The easiest and most intuitive way to add access management to your Filament Admin:
- 🔥 Resources
- 🔥 Pages
- 🔥 Widgets
- 🔥 Custom Permissions
- Filament Shield
- Table of contents
To upgrade to the latest release first run:
composer updateNote Minimum Filament Requirement is now
2.13. for older versions use v1.1.12
Before following along, backup your current config first.
-
Upgrade from
1.x- Delete
Shieldfolder fromApp\Filament\Resources - Delete
filament-shieldfromresources\lang\vendor or lang\vendor - Delete
filament-shieldfromresources\views\vendor - Delete
filament-shield.phpfromConfig - Now follow
Upgrade only
- Delete
-
Upgrade only
2.x-
Publish the
Config:php artisan vendor:publish --tag=filament-shield-config --force
-
Configure: Update the new
published configbased on yourbacked-up config -
Install:
php artisan shield:upgrade
-
- Install the package via composer:
composer require bezhansalleh/filament-shield- Add the
Spatie\Permission\Traits\HasRolestrait to your User model(s):
use Illuminate\Foundation\Auth\User as Authenticatable;
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable
{
use HasRoles; //or HasFilamentShield
// ...
}- Publish the
configusing:
php artisan vendor:publish --tag=filament-shield-config- Setup your configuration
<?php
return [
'shield_resource' => [
'slug' => 'shield/roles',
'navigation_sort' => -1,
'navigation_badge' => true,
'navigation_group' => true,
'is_globally_searchable' => false,
],
'auth_provider_model' => [
'fqcn' => 'App\\Models\\User'
],
'super_admin' => [
'enabled' => true,
'name' => 'super_admin',
'define_via_gate' => false,
'intercept_gate' => 'before' // after
],
'filament_user' => [
'enabled' => true,
'name' => 'filament_user'
],
'permission_prefixes' => [
'resource' => [
'view',
'view_any',
'create',
'update',
'restore',
'restore_any',
'replicate',
'reorder',
'delete',
'delete_any',
'force_delete',
'force_delete_any',
],
'page' => 'page',
'widget' => 'widget',
],
'entities' => [
'pages' => true,
'widgets' => true,
'resources' => true,
'custom_permissions' => false,
],
'generator' => [
'option' => 'policies_and_permissions'
],
'exclude' => [
'enabled' => true,
'pages' => [
'Dashboard',
],
'widgets' => [
'AccountWidget','FilamentInfoWidget',
],
'resources' => [],
],
'register_role_policy' => [
'enabled' => true
],
];- Now run the following command to install shield:
php artisan shield:installFollow the prompts and enjoy!
You can add custom permissions for Resources through Config file.
If you have generated permissions for Pages you can toggle the page's navigation from sidebar and restricted access to the page. You can set this up manually but this package comes with a HasPageShield trait to speed up this process. All you have to do is use the trait in you pages:
<?php
namespace App\Filament\Pages;
use ...;
use BezhanSalleh\FilamentShield\Traits\HasPageShield;
class MyPage extends Page
{
use HasPageShield;
...
}📕 HasPageShield uses the booted method to check the user's permissions and makes sure to execute the booted page method in the parent page if exists.
However if you need to perform some methods before and after the booted method you can declare the next hooks methods in your filament page.
<?php
namespace App\Filament\Pages;
use ...;
use BezhanSalleh\FilamentShield\Traits\HasPageShield;
class MyPage extends Page
{
use HasPageShield;
...
protected function beforeBooted : void() {
...
}
protected function afterBooted : void() {
...
}
/**
* Hook to perform an action before redirect if the user
* doesn't have access to the page.
* */
protected function beforeShieldRedirects : void() {
...
}
}HasPageShield uses the config('filament.path') value by default to perform the shield redirection. If you need to overwrite the rediretion path, just add the next method to your page:
<?php
namespace App\Filament\Pages;
use ...;
use BezhanSalleh\FilamentShield\Traits\HasPageShield;
class MyPage extends Page
{
use HasPageShield;
...
protected function getShieldRedirectPath(): string {
return '/'; // redirect to the root index...
}
}if you have generated permissions for Widgets you can toggle their state based on whether a user have permission or not. You can set this up manually but this package comes with a HasWidgetShield trait to speed up this process. All you have to do is use the trait in you widgets:
<?php
namespace App\Filament\Widgets;
use ...;
use BezhanSalleh\FilamentShield\Traits\HasWidgetShield;
class IncomeWidget extends LineChartWidget
{
use HasWidgetShield;
...
}You can skip this if have set the 'register_role_policy' => true in the config.
To ensure RoleResource access via RolePolicy you would need to add the following to your AuthServiceProvider:
//AuthServiceProvider.php
...
protected $policies = [
'Spatie\Permission\Models\Role' => 'App\Policies\RolePolicy',
];
...Shield also generates policies and permissions for third-party plugins and to enforce the generated policies you will need to register them in your application's AuthServiceProvider:
...
class AuthServiceProvider extends ServiceProvider
{
...
protected $policies = [
...,
'Ramnzys\FilamentEmailLog\Models\Email' => 'App\Policies\EmailPolicy';
];
Same applies for models inside folders.
Publish the translations using:
php artisan vendor:publish --tag="filament-shield-translations"- Show useful info about Filament Shield.
Setup Core Package requirements and Install Shield. Accepts the following flags:
--freshre-run the migrations--onlyOnly setups shield without generating permissions and creating super-admin
Generate Permissions and/or Policies for Filament entities. Accepts the following flags:
--allGenerate permissions/policies for all entities--option[=OPTION]Override the config generator option(policies_and_permissions,policies,permissions)--resource[=RESOURCE]One or many resources separated by comma (,)--page[=PAGE]One or many pages separated by comma (,)--widget[=WIDGET]One or many widgets separated by comma (,)--excludeExclude the given entities during generation--ignore-config-excludeIgnore configexcludeoption during generation
Create a user with super_admin role.
- Accepts an
--user=argument that will use the provided ID to find the user to be made super admin.
- Upgrade shield.
composer testPlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.