F
Filamentβ€’3mo ago
ChesterS

Resource visible in sidebar even if `viewAny()` returns false

As per title, I have a resource that's only available to certain users. According to the docs here https://filamentphp.com/docs/3.x/panels/resources/getting-started#authorization the link should not be visible if they don't have access to it. However, that's not the case for me. They can still see the link but they get a 403 when trying click on it (as expected) The navigation menu is build 'manually' 
->navigation(function (NavigationBuilder $builder): NavigationBuilder {
    return $builder
        ->groups([
            NavigationGroup::make('Setup')
                ->items([
                    ...TeamResource::getNavigationItems(), // Do I need to do anything here?
                ]),
        ])
    })
->navigation(function (NavigationBuilder $builder): NavigationBuilder {
    return $builder
        ->groups([
            NavigationGroup::make('Setup')
                ->items([
                    ...TeamResource::getNavigationItems(), // Do I need to do anything here?
                ]),
        ])
    })
(not sure what else I need to provide. The resource itself is as boilerplate as it gets) When I put a breakpoint in the viewAny() call in the policy, it looks like it's never hit. Am I missing something or doing something wrong?
9 Replies
Lara Zeus
Lara Zeusβ€’3mo ago
test it the policies working correctly without the manual navigation menu! disable ->navigation(..)
ChesterS
ChesterSOPβ€’3mo ago
When I remove the ->navigation(), the link does disappear so the policy works :/ I tried all the general steps (clear cache/rebuild permission cache etc) FWIW, i'm on the latest version (v3.2.115)
toeknee
toekneeβ€’3mo ago
On the navigation have it set as visible when they don't match the policy? 
->visible(auth()->user()->can('viewAny TheModel'))
->visible(auth()->user()->can('viewAny TheModel'))
ChesterS
ChesterSOPβ€’3mo ago
Sorry I don't understand. Where would that go? I created a workaound like this 
NavigationItem::make('Teams')
    ->visible(\Auth::user()->can('viewAny', Team::class))
    ->isActiveWhen(fn (): bool => request()->routeIs('filament.admin.pages.teams'))
    ->url(fn (): string => TeamResource::getUrl()),
NavigationItem::make('Teams')
    ->visible(\Auth::user()->can('viewAny', Team::class))
    ->isActiveWhen(fn (): bool => request()->routeIs('filament.admin.pages.teams'))
    ->url(fn (): string => TeamResource::getUrl()),
but that kind of defeats the purpose if I have to do it for all resources :/
toeknee
toekneeβ€’3mo ago
Exactly where you put it tbh You don't but I believe you do when you define a custom navigation Why are you using a custom navigation if not to customise it?
ChesterS
ChesterSOPβ€’3mo ago
Sure, customise it, but not have to re-do all the defaults/existing functionality. I use it mostly because it's easier to re-order the navigation the way I want without having to keep track of $navigationSort over 15 files :/ Another workaround is this 
TeamResource::getNavigationItems()[0]
    ->visible(\Auth::user()->can('viewAny', Team::class)),
TeamResource::getNavigationItems()[0]
    ->visible(\Auth::user()->can('viewAny', Team::class)),
Which is not ideal either 😬 Honestly, i really feels like I'm missing something here
toeknee
toekneeβ€’3mo ago
Just use sort... and instead of 1, 2, 3, do: 100, 200, 300, 400 per resource and then per group for any additional pages do the 101, 102, etc?
Lara Zeus
Lara Zeusβ€’3mo ago
about to suggest the same thing, I have over 30 resource, and only using sort and let filament build the menu, if you want to do it manually, then you will end up repeating all methods (visible,icon,groups etc)
ChesterS
ChesterSOPβ€’3mo ago
I'm already doing that though and I have more than one panels, with different menus. Anyway, I'll use the TeamResource::getNavigationItems()[0] way until (or if) I figure out a better way. Thank you both for your time πŸ™‡
Want results from more Discord servers?
Add your server