F
Filament4mo ago
PabloZagni

createOptionForm not checking policys

Hi! I'm developing a Process management system. Each ticket has a "label" (urgent, need help, etc) If a user has not the role to create a label, the select label with a createOptionForm allows the user to create a label, it does not check the policy of the model. How can I solve this?
No description
5 Replies
LeandroFerreira
LeandroFerreira4mo ago
fn() => auth()->user()->can('xx') ? Ticketlabel::createForm() : null ?
PabloZagni
PabloZagniOP4mo ago
Shows an empty form
No description
403gtfo
403gtfo4mo ago
@PabloZagni Did you manage to find a solution to this? I've just realized the huge security hole I introduce due to this :S Ah just worked out: My solution for my country field The button still appears but action is blocked. 
Select::make('country_id')->relationship('country', 'name')
  ->rules(['integer', 'exists:countries,id'])
  ->searchable()
  ->preload()
  ->createOptionForm(
    fn(Request $request) => (
      $request->user()->cannot('create', Country::class)) ? abort(403) : CountryResource::formFields()
  ),
Select::make('country_id')->relationship('country', 'name')
  ->rules(['integer', 'exists:countries,id'])
  ->searchable()
  ->preload()
  ->createOptionForm(
    fn(Request $request) => (
      $request->user()->cannot('create', Country::class)) ? abort(403) : CountryResource::formFields()
  ),
kirakatou
kirakatou4mo ago
@J H u can use when for visibility 
Select::make('country_id')->relationship('country', 'name')
  ->rules(['integer', 'exists:countries,id'])
  ->searchable()
  ->preload()
  ->when(auth()->user()->can('create', Country::class), function ($field) {
      return $field->createOptionForm(fn() => CountryResource::formFields());
  })
Select::make('country_id')->relationship('country', 'name')
  ->rules(['integer', 'exists:countries,id'])
  ->searchable()
  ->preload()
  ->when(auth()->user()->can('create', Country::class), function ($field) {
      return $field->createOptionForm(fn() => CountryResource::formFields());
  })
PabloZagni
PabloZagniOP4mo ago
I'm very happy to contribute! I'll try your code
Want results from more Discord servers?
Add your server