F
Filament4w ago
Roland Barkóczi

Customize relationManager authorization

Hello guys, how can I customize a relationManager authorization? Use case: I have an event (of an organization) and there are employees assigned to events who can have different permissions. The EventResource has different relations (Attendees, PointOfSales, etc), and I want to control the authorization of these relations, but I need the event id in the Policies. How could I inject the current ownerRecord to the Policy methods, eg: viewAny($user, Event $event) of edit($user, $attendee, $event) ?
1 Reply
Roland Barkóczi
Roland BarkócziOP4w ago
Finally figured out : Just redefine the can and canViewForRecord functions in my relationManager classes: 
 public static function canViewForRecord(Model $ownerRecord, string $pageClass): bool
    {
        $model = $ownerRecord->{static::getRelationshipName()}()->getQuery()->getModel()::class;
        try {
            return  Gate::forUser(auth()->user())
               ** ->authorize('viewAny', [$model, $ownerRecord])**
                ->allowed();
        } catch (AuthorizationException $exception) {
            return $exception->toResponse()->allowed();
        }
    }

    protected function can(string $action, ?Model $record = null): bool
    {
        if (static::shouldSkipAuthorization()) {
            return true;
        }

        $model = $this->getTable()->getModel();
        $ownerRecord = $this->getOwnerRecord();
        try {
            return  Gate::forUser(auth()->user())
                ->authorize(
                    $action,
                    **[
                        $record ?? $model,
                        $ownerRecord
                    ]**
                )
                ->allowed();
        } catch (AuthorizationException $exception) {
            return $exception->toResponse()->allowed();
        }
    }
 public static function canViewForRecord(Model $ownerRecord, string $pageClass): bool
    {
        $model = $ownerRecord->{static::getRelationshipName()}()->getQuery()->getModel()::class;
        try {
            return  Gate::forUser(auth()->user())
               ** ->authorize('viewAny', [$model, $ownerRecord])**
                ->allowed();
        } catch (AuthorizationException $exception) {
            return $exception->toResponse()->allowed();
        }
    }

    protected function can(string $action, ?Model $record = null): bool
    {
        if (static::shouldSkipAuthorization()) {
            return true;
        }

        $model = $this->getTable()->getModel();
        $ownerRecord = $this->getOwnerRecord();
        try {
            return  Gate::forUser(auth()->user())
                ->authorize(
                    $action,
                    **[
                        $record ?? $model,
                        $ownerRecord
                    ]**
                )
                ->allowed();
        } catch (AuthorizationException $exception) {
            return $exception->toResponse()->allowed();
        }
    }
Want results from more Discord servers?
Add your server