Explicitly define which policy to use in filament resource?

Here is my setup: I have a regular User model. I have Superadmin and Admin classes which extend the User class. I have set global scope in Superadmin and Admin class to filter out by role super-admin and admin. I also override the getMorphClass in User model to return User class always. This setup worked for me until I ran into filament. Now filament uses model policies for authorization. I have created UserPolicy, SuperadminPolicy, AdminPolicy. In my app superadmins can create, update, delete and view admins. So, I have configured my policy like this. Now filament comes in, I login to superadmin panel. I can see, view and create admins. I am also able to see edit record button in the table. I can go to edit record page also. When i hit the SAVE button, BOOM it throws me 403 unauthorized. I traced back the 403 exception and found out that filament is looking into update action of UserPolicy which is different from AdminPolicy. Is there any way to tell filament that it should look into AdminPolicy instead of UserPolicy
5 Replies
DrByte
DrByte12mo ago
I don't have the answer, but code-diving reveals: - the Resource calls the authorize() helper at https://github.com/filamentphp/filament/blob/a6705a6ee7c957fcec038e6d8a83c04f16749591/packages/panels/src/Resources/Resource.php#L206 - and the helper at https://github.com/filamentphp/filament/blob/a6705a6ee7c957fcec038e6d8a83c04f16749591/packages/panels/src/helpers.php#L23 ... calls Laravel's Gate::getPolicyFor() according to the model that was passed.
GitHub
filament/packages/panels/src/helpers.php at a6705a6ee7c957fcec038e6...
A collection of beautiful full-stack components for Laravel. The perfect starting point for your next app. Using Livewire, Alpine.js and Tailwind CSS. - filamentphp/filament
GitHub
filament/packages/panels/src/Resources/Resource.php at a6705a6ee7c9...
A collection of beautiful full-stack components for Laravel. The perfect starting point for your next app. Using Livewire, Alpine.js and Tailwind CSS. - filamentphp/filament
Pulpsting0610
Pulpsting0610OP12mo ago
Yeah. Thanks for the details. I will look into it how I can solve this. For now I am just overriding canEdit method in Edit pages. This is not an optimal solution but works for now.
DrByte
DrByte12mo ago
Yes, actually that's probably the most direct solution given the various extended classes and overrides you've made to your app.
Pulpsting0610
Pulpsting0610OP12mo ago
And this is how the code becomes legacy😆 😢
DrByte
DrByte12mo ago
How true, right?! 🤦‍♂️
Want results from more Discord servers?
Add your server