Filament•2mo ago•

4 replies

DeleteBulkAction do not check for delete_any policy

4️⃣v4

Hello,

I disabled the permission to delete activities (

delete

delete

and

delete_any

delete_any

) by removing the

delete

delete

and

deleteAny

deleteAny

functions from my policy file.

The

DeleteAction::make()

DeleteAction::make()

button is automatically hidden.
But the

DeleteBulkAction::make()

DeleteBulkAction::make()

button is still visible and functional!

However, when I check in

tinker

tinker

, my permission returns false:

> $user->can(“delete_any”, App\Models\Activity::class);
= false

> $user->can(“delete”, App\Models\Activity::class);
= false

> $user->can(“delete_any”, App\Models\Activity::class);
= false

> $user->can(“delete”, App\Models\Activity::class);
= false

Here is my policy file:

<?php

namespace App\Policies;

use App\Models\Activity;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Foundation\Auth\User as AuthUser;

class ActivityPolicy
{
    use HandlesAuthorization;

    public function viewAny(AuthUser $authUser): bool
    {
        return $authUser->can(“view_any_activity”);
    }

    public function view(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_activity”);
    }

    public function create(AuthUser $authUser): bool
    {
        return $authUser->can(“create_activity”);
    }

    public function viewOwn(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_own_activity”) &&
            $authUser->id === $activity->user_id;
    }

    public function viewAll(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_all_activity”);
    }
}

<?php

namespace App\Policies;

use App\Models\Activity;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Foundation\Auth\User as AuthUser;

class ActivityPolicy
{
    use HandlesAuthorization;

    public function viewAny(AuthUser $authUser): bool
    {
        return $authUser->can(“view_any_activity”);
    }

    public function view(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_activity”);
    }

    public function create(AuthUser $authUser): bool
    {
        return $authUser->can(“create_activity”);
    }

    public function viewOwn(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_own_activity”) &&
            $authUser->id === $activity->user_id;
    }

    public function viewAll(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_all_activity”);
    }
}

Do you understand why it does not check for the

deleteAny

deleteAny

policy?
Thanks!

DeleteBulkAction do not check for delete_any policy

4️⃣v4

Hello,

I disabled the permission to delete activities (

delete

delete

and

delete_any

delete_any

) by removing the

delete

delete

and

deleteAny

deleteAny

functions from my policy file.

The

DeleteAction::make()

DeleteAction::make()

button is automatically hidden.
But the

DeleteBulkAction::make()

DeleteBulkAction::make()

button is still visible and functional!

However, when I check in

tinker

tinker

, my permission returns false:

> $user->can(“delete_any”, App\Models\Activity::class);
= false

> $user->can(“delete”, App\Models\Activity::class);
= false

> $user->can(“delete_any”, App\Models\Activity::class);
= false

> $user->can(“delete”, App\Models\Activity::class);
= false

Here is my policy file:

<?php

namespace App\Policies;

use App\Models\Activity;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Foundation\Auth\User as AuthUser;

class ActivityPolicy
{
    use HandlesAuthorization;

    public function viewAny(AuthUser $authUser): bool
    {
        return $authUser->can(“view_any_activity”);
    }

    public function view(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_activity”);
    }

    public function create(AuthUser $authUser): bool
    {
        return $authUser->can(“create_activity”);
    }

    public function viewOwn(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_own_activity”) &&
            $authUser->id === $activity->user_id;
    }

    public function viewAll(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_all_activity”);
    }
}

<?php

namespace App\Policies;

use App\Models\Activity;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Foundation\Auth\User as AuthUser;

class ActivityPolicy
{
    use HandlesAuthorization;

    public function viewAny(AuthUser $authUser): bool
    {
        return $authUser->can(“view_any_activity”);
    }

    public function view(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_activity”);
    }

    public function create(AuthUser $authUser): bool
    {
        return $authUser->can(“create_activity”);
    }

    public function viewOwn(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_own_activity”) &&
            $authUser->id === $activity->user_id;
    }

    public function viewAll(AuthUser $authUser, Activity $activity): bool
    {
        return $authUser->can(“view_all_activity”);
    }
}

Do you understand why it does not check for the

deleteAny

deleteAny

policy?
Thanks!

DeleteBulkAction do not check for delete_any policy

Similar Threads

DeleteBulkAction do not check for delete_any policy

Similar Threads

Similar Threads

Similar Threads