Backend validation when using ModifyQueryUsing

Hello,
I notice that when using ModifyQueryUsing on a field, there is no validation of the value sent by the client in the backend. Is this possible?

Select::make('roles')
  ->label(__('Role'))
  ->relationship(
      name: 'roles',
      titleAttribute: 'name',
      modifyQueryUsing: fn(Builder $query) => auth()->user()->hasRole('super_admin') ? $query : $query->whereNot('name', 'super_admin'),
  )
  ->preload()
  ->required()
  ->searchable(),

Select::make('roles')
  ->label(__('Role'))
  ->relationship(
      name: 'roles',
      titleAttribute: 'name',
      modifyQueryUsing: fn(Builder $query) => auth()->user()->hasRole('super_admin') ? $query : $query->whereNot('name', 'super_admin'),
  )
  ->preload()
  ->required()
  ->searchable(),

Step to reproduce :
1. Comment the modifyQueryUsing line.
2. Load the page and select "super_admin"
3. Uncomment the line.
4. Send the form

Am I wrong?

Solution

Ok my bad. I misunderstood...
Here is the solution :

// In App\Models\User.php
public function viewableRoles(): BelongsToMany
{
    if (Auth::user()->isSuperAdmin()) {
        return $this->roles();
    }
    return $this->roles()->where('name', '!=', config('filament-shield.super_admin.name'));
}

// In the form
->relationship(
  name: 'viewableRoles',
  titleAttribute: 'name',
)

// In App\Models\User.php
public function viewableRoles(): BelongsToMany
{
    if (Auth::user()->isSuperAdmin()) {
        return $this->roles();
    }
    return $this->roles()->where('name', '!=', config('filament-shield.super_admin.name'));
}

// In the form
->relationship(
  name: 'viewableRoles',
  titleAttribute: 'name',
)

Thanks!

Jump to solution

Filament•6mo ago•

13 replies

bouly

Backend validation when using ModifyQueryUsing

Hello,
I notice that when using ModifyQueryUsing on a field, there is no validation of the value sent by the client in the backend. Is this possible?

Select::make('roles')
  ->label(__('Role'))
  ->relationship(
      name: 'roles',
      titleAttribute: 'name',
      modifyQueryUsing: fn(Builder $query) => auth()->user()->hasRole('super_admin') ? $query : $query->whereNot('name', 'super_admin'),
  )
  ->preload()
  ->required()
  ->searchable(),

Select::make('roles')
  ->label(__('Role'))
  ->relationship(
      name: 'roles',
      titleAttribute: 'name',
      modifyQueryUsing: fn(Builder $query) => auth()->user()->hasRole('super_admin') ? $query : $query->whereNot('name', 'super_admin'),
  )
  ->preload()
  ->required()
  ->searchable(),

Step to reproduce :
1. Comment the modifyQueryUsing line.
2. Load the page and select "super_admin"
3. Uncomment the line.
4. Send the form

Am I wrong?

Solution

Ok my bad. I misunderstood...
Here is the solution :

// In App\Models\User.php
public function viewableRoles(): BelongsToMany
{
    if (Auth::user()->isSuperAdmin()) {
        return $this->roles();
    }
    return $this->roles()->where('name', '!=', config('filament-shield.super_admin.name'));
}

// In the form
->relationship(
  name: 'viewableRoles',
  titleAttribute: 'name',
)

// In App\Models\User.php
public function viewableRoles(): BelongsToMany
{
    if (Auth::user()->isSuperAdmin()) {
        return $this->roles();
    }
    return $this->roles()->where('name', '!=', config('filament-shield.super_admin.name'));
}

// In the form
->relationship(
  name: 'viewableRoles',
  titleAttribute: 'name',
)

Thanks!

Jump to solution

Backend validation when using ModifyQueryUsing

Backend validation when using ModifyQueryUsing

Similar Threads

Similar Threads

Similar Threads