How to redirect unauthorized F4 admin panel access to homepage in L12?
Hi everyone,
I’m working with Filament 4 and Laravel 12. I have a user model with a canAccessPanel() method to control access to my admin panel:
public function canAccessPanel(Panel $panel): bool
{
if ($panel->getId() === 'admin') {
return str_ends_with($this->email, '@example.com') && $this->hasVerifiedEmail();
}
return true;
}
Currently, if a user who is not allowed tries to access the admin panel, Filament shows a 403 error page. I want to redirect them to the homepage (/) instead.
I’ve tried returning redirect('/') directly in canAccessPanel(), but that breaks the type contract and throws errors. I also tried modifying the exception handler, but nothing works reliably with Livewire requests.
My questions:
What’s the recommended way in Laravel 12 + Filament 4 to redirect unauthorized users from the admin panel to the homepage?
How can this work with both normal requests and Livewire/AJAX requests inside Filament?
Is using a middleware the best approach, or is there a simpler way?
Thanks in advance for any guidance or example snippets!
Solution:Jump to solution
This middleware works perfect with multi-panel (Created with GTP) 😊
<?php
namespace App\Http\Middleware;...
2 Replies
I think you can use a middleware
Solution
This middleware works perfect with multi-panel (Created with GTP) 😊
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;
use Filament\Facades\Filament;
use Filament\Models\Contracts\FilamentUser;
class RedirectIfNotFilamentAdmin
{
public function handle(Request $request, Closure $next)
{
$auth = Filament::auth();
$panel = Filament::getCurrentPanel();
$user = $auth->user();
// Not logged in → let them access login page
if (!$auth->check()) {
return $next($request);
}
Auth::shouldUse(Filament::getAuthGuard());
if (!($user instanceof FilamentUser)) {
return redirect('/'); // fallback
}
// Allowed roles per panel
$allowedRoles = [
'admin' => ['admin'],
'dashboard' => ['admin', 'staff'],
'patient' => ['admin', 'patient', 'staff'],
// add more panels here in the future
];
$panelId = $panel?->getId();
if ($panelId && isset($allowedRoles[$panelId])) {
if (!in_array($user->role, $allowedRoles[$panelId])) {
// Redirect based on role
switch ($user->role) {
case 'admin':
return redirect('/admin');
case 'staff':
return redirect('/dashboard');
case 'patient':
return redirect('/patient');
default:
return redirect('/'); // fallback
}
}
} else {
// Panel doesn't exist or user can't access → destroy session
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect('/login')->with('error', 'You cannot access.');
}
return $next($request);
}
}