F
Filamentβ€’3mo ago
Ookma-Kyi

Policy to allow admins to edit models in the admin panel

I am using the following code inside the policy class for the Duel model to prevent users from editing the model unless they are the opponent. However I want admins to be able to edit the model inside the filament panel. 
/**
     * Determine whether the user can update the model.
     */
    public function update(User $user, Duel $duel): bool
    {
        \Log::info("Filament Auth Check: " . Filament::auth()->check());
        \Log::info("User is Admin: " . $user->hasRole('admin'));
        if (Filament::auth()->check() && $user->hasRole('admin')) {
            return true;
        }

        return $user->id === $duel->opponent->user->id;
    }
/**
     * Determine whether the user can update the model.
     */
    public function update(User $user, Duel $duel): bool
    {
        \Log::info("Filament Auth Check: " . Filament::auth()->check());
        \Log::info("User is Admin: " . $user->hasRole('admin'));
        if (Filament::auth()->check() && $user->hasRole('admin')) {
            return true;
        }

        return $user->id === $duel->opponent->user->id;
    }
After debugging my code I get the following output: 
[2025-02-07 19:23:01] local.INFO: Filament Auth Check: 1  
[2025-02-07 19:23:01] local.INFO: User is Admin: 1  
[2025-02-07 19:23:01] local.INFO: Filament Auth Check: 1  
[2025-02-07 19:23:01] local.INFO: User is Admin: 1
I noticed Filament::auth()->check() is always returning true, even if the admin panel isn't being accessed. I even tried this variation: 
/**
     * Determine whether the user can update the model.
     */
    public function update(User $user, Duel $duel): bool
    {
        \Log::info("Filament Auth Check: " . Filament::auth()->check());
        \Log::info("User is Admin: " . $user->hasRole('admin'));
        if (Filament::auth()->check() && $user->hasRole('admin')) {
            if (request()->routeIs('filament.resources.models.edit')) {
return true;
}
        }

        return $user->id === $duel->opponent->user->id;
    }
/**
     * Determine whether the user can update the model.
     */
    public function update(User $user, Duel $duel): bool
    {
        \Log::info("Filament Auth Check: " . Filament::auth()->check());
        \Log::info("User is Admin: " . $user->hasRole('admin'));
        if (Filament::auth()->check() && $user->hasRole('admin')) {
            if (request()->routeIs('filament.resources.models.edit')) {
return true;
}
        }

        return $user->id === $duel->opponent->user->id;
    }
The issue if the filament check code always return false and admins can't edit the model.
3 Replies
πŸ…Έ πŸ…°πŸ…Ό πŸ…³πŸ…°πŸ…³πŸ…ΌπŸ…ΈπŸ…½
πŸ…Έ πŸ…°πŸ…Ό πŸ…³πŸ…°πŸ…³πŸ…ΌπŸ…ΈπŸ…½β€’3mo ago
You are over complicating it I think? Try removing the auth->check from the if and simply return true if hasRole and routeIs? For readability maybe change your other return to be wrapped in an if and return true, and add a return false at the end?
Ookma-Kyi
Ookma-KyiOPβ€’3mo ago
Nope that didn't work. 
    public function update(User $user, Duel $duel): bool
    {
        \Log::info("User is admin: " . $user->hasRole('admin'));
        \Log::info("Route: " . request()->route()->uri());
        if (request()->routeIs('filament.resources.models.edit') && $user->hasRole('admin')) {
            return true;
        }

        if ($user->id === $duel->opponent->user->id) {
            return true;
        }
        
        return false;
    }
    public function update(User $user, Duel $duel): bool
    {
        \Log::info("User is admin: " . $user->hasRole('admin'));
        \Log::info("Route: " . request()->route()->uri());
        if (request()->routeIs('filament.resources.models.edit') && $user->hasRole('admin')) {
            return true;
        }

        if ($user->id === $duel->opponent->user->id) {
            return true;
        }
        
        return false;
    }
Log: 
[2025-02-09 22:18:39] local.INFO: User is admin: 1  
[2025-02-09 22:18:39] local.INFO: Route: admin/duels  
[2025-02-09 22:18:49] local.INFO: User is admin: 1  
[2025-02-09 22:18:49] local.INFO: Route: admin/duels/{record}/edit
[2025-02-09 22:18:39] local.INFO: User is admin: 1  
[2025-02-09 22:18:39] local.INFO: Route: admin/duels  
[2025-02-09 22:18:49] local.INFO: User is admin: 1  
[2025-02-09 22:18:49] local.INFO: Route: admin/duels/{record}/edit
toeknee
toekneeβ€’3mo ago
route would be: filament.admin.resources.models.edit I believe.... Log each condition you check

Did you find this page helpful?