F
Filament7mo ago
Pulpsting0610

Explicitly define which policy to use in filament resource?

Here is my setup: I have a regular User model. I have Superadmin and Admin classes which extend the User class. I have set global scope in Superadmin and Admin class to filter out by role super-admin and admin. I also override the getMorphClass in User model to return User class always. This setup worked for me until I ran into filament. Now filament uses model policies for authorization. I have created UserPolicy, SuperadminPolicy, AdminPolicy. In my app superadmins can create, update, delete and view admins. So, I have configured my policy like this. Now filament comes in, I login to superadmin panel. I can see, view and create admins. I am also able to see edit record button in the table. I can go to edit record page also. When i hit the SAVE button, BOOM it throws me 403 unauthorized. I traced back the 403 exception and found out that filament is looking into update action of UserPolicy which is different from AdminPolicy. Is there any way to tell filament that it should look into AdminPolicy instead of UserPolicy
5 Replies
DrByte
DrByte7mo ago
I don't have the answer, but code-diving reveals: - the Resource calls the authorize() helper at https://github.com/filamentphp/filament/blob/a6705a6ee7c957fcec038e6d8a83c04f16749591/packages/panels/src/Resources/Resource.php#L206 - and the helper at https://github.com/filamentphp/filament/blob/a6705a6ee7c957fcec038e6d8a83c04f16749591/packages/panels/src/helpers.php#L23 ... calls Laravel's Gate::getPolicyFor() according to the model that was passed.
GitHub
filament/packages/panels/src/helpers.php at a6705a6ee7c957fcec038e6...
A collection of beautiful full-stack components for Laravel. The perfect starting point for your next app. Using Livewire, Alpine.js and Tailwind CSS. - filamentphp/filament
GitHub
filament/packages/panels/src/Resources/Resource.php at a6705a6ee7c9...
A collection of beautiful full-stack components for Laravel. The perfect starting point for your next app. Using Livewire, Alpine.js and Tailwind CSS. - filamentphp/filament
Pulpsting0610
Pulpsting06107mo ago
Yeah. Thanks for the details. I will look into it how I can solve this. For now I am just overriding canEdit method in Edit pages. This is not an optimal solution but works for now.
DrByte
DrByte7mo ago
Yes, actually that's probably the most direct solution given the various extended classes and overrides you've made to your app.
Pulpsting0610
Pulpsting06107mo ago
And this is how the code becomes legacy😆 😢
DrByte
DrByte7mo ago
How true, right?! 🤦‍♂️
Want results from more Discord servers?
Add your server
More Posts
UPDATE TABLEthere's a way to update your data table, while your filter isn't complete? I'm trying but my filter Plugin v2 -> v3 upgrade - custom view page not showing header actionsMy header actions are not displaying on the page. According to the docs should be auto-magic https:Edit page as Index resource pageI have a resource that I want users to only edit. It doesn't make sense to show an index page with aTabs with data from other tablesHello everyone, I wanted to know if it's possible, during the client editing phase, to insert tabs summarizer "all pages" custom record title attribute forHi, how can I specify the label for "all pages" in a summerizer? Currently, the class name of the mChange "Submit" button text on an Action Modal?Can you change the text on the "submit" button in an action modal?Refresh/Reload Repeater after record createI have a Page model that has a MorphMany relation with a Url model. I use the `saved` event when I screate a user and send a verification emailHas anyone managed to create a user and then send a verification email, for example via mailcatcher Bug? Checkbox value always get send to save.I installed this plugin (https://v2.filamentphp.com/plugins/logger) inlcuding the underlying packaghow to redirect to a resource after loginhow to redirect user to a resource after login