lukasinko
lukasinko
PostsComments
FFilament
Created by Jamie Cee on 10/9/2024 in #❓┊help
deleteAny policy - prevent self deletion
I've found one can probably also do something like in UserResource 
Tables\Actions\DeleteBulkAction::make()
                        ->before(function (Tables\Actions\DeleteBulkAction $action, Collection $records) {
                            if($records->filter(fn($record) => $record->id === auth()->user()->id)->count() !== 0){
                              //optionally show some notification
                              $action->halt();
                             }
                        }
Tables\Actions\DeleteBulkAction::make()
                        ->before(function (Tables\Actions\DeleteBulkAction $action, Collection $records) {
                            if($records->filter(fn($record) => $record->id === auth()->user()->id)->count() !== 0){
                              //optionally show some notification
                              $action->halt();
                             }
                        }
6 replies
FFilament
Created by Jamie Cee on 10/9/2024 in #❓┊help
deleteAny policy - prevent self deletion
I'm curious about this too.
6 replies
FFilament
Created by optimalspieler on 8/7/2024 in #❓┊help
Question regarding docs / security: "This is not an issue with mass assignment."
Thank you @Dennis Koch for clarification.
5 replies
FFilament
Created by optimalspieler on 8/7/2024 in #❓┊help
Question regarding docs / security: "This is not an issue with mass assignment."
I would like to understand that sentence as well.
5 replies
FFilament
Created by lukasinko on 10/18/2024 in #❓┊help
Global authorization on Laravel model level
I was probably wrong about this one. The posts are FilamentResources, so posts.edit livewire component is secured via the filament policy by default. So it was more about hiding button, which would lead to 403 anyway.
4 replies
FFilament
Created by lukasinko on 10/18/2024 in #❓┊help
Global authorization on Laravel model level
Based on https://laraveldaily.com/post/filament-show-hide-visible-fields-roles-permissions, i've noticed that this documentation https://filamentphp.com/docs/3.x/actions/trigger-button#authorization shoud be probably rewritten to somehow show, that this is a potential security risk. That hiding isn't secure way. That it needs some complementatory auth check.
4 replies
FFilament
Created by lukasinko on 10/18/2024 in #❓┊help
Global authorization on Laravel model level
What motivated me to this question, is related issue https://github.com/filamentphp/filament/discussions/13845. Thanks for any input on this topic
4 replies
FFilament
Created by Rafiisetiawan on 10/16/2024 in #❓┊help
Issue: Filament Shield - Permissions and Roles for Models Without Filament Resources Not Visible or
You need to have 'custom_permissions' => true, set in filament-shield.php to see custom permissions.
3 replies