F
Filament4mo ago
WEBMAS

How to manage only your records (user_id)?

Hello everybody. How to manage only your records? I'm using filament shield. The table has a user_id field. How to link records to a user? If I uncheck "View Any" in the permissions settings, then the resource is 403. I expected that in this case the user would see only his own posts, but this is not the case. Why?
23 Replies
PabloZagni
PabloZagni4mo ago
Did you tried setting a global scope?
WEBMAS
WEBMAS4mo ago
I do not know what is this. I thought filament shield did everything for me. What do I need to do?
PabloZagni
PabloZagni4mo ago
I don't know filament shield. You can add a global scope to the model, like class Post extends Model { protected static function booted(): void { static::addGlobalScope('team', function (Builder $query) { if (auth()->hasUser()) { $query->where('team_id', auth()->user()->team_id); // or with a team relationship defined: $query->whereBelongsTo(auth()->user()->team); } }); } }
KingStalker
KingStalker4mo ago
@WEBMAS https://laravel.com/docs/11.x/eloquent#query-scopesW
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
WEBMAS
WEBMAS4mo ago
This is a solution for pure Laravel. Maybe this can be done in your own way through filament-shield?
kazuma
kazuma4mo ago
use roles and policies with filament shield
WEBMAS
WEBMAS4mo ago
Yes. I use it. But how can you make your posts appear?
kazuma
kazuma4mo ago
maybe share snippets of your code so we can take a look and give a feedback ? without knowing what you have and what you did we can't really help much about it if you are using vscode use codesnap plugin to take screenshots of your code and post it here
WEBMAS
WEBMAS4mo ago
No description
kazuma
kazuma4mo ago
the permissions saved the same in db ? i mean with :: not _ ?
WEBMAS
WEBMAS4mo ago
There are no problems with this. I need the user to see only his site posts. Only those where user_id matches his.
kazuma
kazuma4mo ago
have you tried getEloquentQuery ?
kazuma
kazuma4mo ago
WEBMAS
WEBMAS4mo ago
I'm currently on the documentation page for this method. But this goes beyond the filament shield. How should I then control this via the filament shield? Option 1 to do by analogy in the model: https://filamentphp.com/docs/3.x/panels/tenancy Option 2 done in the resource: https://filamentphp.com/docs/3.x/panels/resources/getting-started#customizing-the-resource-eloquent-query I don't know which option is more correct(((
kazuma
kazuma4mo ago
2 by resource shield just protect your routes and manage your app , it doesn't really have anything to do with data display
krekas
krekas4mo ago
you should learn more of laravel first...
WEBMAS
WEBMAS4mo ago
My solution: Model Post.php: 
...
protected static function boot(): void
    {
        parent::boot();

        static::addGlobalScope('user', function (Builder $query) {
            if (auth()->hasUser()) {
                $user = auth()->user();

                if (!$user->can('viewAny', self::class)) {
                    $query->where('user_id', $user->id);
                }
            }
        });

        static::creating(function (self $post) {
            if (auth()->hasUser()) {
                $post->user_id = $post->user_id ?? auth()->user()->id;
            }
        });
    }
...
...
protected static function boot(): void
    {
        parent::boot();

        static::addGlobalScope('user', function (Builder $query) {
            if (auth()->hasUser()) {
                $user = auth()->user();

                if (!$user->can('viewAny', self::class)) {
                    $query->where('user_id', $user->id);
                }
            }
        });

        static::creating(function (self $post) {
            if (auth()->hasUser()) {
                $post->user_id = $post->user_id ?? auth()->user()->id;
            }
        });
    }
...
PostPolicy.php: 
...
public function view(User $user, Post $post): bool
    {
        return $user->can('view_user::post') && ($this->viewAny($user) || $user->id === $post->user_id);
    }
...
...
public function view(User $user, Post $post): bool
    {
        return $user->can('view_user::post') && ($this->viewAny($user) || $user->id === $post->user_id);
    }
...
PostResource.php: 
...
public static function canAccess(): bool
    {
        return static::canCreate() || static::canReorder();
    }
...
...
public static function canAccess(): bool
    {
        return static::canCreate() || static::canReorder();
    }
...
krekas
krekas4mo ago
markdown is three ticks not one also, be very careful when using global scopes
WEBMAS
WEBMAS4mo ago
I do not quite understand in English. Do not quite understand. What are you talking about, can you say in more detail? Thank you.
krekas
krekas4mo ago
you posted a code and used ONE backtick to highlight it. that's not how markdown works. code should be in three backticks and even better provide a language in this case php
krekas
krekas4mo ago
WEBMAS
WEBMAS4mo ago
Oh, you're talking about this. Now I understand what you mean 😄 I decided to use global scopes because it would make the selection easier for those who don't need to see all the records. For example, if I display posts in Select, etc. If you do not use global scopes, then you will have to make a condition and a selection in each place where user_id=... (resources, fields and etc)
krekas
krekas4mo ago
it's ok if you know how to use it, just be careful when somewhere you will get different result
Want results from more Discord servers?
Add your server