Allowing view to a resource for unauthenticated users
Writing a test app to give Filament v3 a try. The app requires an authenticated user to add or customize data, but browsing/viewing/searching is available freely. As an example of what I'm looking for - I am looking to display the table that shows up when you click a resource in the default
/admin/Solution
1. Create your Admin panel, and your Resource to fully admin the model data as an Admin.
2. Create another Panel (perhaps call it "app"), for guest access.
Customize that panel:
- set its path:
- remove the
- remove the default
- remove the default
(Also remove Laravel's default
3. If the data is basically read-only, then the SIMPLEST solution is to create a custom Table Dashboard to view the data (you can see an example of one in the Filament Demo: scroll to the bottom to see LatestOrders )
4. But if you need more complexity or truly want it to be a Resource with Guest access:
Update the panel:
- in the app Panel, if the discussed Resource is in a different Namespace, make sure to add a
Use Policies for security:
- Create Model Policy for the model, and in the
For the other model methods, add appropriate logic to allow Admins to perform those actions. (maybe
The Policy is the key to your security controls: documented in Laravel docs. Filament just uses the policy that you put into Laravel.
- and if there are things that the Policy isn't restricting access to (like actions/fields), be sure to use the
2. Create another Panel (perhaps call it "app"), for guest access.
Customize that panel:
- set its path:
->path('/')- remove the
->login()- remove the default
Authenticate->authMiddleware()- remove the default
AccountWidget(Also remove Laravel's default
'/'routes/web.php3. If the data is basically read-only, then the SIMPLEST solution is to create a custom Table Dashboard to view the data (you can see an example of one in the Filament Demo: scroll to the bottom to see LatestOrders )
4. But if you need more complexity or truly want it to be a Resource with Guest access:
Update the panel:
- in the app Panel, if the discussed Resource is in a different Namespace, make sure to add a
->resources([ResourceClassName::class])Use Policies for security:
- Create Model Policy for the model, and in the
viewAny()view()User $user?User $userreturn true;For the other model methods, add appropriate logic to allow Admins to perform those actions. (maybe
$user$user->hasRole('Admin')hasRole()The Policy is the key to your security controls: documented in Laravel docs. Filament just uses the policy that you put into Laravel.
- and if there are things that the Policy isn't restricting access to (like actions/fields), be sure to use the
hidden()visible()GitHub
Source code for the demo.filamentphp.com website. Contribute to filamentphp/demo development by creating an account on GitHub.
