Panel-wide authorization skip?

My admin panel is used as a way to manage content served via API routes to a mobile app. I have two authentication models in use,

User

User

which are all the app users and

UserAdmin

UserAdmin

which are the users that have access to the filament app. I've already set this up to use

class UserAdmin extends Authenticatable implements FilamentUser

class UserAdmin extends Authenticatable implements FilamentUser

, and I have access to my filament panel with UserAdmins just fine.
I recently implemented a model policy for my Article model relating to the API:

class ArticlePolicy
{
    public function before(User|UserAdmin $user, string $ability): ?bool
    {
        if ($user instanceof UserAdmin) {
            return true;
        }

        return null;
    }

    public function viewAny(User $user): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return false;
    }

    public function view(User $user, Article $article): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return ! $article->is_restricted;
    }
}

class ArticlePolicy
{
    public function before(User|UserAdmin $user, string $ability): ?bool
    {
        if ($user instanceof UserAdmin) {
            return true;
        }

        return null;
    }

    public function viewAny(User $user): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return false;
    }

    public function view(User $user, Article $article): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return ! $article->is_restricted;
    }
}

I've had to include a

before()

before()

method to ensure that UserAdmins aren't affected when accessing the filament panel. I could've also used

protected static bool $shouldSkipAuthorization = true;

protected static bool $shouldSkipAuthorization = true;

within my ArticleResource, but I'd rather the auth is all in one place (the policy).
I'm wondering if there's a way to bypass auth checks for all members of a given group within the panel settings:

// I'm already doing this:
->authGuard('admin')
->authPasswordBroker('admins')

...
->skipResourceAuthFor('admins') // example new option

// I'm already doing this:
->authGuard('admin')
->authPasswordBroker('admins')

...
->skipResourceAuthFor('admins') // example new option

Is something like this possible?

Filament•4mo ago•

1 reply

Finn

Panel-wide authorization skip?

My admin panel is used as a way to manage content served via API routes to a mobile app. I have two authentication models in use,

User

User

which are all the app users and

UserAdmin

UserAdmin

which are the users that have access to the filament app. I've already set this up to use

class UserAdmin extends Authenticatable implements FilamentUser

class UserAdmin extends Authenticatable implements FilamentUser

, and I have access to my filament panel with UserAdmins just fine.
I recently implemented a model policy for my Article model relating to the API:

class ArticlePolicy
{
    public function before(User|UserAdmin $user, string $ability): ?bool
    {
        if ($user instanceof UserAdmin) {
            return true;
        }

        return null;
    }

    public function viewAny(User $user): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return false;
    }

    public function view(User $user, Article $article): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return ! $article->is_restricted;
    }
}

class ArticlePolicy
{
    public function before(User|UserAdmin $user, string $ability): ?bool
    {
        if ($user instanceof UserAdmin) {
            return true;
        }

        return null;
    }

    public function viewAny(User $user): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return false;
    }

    public function view(User $user, Article $article): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return ! $article->is_restricted;
    }
}

I've had to include a

before()

before()

method to ensure that UserAdmins aren't affected when accessing the filament panel. I could've also used

protected static bool $shouldSkipAuthorization = true;

protected static bool $shouldSkipAuthorization = true;

within my ArticleResource, but I'd rather the auth is all in one place (the policy).
I'm wondering if there's a way to bypass auth checks for all members of a given group within the panel settings:

// I'm already doing this:
->authGuard('admin')
->authPasswordBroker('admins')

...
->skipResourceAuthFor('admins') // example new option

// I'm already doing this:
->authGuard('admin')
->authPasswordBroker('admins')

...
->skipResourceAuthFor('admins') // example new option

Is something like this possible?

Panel-wide authorization skip?

Similar Threads

Panel-wide authorization skip?

Similar Threads

Similar Threads

Similar Threads