FilamentF
Filament5mo ago
bouly

Backend validation when using ModifyQueryUsing

Hello,
I notice that when using ModifyQueryUsing on a field, there is no validation of the value sent by the client in the backend. Is this possible?

Select::make('roles')
  ->label(__('Role'))
  ->relationship(
      name: 'roles',
      titleAttribute: 'name',
      modifyQueryUsing: fn(Builder $query) => auth()->user()->hasRole('super_admin') ? $query : $query->whereNot('name', 'super_admin'),
  )
  ->preload()
  ->required()
  ->searchable(),


Step to reproduce :
  1. Comment the modifyQueryUsing line.
  2. Load the page and select "super_admin"
  3. Uncomment the line.
  4. Send the form
Am I wrong?
Solution
Ok my bad. I misunderstood...
Here is the solution :
// In App\Models\User.php
public function viewableRoles(): BelongsToMany
{
    if (Auth::user()->isSuperAdmin()) {
        return $this->roles();
    }
    return $this->roles()->where('name', '!=', config('filament-shield.super_admin.name'));
}

// In the form
->relationship(
  name: 'viewableRoles',
  titleAttribute: 'name',
)


Thanks!
Jump to solution
Was this page helpful?