F
Filamentβ€’6mo ago
mohdaftab

How to prevent select option to be changed using inspect element

Hello, I am using 3 roles in my project (super-admin, admin, editor) I have a custom config file which has these 3 roles and I can access them using config('custom.roles') The user permissions to add new users are like this super-admin can add admin and editor admin can only add editor editor has no access to add any user my question is that I have a select option which loads options from config('custom.roles') and it shows all 3 roles when super-admin or admin is adding a user, I have changed it conditionally to load only the roles that these users can add but the main issue is when I am logged in as admin and inspect element to edit the select options and change the value to super-admin it lets me add super-admin using the admin role. Please let me know how do I make this secure so the user can only add the roles that they are permitted to. Thank you so much.
2 Replies
DrByte
DrByteβ€’6mo ago
Never trust user input. Always validate the submitted data. So, put your validation checks in the part of your code that's parsing the submitted form data, before saving. You haven't posted any of your Form code or the Resource or Model it relates to, so it's hard to give you appropriate code suggestions. You could use policies, you could use validation rules, you could use Gate rules, you could use beforeSaving events, you could use observers to parse before saving. Lots of options depending on your app. Don't worry about browser tampering as much as ensuring the submitted data is allowed. Do all that server-side, never in browser.
mohdaftab
mohdaftabβ€’6mo ago
@DrByte thank you so much for the detailed reply. I changed the config to have separate sets for each role and then validate them using in: and it works good. I just wanted to do it with the same config without separating them and the reason to ask here is because I thought there was a built-in trait or any method which I wasn't aware of. The validation works with the separate set of rules and there are only these roles so I will stick to that. Thank you so much πŸ™‚
Want results from more Discord servers?
Add your server
More Posts
[Tests] What's the way to fill a form that has a repeater ?Im testing a relationManager and the create form has a repeater, im trying to fill the form with datUse Accessor in Global SearchHi, the documentation says that we can use an accessor to feed the global search (see https://filamResize the sidebar in filament v3How can i resize the sidebar in filamentCalculated fields in form builderHi, I can't find the documentation section that describes how to do "calculated" fields in the form Place ungrouped resources between / below navigation groupsHi all. Does anyone know how to place ungrouped resources between / below navigation groups?Max Selectable Options in Checkbox ListHello, Is there any way I can limit the Checkbox list with Max selectable options? I have around 50Error when executing a table on a custom pageHello everybody. I created a custom page and included a table. But when I run this page it gives theFilament intercepting regular user registration flow?I'm building an admin panel to supplement a Laravel app. Users currently go through a regular login/Multi-Tenancy with Laravel Spark**What I am trying to do:** Im trying to add laravel spark on top of multi-tenancy teams. **What I Tabs to filter the records(Panel Builder) not working```use Filament\Resources\Components\Tab; use Illuminate\Database\Eloquent\Builder; public function