F

Filament•2y ago

twistdroach

Allowing view to a resource for unauthenticated users

Writing a test app to give Filament v3 a try. The app requires an authenticated user to add or customize data, but browsing/viewing/searching is available freely. As an example of what I'm looking for - I am looking to display the table that shows up when you click a resource in the default /admin/admin control panel as // and allow anyone to filter or view it. It seems like something that should be easy but I'm missing it.

Solution

1. Create your Admin panel, and your Resource to fully admin the model data as an Admin.
2. Create another Panel (perhaps call it "app"), for guest access.
   Customize that panel:
3. set its path: ->path('/')->path('/') because you said you want it at '/'
4. remove the ->login()->login()
5. remove the default AuthenticateAuthenticate class from ->authMiddleware()->authMiddleware()
6. remove the default AccountWidgetAccountWidget (because it'll throw a bunch of errors about unable to find AvatarUrl and user Name, when its template tries to render for a non-logged-in "user")

(Also remove Laravel's default '/''/' route from routes/web.phproutes/web.php else it will conflict.)

1. If the data is basically read-only, then the SIMPLEST solution is to create a custom Table Dashboard to view the data (you can see an example of one in the Filament Demo: scroll to the bottom to see LatestOrders )
2. But if you need more complexity or truly want it to be a Resource with Guest access:
   Update the panel:
3. in the app Panel, if the discussed Resource is in a different Namespace, make sure to add a ->resources([ResourceClassName::class])->resources([ResourceClassName::class]) to the panel.
   Use Policies for security:
4. Create Model Policy for the model, and in the viewAny()viewAny() and view()view() methods, change the User $userUser $user param to ?User $user?User $user so that it's optional (ie: guest allowed), and return true;return true;.
   For the other model methods, add appropriate logic to allow Admins to perform those actions. (maybe $user$user is not null, or $user->hasRole('Admin')$user->hasRole('Admin') (if you have a hasRole()hasRole() method on your User model), etc.
   The Policy is the key to your security controls: documented in Laravel docs. Filament just uses the policy that you put into Laravel.
5. and if there are things that the Policy isn't restricting access to (like actions/fields), be sure to use the hidden()hidden() or visible()visible() features in the Resource definitions of fields/actions/etc to control who can access them.

GitHub

demo/app/Filament/Widgets/LatestOrders.php at main · filamentphp/demo

Source code for the demo.filamentphp.com website. Contribute to filamentphp/demo development by creating an account on GitHub.

Jump to solution