Where is the Filament\Actions\Concerns\CanBeHidden::authorize() method in the documentation ?
Hello. I was looking through Filament's documentation, and I have found no mentions of the authorize() method. I want to use this method to allow only admins to click a certain button in my infolist view, and I'm not sure if the authorize() method only hides the button, or if a non-admin user calls the endpoint, they'll get a 403. Does anybody know where in the docs this method is explained ? Thank you π
8 Replies
Thank you for the response. I don't see the authorize() method on the page that you've provided. My code looks something like this: , and Action is: Filament\Infolists\Components\Actions\Action
not sure if I can explain it, but I believe using authorize is an alternative for controlling action visibility based on policies, abilities... you can use as your example and
->visible() or ->hidden() will have the same result.Hmm, oke. Do you know if they also throw a 403 if an unauthorised user tries to send a request to the action, or only hide the action button ?
only hide I think
It would make sense, based on the name of the methods. Thank you very much for the answers.
Excuses for the late answer. You can use the visible() or hidden() to conditionally show/hide the action button.
In the ->action() method you can call a method on your livewire component where you can actually check the authorization.
Something like:
->action(fn(array $data, Clubmember $record, EditClubmember $livewire) => $livewire->changeDepartment($record, $data)),
public function changeDepartment(Clubmember $record, array $data): void
{
if (!filament()->auth()->user()->can('update_dept_clubmember', $record)) {
return;
}
$record->departments = $data['departments'];
$record->save();
}
I see. Thank you for the response, no worries about the timing, knowledge is always welcome from my pov π