F
Filament3w ago
H4L1M

How to authorize ManageRelatedRecords viewAny based on parent record in Filament?

Hi folks — I’m trying to manage viewAny authorization for a ManageRelatedRecords page, but based on the parent/owner record. Context: Parent model: Project Child model: Activity Relationship: activities (Project->activities()) The issue is: canViewAny() on a RelationManager only receives the $user instance — but I need to decide access based on both the $user and the specific parent Project record. What I’d like to do: Check if the current user can view the Activities tab for a given Project canViewAny() doesn’t have access to the parent record Current state: ✅ Authorization works fine for default pages like Edit or View (via parent model Project Policy) ✅ Authorization works fine for view, edit, delete actions on the child model (via Child Model Activity Policy) ❌ But viewAny on the Activity model (to render the Activities tab on the Project resource) only accepts the $user instance — and I want to authorize it based on both the $user and the parent Project Any clean Filament-native way to handle this? Would appreciate suggestions or examples if you’ve tackled this before 👌
1 Reply
H4L1M
H4L1MOP3w ago
I handled this by overriding the mount() method in ManageRelatedRecords page and manually authorizing against the parent record there: 
public function mount(int | string $record): void
{
    $this->record = $this->resolveRecord($record);

    abort_unless(ProjectResource::canView($this->record), 403);

    $this->previousUrl = url()->previous();
    $this->loadDefaultActiveTab();
}
public function mount(int | string $record): void
{
    $this->record = $this->resolveRecord($record);

    abort_unless(ProjectResource::canView($this->record), 403);

    $this->previousUrl = url()->previous();
    $this->loadDefaultActiveTab();
}
This lets me authorize viewing the page based on both the user and the parent project. Not perfect through ....

Did you find this page helpful?