Luqman Nordin

Authorization using spatie role in filament v3

  1. Create Policy for a Authorization Resource
php artisan make:policy PostPolicy --model=Post

Define Permissions in the Policy

namespace App\Policies;

use App\Models\Post;
use App\Models\User;

class PostPolicy
{
    public function viewAny(User $user): bool
    {
        // Allow viewing posts if the user has 'view posts' permission
          if(auth()->user()->hasRole('admin')){
            return true;
        }
        return false;
    }

    public function view(User $user, Post $post): bool
    {
        // Allow viewing a post if the user has 'view posts' permission
        return $user->can('view posts');
    }

    public function create(User $user): bool
    {
        // Allow creating a post if the user has 'create posts' permission
        return $user->can('create posts');
    }

    public function update(User $user, Post $post): bool
    {
        // Allow editing a post if the user has 'edit posts' permission or is an admin
        return $user->can('edit posts') || $user->hasRole('admin');
    }

    public function delete(User $user, Post $post): bool
    {
        // Allow deleting a post if the user has 'delete posts' permission
        return $user->can('delete posts');
    }
}

Register the Policy in AuthServiceProvider

namespace App\Providers;

use App\Models\Post;
use App\Policies\PostPolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    protected $policies = [
        Post::class => PostPolicy::class,
    ];

    public function boot()
    {
       
    }
}

2. Authorizing access to the panel in App\Models\User

<?php
 
namespace App\Models;
 
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
use Illuminate\Foundation\Auth\User as Authenticatable;
 
class User extends Authenticatable implements FilamentUser
{
    // ...
 
    public function canAccessPanel(Panel $panel): bool
    {
          if(auth()->user()->hasRole('admin')){
            return true;
        }
        return false;
    }
}

3. Authorizing access to the resource in app/Filament/Resources/UserResource

class UserResource extends Resource
{
    protected static ?string $model = User::class;

     public static function canViewAny(): bool
    {
          if(auth()->user()->hasRole('admin')){
            return true;
        }
        return false;
    }
    
}

4. Authorizing access to the page in app/Filament/Resources/UserResource/ListUsers

public static function canAccess(): bool
{
      if(auth()->user()->hasRole('admin')){
            return true;
        }
        return false;
}

OR

public static function canView(): bool
      {
         if(auth()->user()->hasRole('admin')){
            return true;
        }
        return false;
      }

Global using in class

    public static function shouldRegisterNavigation(): bool
    {
        return auth()->user()?->hasRole('admin');
    }

    public static function canAccess(): bool
    {
        if (auth()->user()->hasRole('admin')) {
            return true;
        }
        return false;
    }

Posted

in

,

by

luqman

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *