Explicitly define which policy to use in filament resource?
Here is my setup:
I have a regular User model. I have Superadmin and Admin classes which extend the User class.
I have set global scope in Superadmin and Admin class to filter out by role super-admin and admin.
I also override the getMorphClass in User model to return User class always.
This setup worked for me until I ran into filament.
Now filament uses model policies for authorization.
I have created UserPolicy, SuperadminPolicy, AdminPolicy.
In my app superadmins can create, update, delete and view admins. So, I have configured my policy like this.
Now filament comes in, I login to superadmin panel. I can see, view and create admins. I am also able to see edit record button in the table. I can go to edit record page also. When i hit the SAVE button, BOOM it throws me 403 unauthorized.
I traced back the 403 exception and found out that filament is looking into update action of UserPolicy which is different from AdminPolicy.
Is there any way to tell filament that it should look into AdminPolicy instead of UserPolicy
I have a regular User model. I have Superadmin and Admin classes which extend the User class.
I have set global scope in Superadmin and Admin class to filter out by role super-admin and admin.
I also override the getMorphClass in User model to return User class always.
This setup worked for me until I ran into filament.
Now filament uses model policies for authorization.
I have created UserPolicy, SuperadminPolicy, AdminPolicy.
In my app superadmins can create, update, delete and view admins. So, I have configured my policy like this.
Now filament comes in, I login to superadmin panel. I can see, view and create admins. I am also able to see edit record button in the table. I can go to edit record page also. When i hit the SAVE button, BOOM it throws me 403 unauthorized.
I traced back the 403 exception and found out that filament is looking into update action of UserPolicy which is different from AdminPolicy.
Is there any way to tell filament that it should look into AdminPolicy instead of UserPolicy
