Allowing view to a resource for unauthenticated users
Writing a test app to give Filament v3 a try. The app requires an authenticated user to add or customize data, but browsing/viewing/searching is available freely. As an example of what I'm looking for - I am looking to display the table that shows up when you click a resource in the default
/admin
control panel as /
and allow anyone to filter or view it. It seems like something that should be easy but I'm missing it.Solution:Jump to solution
1. Create your Admin panel, and your Resource to fully admin the model data as an Admin.
2. Create another Panel (perhaps call it "app"), for guest access.
Customize that panel:
- set its path:
->path('/')
because you said you want it at '/'...GitHub
demo/app/Filament/Widgets/LatestOrders.php at main · filamentphp/demo
Source code for the demo.filamentphp.com website. Contribute to filamentphp/demo development by creating an account on GitHub.
2 Replies
Solution
1. Create your Admin panel, and your Resource to fully admin the model data as an Admin.
2. Create another Panel (perhaps call it "app"), for guest access.
Customize that panel:
- set its path:
->path('/')
because you said you want it at '/'
- remove the ->login()
- remove the default Authenticate
class from ->authMiddleware()
- remove the default AccountWidget
(because it'll throw a bunch of errors about unable to find AvatarUrl and user Name, when its template tries to render for a non-logged-in "user")
(Also remove Laravel's default '/'
route from routes/web.php
else it will conflict.)
3. If the data is basically read-only, then the SIMPLEST solution is to create a custom Table Dashboard to view the data (you can see an example of one in the Filament Demo: scroll to the bottom to see LatestOrders )
4. But if you need more complexity or truly want it to be a Resource with Guest access:
Update the panel:
- in the app Panel, if the discussed Resource is in a different Namespace, make sure to add a ->resources([ResourceClassName::class])
to the panel.
Use Policies for security:
- Create Model Policy for the model, and in the viewAny()
and view()
methods, change the User $user
param to ?User $user
so that it's optional (ie: guest allowed), and return true;
.
For the other model methods, add appropriate logic to allow Admins to perform those actions. (maybe $user
is not null, or $user->hasRole('Admin')
(if you have a hasRole()
method on your User model), etc.
The Policy is the key to your security controls: documented in Laravel docs. Filament just uses the policy that you put into Laravel.
- and if there are things that the Policy isn't restricting access to (like actions/fields), be sure to use the hidden()
or visible()
features in the Resource definitions of fields/actions/etc to control who can access them.GitHub
demo/app/Filament/Widgets/LatestOrders.php at main · filamentphp/demo
Source code for the demo.filamentphp.com website. Contribute to filamentphp/demo development by creating an account on GitHub.
Thanks! This is great & exactly what I was looking for - I think the custom table dashboard is what the dr ordered (so to speak)...Thanks again!