How to check user roles in canAccessPanel()

JamesTechDude · 2023-08-15T19:45:47.160Z

Hello, I can't seem to find the code to use to check if a role is assigned to a user from database into canAccessPanel() I need to check: role_user pivot table Admin has role_id 1, user_id 1 Company user has role_id 2, user_id 2 (for this example, but many users will have role_id 2) I have a different panel for each... AdminPanelProvider for Admin Role, CompanyPanelProvider for Company Role I tried checking documentation and online and can't figure this out 😦 Thank you in advanced!

T

tuto1902•8/15/23, 8:01 PM

What I would do is add this helper function to the User model

public function hasRole($userRoles)
{
    if (is_array($userRoles)) {
        $roles = $this->roles->whereIn('name', $userRoles);
    } else {
        $roles = $this->roles->where('name', $userRoles);
    }
    if ($roles->isEmpty()) {
        return false;
    }
    return true;
}

public function hasRole($userRoles)
{
    if (is_array($userRoles)) {
        $roles = $this->roles->whereIn('name', $userRoles);
    } else {
        $roles = $this->roles->where('name', $userRoles);
    }
    if ($roles->isEmpty()) {
        return false;
    }
    return true;
}

public function hasRole($userRoles)
{
    if (is_array($userRoles)) {
        $roles = $this->roles->whereIn('name', $userRoles);
    } else {
        $roles = $this->roles->where('name', $userRoles);
    }
    if ($roles->isEmpty()) {
        return false;
    }
    return true;
}

public function hasRole($userRoles)
{
    if (is_array($userRoles)) {
        $roles = $this->roles->whereIn('name', $userRoles);
    } else {
        $roles = $this->roles->where('name', $userRoles);
    }
    if ($roles->isEmpty()) {
        return false;
    }
    return true;
}

Then, in the

canAccessPanel

canAccessPanel

canAccessPanel

canAccessPanel method

return auth()->user()->hasRole('admin');
// or
return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole('admin');
// or
return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole('admin');
// or
return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole('admin');
// or
return auth()->user()->hasRole(['admin', 'company']);

J

JamesTechDudeOP•8/15/23, 8:29 PM

This definitely works so far, is there a way to specify which role gets to view which panel?

For example, Company gets CompanyPanelProvider, and Admin gets AdminPanelProvider?

T

tuto1902•8/15/23, 8:32 PM

I personally haven't found one yet

J

JamesTechDudeOP•8/15/23, 8:33 PM

Same, I can't find it for the life of me :/ must not be a way to do that yet :/

J

JamesTechDudeOP•8/15/23, 8:33 PM

But how do I prevent a Company user from switching to the Admin panel? Seems like it should be implemented somehow haha

Especially because all they need to do is just change the endpoint URL and they would get access easily

T

tuto1902•8/15/23, 8:36 PM

Well, if the Admin panel only allows access to users with admin role, I would guess they'd just get a 403 error page

T

tuto1902•8/15/23, 8:37 PM

Yup, that's exactly what happens

T

tuto1902•8/15/23, 8:40 PM

Well, there's an idea. You can customize Laravel error pages and maybe offer a link to take the user to the proper panel based on their role

J

JamesTechDudeOP•8/15/23, 8:44 PM

True but then how do I allow access to Company panel? Haha

J

JamesTechDudeOP•8/15/23, 8:44 PM

If I use: return auth()->user()->hasRole(['admin', 'company']);

This would let Admin & Company see both panels :/

If I remove Company, then only Admin can see both panels :/

T

tuto1902•8/15/23, 8:58 PM

Ok, walk me through the process here:
- Admin users can access both panels (as they should)
- Company users can only access the Company panel
- If a Company user logs in using the Admin panel, they get a 403

This would return true, only if the currently logged in user has at least one of those roles (ie. an admin user)

return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole(['admin', 'company']);

T

tuto1902•8/15/23, 8:58 PM

So, you would want the Company user to only have the 'company' role

J

JamesTechDudeOP•8/15/23, 9:01 PM

Yes those steps are correct

And yes, Company user would only have 'company' role and can only access the Company panel (get 403 for Admin panel)

T

tuto1902•8/15/23, 9:07 PM

Oh good, I got it right. So yeah. If you do

php artisan vendor:publish --tag=laravel-errors

php artisan vendor:publish --tag=laravel-errors

php artisan vendor:publish --tag=laravel-errors

php artisan vendor:publish --tag=laravel-errors, you can customize the 403 page and render a link based on the user roles. You have access to the

auth()

auth()

auth()

auth() helper withing any template.

T

tuto1902•8/15/23, 9:08 PM

So if I'm a Company user in the admin panel, the link would say "Looks like you're lost, try logging in the <a href="...">Company panel</a>"

J

JamesTechDudeOP•8/15/23, 9:10 PM

Interesting, how does it know that when using

return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole(['admin', 'company']);

return auth()->user()->hasRole(['admin', 'company']);

?

T

tuto1902•8/15/23, 9:13 PM

I would use it like this:

@if (auth()->user()->hasRole('company')
    Looks like you're lost, try logging in the <a href="...">Company panel</a>
@endif

@if (auth()->user()->hasRole('company')
    Looks like you're lost, try logging in the <a href="...">Company panel</a>
@endif

@if (auth()->user()->hasRole('company')
    Looks like you're lost, try logging in the <a href="...">Company panel</a>
@endif

@if (auth()->user()->hasRole('company')
    Looks like you're lost, try logging in the <a href="...">Company panel</a>
@endif

Because we already know that the Admin user would never get a 403

T

tuto1902•8/15/23, 9:14 PM

and I may have confused you before. The

canAccessPanel()

canAccessPanel()

canAccessPanel()

canAccessPanel() method of the Admin panel would have

auth()->user()->hasRole('admin')

auth()->user()->hasRole('admin')

auth()->user()->hasRole('admin')

auth()->user()->hasRole('admin'). Allowing only admin users to that panel

J

JamesTechDudeOP•8/15/23, 9:15 PM

Interesting, how does it know to let the company access the company panel tho

Sorry this filament user access part is really new for me

J

JamesTechDudeOP•8/15/23, 9:16 PM

is canAccessPanel only for admins?

T

tuto1902•8/15/23, 9:16 PM

You would add

auth()->user()->hasRole('company')

auth()->user()->hasRole('company')

auth()->user()->hasRole('company')

auth()->user()->hasRole('company') to the

canAccessPanel()

canAccessPanel()

canAccessPanel()

canAccessPanel() of the Company panel

T

tuto1902•8/15/23, 9:16 PM

canAccessPanel is just a way of letting certain user see the current panel

J

JamesTechDudeOP•8/15/23, 9:17 PM

But if it's on the User model, how do we set it for the Company panel?

If I set it to Admin then Company can't access any panels, if I set it to both Admin and Company, both can access both :/

T

tuto1902•8/15/23, 9:19 PM

I believe the panel instance is injected into the

canAccessPanel()

canAccessPanel()

canAccessPanel()

canAccessPanel() method

public function canAccessPanel(Panel $panel): bool
{
    // ...
}

public function canAccessPanel(Panel $panel): bool
{
    // ...
}

public function canAccessPanel(Panel $panel): bool
{
    // ...
}

public function canAccessPanel(Panel $panel): bool
{
    // ...
}

J

JamesTechDudeOP•8/15/23, 9:19 PM

OMG

J

JamesTechDudeOP•8/15/23, 9:19 PM

How am I so blind

T

tuto1902•8/15/23, 9:21 PM

haha

T

tuto1902•8/15/23, 9:21 PM

$panel->getId()

$panel->getId()

$panel->getId()

$panel->getId() should help

J

JamesTechDudeOP•8/15/23, 9:30 PM

For reference, this is what worked (I called the Company Owner the Owner Role)


public function canAccessPanel(Panel $panel): bool
{

$panelGetId = $panel->getId();

if(auth()->user()->hasRole(['Admin']) && $panelGetId == 'admin'){
    return true;
}elseif(auth()->user()->hasRole(['Owner']) && $panelGetId == 'company'){
    return true;
}else{
    return false;
}

}


public function canAccessPanel(Panel $panel): bool
{

$panelGetId = $panel->getId();

if(auth()->user()->hasRole(['Admin']) && $panelGetId == 'admin'){
    return true;
}elseif(auth()->user()->hasRole(['Owner']) && $panelGetId == 'company'){
    return true;
}else{
    return false;
}

}


public function canAccessPanel(Panel $panel): bool
{

$panelGetId = $panel->getId();

if(auth()->user()->hasRole(['Admin']) && $panelGetId == 'admin'){
    return true;
}elseif(auth()->user()->hasRole(['Owner']) && $panelGetId == 'company'){
    return true;
}else{
    return false;
}

}


public function canAccessPanel(Panel $panel): bool
{

$panelGetId = $panel->getId();

if(auth()->user()->hasRole(['Admin']) && $panelGetId == 'admin'){
    return true;
}elseif(auth()->user()->hasRole(['Owner']) && $panelGetId == 'company'){
    return true;
}else{
    return false;
}

}

Thank you for leading me in the right direction! I was so lost!

T

tuto1902•8/15/23, 9:31 PM

More than happy to help

J

JamesTechDudeOP•8/15/23, 9:44 PM

I just realized I might have to change this around a bit, as Filament expects to use "company_user" table to determine who is a company user (instead of using the roles with company_id)

T

tuto1902•8/15/23, 9:46 PM

Yeah, you're right.

J

JamesTechDudeOP•8/15/23, 9:46 PM

So maybe it's better to get rid of roles all together and just check if they are in company_user table

J

JamesTechDudeOP•8/15/23, 9:47 PM

Or I should add role_id to company_user?

T

tuto1902•8/15/23, 9:47 PM

but, isn't company_user for multi-tenancy purposes?

J

JamesTechDudeOP•8/15/23, 9:47 PM

Yeah it is

Man this is difficult

J

JamesTechDudeOP•8/15/23, 9:48 PM

My end goal is to have

Admin
Company Owner (just Owner for the role)
Clients

T

tuto1902•8/15/23, 9:49 PM

I know. So you still need roles. Panels and Multi-Tenancy are different. As I understand it. You can have multiple panels. And each panel can have their own Tenants (as configured in the panel service provider).

J

JamesTechDudeOP•8/15/23, 9:50 PM

Yes that's correct

I think my main confusion is how do I assign the Role to the specific User for the specific Company

As Users can have multiple Companies, and Companies can have multiple Users, and a User can have multiple Roles within the same Company...

J

JamesTechDudeOP•8/15/23, 9:51 PM

I tried this:

$user = auth()->user()->id;
$company = Company::create($data);
$role = Role::where('name', 'Owner')->first();

//assign pivot table
$company->user()->attach(auth()->user());

//assign company owner role
$user->attachRole($role);

return $company;

$user = auth()->user()->id;
$company = Company::create($data);
$role = Role::where('name', 'Owner')->first();

//assign pivot table
$company->user()->attach(auth()->user());

//assign company owner role
$user->attachRole($role);

return $company;

$user = auth()->user()->id;
$company = Company::create($data);
$role = Role::where('name', 'Owner')->first();

//assign pivot table
$company->user()->attach(auth()->user());

//assign company owner role
$user->attachRole($role);

return $company;

$user = auth()->user()->id;
$company = Company::create($data);
$role = Role::where('name', 'Owner')->first();

//assign pivot table
$company->user()->attach(auth()->user());

//assign company owner role
$user->attachRole($role);

return $company;

But it tells me:

Call to a member function attachRole() on int

Call to a member function attachRole() on int

Call to a member function attachRole() on int

Call to a member function attachRole() on int

T

tuto1902•8/15/23, 9:52 PM

$user = auth()->user()->id;

T

tuto1902•8/15/23, 9:52 PM

$user->attachRole($role);

T

tuto1902•8/15/23, 9:52 PM

Do you see the issue there?

J

JamesTechDudeOP•8/15/23, 9:52 PM

Dang I think I need a break hahahha

J

JamesTechDudeOP•8/15/23, 9:53 PM

Yeah I see the issue, it's giving the User ID instead of the User Model :/

T

tuto1902•8/15/23, 9:53 PM

T

tuto1902•8/15/23, 9:53 PM

Yeah, sometimes is best to take a breath and clear your mind.

J

JamesTechDudeOP•8/15/23, 10:00 PM

Got it to work with this

//create company, assign pivot table
$company = Company::create($data);
$company->user()->attach(auth()->user());

//assign company owner role
$user = User::find(auth()->user()->id);
$role = Role::find(2); //Owner Role
$user->roles()->attach($role, ['company_id' => $company->id]);

return $company;

//create company, assign pivot table
$company = Company::create($data);
$company->user()->attach(auth()->user());

//assign company owner role
$user = User::find(auth()->user()->id);
$role = Role::find(2); //Owner Role
$user->roles()->attach($role, ['company_id' => $company->id]);

return $company;

//create company, assign pivot table
$company = Company::create($data);
$company->user()->attach(auth()->user());

//assign company owner role
$user = User::find(auth()->user()->id);
$role = Role::find(2); //Owner Role
$user->roles()->attach($role, ['company_id' => $company->id]);

return $company;

//create company, assign pivot table
$company = Company::create($data);
$company->user()->attach(auth()->user());

//assign company owner role
$user = User::find(auth()->user()->id);
$role = Role::find(2); //Owner Role
$user->roles()->attach($role, ['company_id' => $company->id]);

return $company;

J

JamesTechDudeOP•8/15/23, 10:02 PM

Now the question is if I leave assigned roles in the

role_user

role_user

table, or move

role_id

role_id

role_id

role_id to the

company_user

company_user

company_user

company_user table and get rid of the

role_user

role_user

table... decisions...

J

JamesTechDudeOP•8/15/23, 10:06 PM

I'll leave it since someone can be a client or a company owner in the same company

Thank you! I'll stop buggin you now haha

How to check user roles in canAccessPanel()

Similar Threads

Similar Threads

Similar Threads