Authorization issue – inability to override policies in favor of can* methods in the resource
In Filament v3, I could control permissions in the panel using methods such as canView, canEdit, canDelete, etc. in the resource, regardless of whether a Laravel policy was registered for the model. This allowed me to have policies only for the purposes of, for example, GraphQL, and use my own permission logic in the Filament panel.
In Filament v4, if a policy is registered for a model, Filament always uses that policy for authorization (via the get_authorization_response function), ignoring the logic contained in the canView, canEdit, etc. methods in the resource. This means that I can no longer independently control permissions in the Filament panel if a policy exists (e.g., for API/GraphQL purposes).
Expected behavior
I would like Filament to ignore Laravel policies for a given resource/model and use only the canView, canEdit, canDelete, etc. methods in the resource – even if the policy is registered (e.g., for other parts of the application).
In Filament v4, if a policy is registered for a model, Filament always uses that policy for authorization (via the get_authorization_response function), ignoring the logic contained in the canView, canEdit, etc. methods in the resource. This means that I can no longer independently control permissions in the Filament panel if a policy exists (e.g., for API/GraphQL purposes).
Expected behavior
I would like Filament to ignore Laravel policies for a given resource/model and use only the canView, canEdit, canDelete, etc. methods in the resource – even if the policy is registered (e.g., for other parts of the application).
