canAccess() is called on every page/resource AFTER logout resulting in an exception?

I use a default panel for Filament but I have problems on using the default logout - either frm the user dropdown in the top navigation bar or using the account widget logout button. After clicking logout Filament redirects and calls the /logout route using a POST request. During that I get an error 500 and the following exception (see logs attached). This is the method that produces the error from my FeatureSettingsPage:
public static function canAccess(): bool
{
return auth()->user()?->isAdmin();
}
public static function canAccess(): bool
{
return auth()->user()?->isAdmin();
}
So there is nothing special here. But the problem is very strange: Why should Filament call this method? After logging out I should be redirected to the login page and there is no need to call the canAccess() method on specific pages? I tried to return just true in the canAccess()-method but then Filament just calls the next canAccess-method from another page and so on. I removed the path for the panel provider because I want to host the default panel on the default path without any prefix: From my App\Providers\Filament\AppPanelProvider:
public function panel(Panel $panel): Panel
{
return $panel
->maxContentWidth(MaxWidth::Full)
->default()
->id('app')
->path('')
...
]);
}
}
public function panel(Panel $panel): Panel
{
return $panel
->maxContentWidth(MaxWidth::Full)
->default()
->id('app')
->path('')
...
]);
}
}
2 Replies
Cole Shirley
Cole Shirley7d ago
I'm adding a warning to the docs about this and I found the root cause if you want to look at the readme in my demo app https://github.com/filamentphp/filament/pull/14609
Kane G
Kane G7d ago
The problem is strange in that the nav runs first before the redirect but that could be for a number of reasons. Realistically you should be making sure your functions return the correct type anyway. That function you posted above, has the possibility to return null but specifying only a bool can be returned.
public static function canAccess(): bool
{
return auth()->user()?->isAdmin() ?? false;
}
public static function canAccess(): bool
{
return auth()->user()?->isAdmin() ?? false;
}
Would be a better way to check and ensure when auth()->user() is null it will return false.
Want results from more Discord servers?
Add your server