How to Authenticate User based on their Status, and also hide few Resource Pages based on the Role
Sorry if this has already been asked but I couldn't find it, I want to basically whenever someone is trying to login into the dashboard, I want to also check if the user being logged in has their Status='Approved' or not in the SQL Table, I just have the base authentication page automatically made so I am not sure where to edit it, and also it would be great if it could also show an error saying the user is not approved.
and also, I have some pages like Users, Products etc that I only want to show for the admin and I have a column called 'role' in my database and there are two types, Admin and User
Thank you!
Solution:Jump to solution
and also, I have some pages like Users, Products etc that I only want to show for the admin and I have a column called 'role' in my database and there are two types, Admin and UserLaravel model policies can be used for this. The Filament docs explain it more, and the Laravel docs explain how to create the policy and how it works. https://filamentphp.com/docs/3.x/panels/resources/getting-started#authorization https://laravel.com/docs/authorization#creating-policies...
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
20 Replies
First check docs for authorization
I did try reading it but I couldn't understand it
Then read laravel docs. Check tutorials for policies
1. For custom login page and behaviour, check this tutorial:
https://laraveldaily.com/post/filament-3-login-with-name-username-or-email
But you need to customize it for your needs.
2. Try looking at the Shield plugin. I think it's very easy to use and it's working very well for me.
Laravel Daily
Filament 3: Login with Name, Username or Email
Solution
and also, I have some pages like Users, Products etc that I only want to show for the admin and I have a column called 'role' in my database and there are two types, Admin and UserLaravel model policies can be used for this. The Filament docs explain it more, and the Laravel docs explain how to create the policy and how it works. https://filamentphp.com/docs/3.x/panels/resources/getting-started#authorization https://laravel.com/docs/authorization#creating-policies
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
Also, what User status = approved means? According on what conditions? Do you have more statuses? Some things can be done in easier ways that are in Laravel (and Filament core) like softdeletes etc.
Thank you so much for this, I'm not exactly looking to make a custom page, I was just thinking maybe if it runs a query on mysql and fetches all the users and if the credentials match, it logs in, and I was hoping to check status from that user data as well
I see, I'll take a deeper look at the docs again, thank you. Appreciate it.
User status approved means that, let's say I run this query, SELECT * FROM users and I get all the users, and then authenticate, so I want to check inside the User data, and one of the column from my database is status and I am checking if that one has it's value as approved
You shouldn’t need to query all the users. Laravel’s authentication will return the user as authenticated or not. Then you would authorize them based on the properties of the authenticated user. Authentication and authorization are two separate concepts.
So a user is authenticated if the email and password are correct. But they are only authorized to access the app if they are “approved”
Yeah I realized I can actually do these check on the Laravel side where I'm getting the user based on the credentials and like also check for or however it's done on Laravel. I recently moved to Laravel so I'm struggling, thanks a lot for this.
Hang in there. It’ll all start to add up. All of Filaments auth logic defaults to laravel. It doesn’t do anything opinionated with it.
Okay, thank you I'm really liking Filament and how convenient it is. I'm coming from Flutter.
One last thing, can you please tell me if I make an admin using the filament panel, where does it usually make the calls if you can specify. It's okay, I'll look for it myself too
What calls are you referring to?
Sorry for the confusion, I meant the one that is basically checks the authentication at admin/login, and it's the default one that filament makes.
It’s laravel’s authentication method.
Okay, thank you, I'll take a look at it. Sorry for confusion.
Check the Login class and the Authenticate middleware in filaments core. Should give you some insight.
It’s in the Panels package on GitHub.
Yes, I'll take a look at that.
Thanks
Just add logic to
canAccessFilament() method on a user modelThanks for the help everyone, I've managed to do it