next($request);
        }
    }
}
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class EnsureUserIsActive
{

    public function handle(Request $request, Closure $next)
    {
        if (!$request->user()->isActive()) {
            \Session::flush();
            abort(403, 'Your account is inactive.');
        } else {
            return $next($request);
        }
    }
}
And in the panel provider: 
 ->authMiddleware([
        Authenticate::class,
        EnsureUserIsActive::class,
    ])
 ->authMiddleware([
        Authenticate::class,
        EnsureUserIsActive::class,
    ])
DrByte
DrByte12mo ago
Agreed: the middleware approach is probably best. The reason the user is "stuck" on a 403, is because all the routes they're "hitting" are part of the panel that you've sent canAccessPanel() .... false. Another way around, which is more friendly than the default 403, is a custom 403 page, on which you provide some friendlier text and optionally some links to other parts of the app. And maybe even a logout button (which has to be a form submit button, not just a link), depending on what you want that inactive user to do.
Want results from more Discord servers?
Add your server