Model Policy on page not working
I followed this https://filamentphp.com/docs/3.x/tables/adding-a-table-to-a-livewire-component#adding-the-table to create a table inside a page. Even if I remove the header buttons:
->bulkActions([
Tables\Actions\BulkActionGroup::make([
Tables\Actions\DeleteBulkAction::make(),
]),
]); it should probably just hide the button, anyway in my case i need to show the checkboxes, so I keep the buttons for now. What i would like you to help me is apply my policy on this table. i have this:
protected $policies = [
Order::class => OrderPolicy::class,
];
on OrderPolicy.php:
public function delete(User $user, Order $model): bool
{ logger("delete");
return $user->can('SuperAdmin');
}
but this method is never called when record is deleted.
7 Replies
Bulk deleted don't follow
delete policy I think. It's for single deletionsYes, as @Dennis Koch said, the bulk action delete related to deleteAny method in policy. It doesn't came by default when create the policy from command. You have to add it the policy file like following:
Hmm, after several tests, this is indeed the case for resources, but not for pages, so policies are still not called.
I've tried several combinations :
😁 I know some does not exist.
My page:
I even tried to add this:
The only thing working is to overwrite delete Model method:
But this is not policy at all, I would like to make sure policy work at all time.
Yeah might be that policies are only attached for resources and you need to manually set authorization on custom pages
It supposed to be attached to the model because the $policies array contains models.
Should I then set authorization on page like?:
Because this is not working either. I'm using Order model inside Billing page.
Didn't notice that you use a custom page. In that case, you have to chain
->authorize('deleteAny', YourModel::class) with your DeleteBulkActionHmm, if i attach it to the button it will secure only that button , what if someone manage to send the delete request to my instance/model.