F
Filament3mo ago
egmose5492dk

Only access to certain resulsts in resource - How do i limit that?

Hi, I´m working on a project, and really cant get my head around this issue. In my model, i have made a check, to see which entries the user can edit - That works like a charm, and the user is only able to see ones they can edit in the list. ´´´->query(static::getAuthorizedModelQuery())´´´´ But in the edit view, the user can basicly just change the ID in the URL and chenge everything. I have mad a policy, and thought i should look in the update function - But that removes the edit availablity completely. How do i achieve so the user only can edit the ones they have access to? 
    public function update(User $user, Marina $marina): bool
    {
        // Check if the user has the 'admin' role
        if ($user->hasRole('admin')) {
            return true; // Admin can update any marina
        }
        
        // Check if the user has the 'marina_manager' role and if they can manage this specific marina
        if ($user->hasRole('marina_manager') && $user->canManageMarinas->contains('marina_id', $marina->id)) {
            return true; // Marina manager can update this marina
        }
        
        return false; // User does not have permission to update this marina
    }
    public function update(User $user, Marina $marina): bool
    {
        // Check if the user has the 'admin' role
        if ($user->hasRole('admin')) {
            return true; // Admin can update any marina
        }
        
        // Check if the user has the 'marina_manager' role and if they can manage this specific marina
        if ($user->hasRole('marina_manager') && $user->canManageMarinas->contains('marina_id', $marina->id)) {
            return true; // Marina manager can update this marina
        }
        
        return false; // User does not have permission to update this marina
    }
No description
2 Replies
John
John3mo ago
->contains('marina_id', $marina->id) looks suspicious
egmose5492dk
egmose5492dk3mo ago
@John Your´e absolutely right. Right after i made this post, i rewrote it a bit, to get the marinas accesible from the model, and now it seems to be working as expected. 
    public function update(User $user, Marina $marina): bool
    {
        // Check if the user has the 'admin' role
        if ($user->hasRole('admin')) {
            return true; // Admin can update any marina
        }
        
        // Use the same logic as the 'editable' scope in the Marina model
       ** if ($user->hasRole('marina_master')) {
            return $marina->canManageMarinas()->where('user_id', $user->id)->exists();
        }**
        
        return false; // User does not have permission to update this marina
    }
    
    public function update(User $user, Marina $marina): bool
    {
        // Check if the user has the 'admin' role
        if ($user->hasRole('admin')) {
            return true; // Admin can update any marina
        }
        
        // Use the same logic as the 'editable' scope in the Marina model
       ** if ($user->hasRole('marina_master')) {
            return $marina->canManageMarinas()->where('user_id', $user->id)->exists();
        }**
        
        return false; // User does not have permission to update this marina
    }
Thanks 🙂
Want results from more Discord servers?
Add your server
More Posts
Moving route registration removes theme css stylingI want to dynamically determine resource pages. Old setup works: ```php // app/Filament/Resources/REach repeater action takes a long time (livewire/update)Since each action with the repeater is accompanied by a call to livewire/update, in my case it takes->money() is rounding?Using this text column ```php TextColumn::make('total_pay') ->label('ToModify Create Another Functions in a Modal RelationsmanagerI have a StepsRelationsManager, the step is incremented per title, it works fine when I use create .How can I refresh the page after a filter is changedHey all, I am currently looking for a way to refresh the whole page whenever a filter of a table is display create button by conditionhello i want to display create button of header by condition how should i do that? i tried to custo