F
Filament3w ago
Finn

Panel-wide authorization skip?

My admin panel is used as a way to manage content served via API routes to a mobile app. I have two authentication models in use, User which are all the app users and UserAdmin which are the users that have access to the filament app. I've already set this up to use class UserAdmin extends Authenticatable implements FilamentUser, and I have access to my filament panel with UserAdmins just fine. I recently implemented a model policy for my Article model relating to the API: 
class ArticlePolicy
{
    public function before(User|UserAdmin $user, string $ability): ?bool
    {
        if ($user instanceof UserAdmin) {
            return true;
        }

        return null;
    }

    public function viewAny(User $user): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return false;
    }

    public function view(User $user, Article $article): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return ! $article->is_restricted;
    }
}
class ArticlePolicy
{
    public function before(User|UserAdmin $user, string $ability): ?bool
    {
        if ($user instanceof UserAdmin) {
            return true;
        }

        return null;
    }

    public function viewAny(User $user): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return false;
    }

    public function view(User $user, Article $article): bool
    {
        if ($user->isSubscribed()) {
            return true;
        }

        return ! $article->is_restricted;
    }
}
I've had to include a before() method to ensure that UserAdmins aren't affected when accessing the filament panel. I could've also used protected static bool $shouldSkipAuthorization = true; within my ArticleResource, but I'd rather the auth is all in one place (the policy). I'm wondering if there's a way to bypass auth checks for all members of a given group within the panel settings: 
// I'm already doing this:
->authGuard('admin')
->authPasswordBroker('admins')

...
->skipResourceAuthFor('admins') // example new option
// I'm already doing this:
->authGuard('admin')
->authPasswordBroker('admins')

...
->skipResourceAuthFor('admins') // example new option
Is something like this possible?
0 Replies
No replies yetBe the first to reply to this messageJoin

Did you find this page helpful?