Users

Authorization

For user authorization, we use the spatie/laravel-permission package and the Filament Shield plugin.

This setup does not change any core Laravel authorization principles, but it expands and makes it work in Filament.

There are two important points of integration:

1. Defining what permissions make sense for a Filament resource. This is done by setting custom permissions prefixes in the resource. Read more here, but this is the gist of it:

   <?php
   
   namespace Eclipse\Core\Filament\Resources;
    
   use BezhanSalleh\FilamentShield\Contracts\HasShieldPermissions;
    
   class LocaleResource extends Resource implements HasShieldPermissions
   {
       public static function getPermissionPrefixes(): array
       {
           return [
               'view_any',
               'create',
               'update',
               'delete',
               'delete_any',
           ];
       }
   }

2. Generating model policies and permission database records. You can do this for a single resource by running Shield's command:

   php artisan shield:generate --panel=admin --resource=LocaleResource

   This creates a policy class in your app policies directory, so if developing a plugin, you must move it to your plugin's policies directory.

With this done, Filament will automatically use the model policies for access authorization, as described in the Filament docs, while you can also use all the standard Laravel authorization methods, such as $user->can('update', $locale) etc.