banquise/pelican-panel-mirror
14
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-12-08 18:30:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use Policies rather then overriding can*() functions (#1837)

Browse Source 
Co-authored-by: Boy132 <mail@boy132.de>
This commit is contained in:
MartinOscar 2025-12-07 19:53:13 +00:00 committed by GitHub
parent 71bd267166
commit 7c0d53c796
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
32 changed files with 278 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Filament/Admin/Resources/DatabaseHosts/DatabaseHostResource.php
View File

@ -91,7 +91,7 @@ class DatabaseHostResource extends Resource
->checkIfRecordIsSelectableUsing(fn (DatabaseHost $databaseHost) => !$databaseHost->databases_count) ->checkIfRecordIsSelectableUsing(fn (DatabaseHost $databaseHost) => !$databaseHost->databases_count)
->recordActions([ ->recordActions([
ViewAction::make() ViewAction::make()
->hidden(fn ($record) => static::canEdit($record)), ->hidden(fn ($record) => static::getEditAuthorizationResponse($record)->allowed()),
EditAction::make(), EditAction::make(),
]) ])
->groupedBulkActions([ ->groupedBulkActions([

2
app/Filament/Admin/Resources/Mounts/MountResource.php
View File

@ -95,7 +95,7 @@ class MountResource extends Resource
]) ])
->recordActions([ ->recordActions([
ViewAction::make() ViewAction::make()
->hidden(fn ($record) => static::canEdit($record)), ->hidden(fn ($record) => static::getEditAuthorizationResponse($record)->allowed()),
EditAction::make(), EditAction::make(),
]) ])
->groupedBulkActions([ ->groupedBulkActions([

2
app/Filament/Admin/Resources/Roles/RoleResource.php
View File

@ -97,7 +97,7 @@ class RoleResource extends Resource
]) ])
->recordActions([ ->recordActions([
ViewAction::make() ViewAction::make()
->hidden(fn ($record) => static::canEdit($record)), ->hidden(fn ($record) => static::getEditAuthorizationResponse($record)->allowed()),
EditAction::make(), EditAction::make(),
]) ])
->checkIfRecordIsSelectableUsing(fn (Role $role) => !$role->isRootAdmin() && $role->users_count <= 0) ->checkIfRecordIsSelectableUsing(fn (Role $role) => !$role->isRootAdmin() && $role->users_count <= 0)

2
app/Filament/Admin/Resources/Users/UserResource.php
View File

@ -130,7 +130,7 @@ class UserResource extends Resource
]) ])
->recordActions([ ->recordActions([
ViewAction::make() ViewAction::make()
->hidden(fn ($record) => static::canEdit($record)), ->hidden(fn ($record) => static::getEditAuthorizationResponse($record)->allowed()),
EditAction::make(), EditAction::make(),
]) ])
->checkIfRecordIsSelectableUsing(fn (User $user) => user()?->id !== $user->id && !$user->servers_count) ->checkIfRecordIsSelectableUsing(fn (User $user) => user()?->id !== $user->id && !$user->servers_count)

2
app/Filament/Admin/Resources/Webhooks/WebhookResource.php
View File

@ -97,7 +97,7 @@ class WebhookResource extends Resource
]) ])
->recordActions([ ->recordActions([
ViewAction::make() ViewAction::make()
->hidden(fn (WebhookConfiguration $record) => static::canEdit($record)), ->hidden(fn (WebhookConfiguration $record) => static::getEditAuthorizationResponse($record)->allowed()),
EditAction::make(), EditAction::make(),
ReplicateAction::make() ReplicateAction::make()
->iconButton() ->iconButton()

6
app/Filament/Server/Resources/Activities/ActivityResource.php
View File

@ -6,7 +6,6 @@ use App\Filament\Admin\Resources\Users\Pages\EditUser;
use App\Filament\Components\Tables\Columns\DateTimeColumn; use App\Filament\Components\Tables\Columns\DateTimeColumn;
use App\Filament\Server\Resources\Activities\Pages\ListActivities; use App\Filament\Server\Resources\Activities\Pages\ListActivities;
use App\Models\ActivityLog; use App\Models\ActivityLog;
use App\Models\Permission;
use App\Models\Role; use App\Models\Role;
use App\Models\Server; use App\Models\Server;
use App\Models\User; use App\Models\User;
@ -164,11 +163,6 @@ class ActivityResource extends Resource
}); });
} }
public static function canViewAny(): bool
{
return user()?->can(Permission::ACTION_ACTIVITY_READ, Filament::getTenant());
}
/** @return array<string, PageRegistration> */ /** @return array<string, PageRegistration> */
public static function getDefaultPages(): array public static function getDefaultPages(): array
{ {

21
app/Filament/Server/Resources/Allocations/AllocationResource.php
View File

@ -23,7 +23,6 @@ use Filament\Tables\Columns\IconColumn;
use Filament\Tables\Columns\TextColumn; use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Columns\TextInputColumn; use Filament\Tables\Columns\TextInputColumn;
use Filament\Tables\Table; use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Model;
class AllocationResource extends Resource class AllocationResource extends Resource
{ {
@ -122,26 +121,6 @@ class AllocationResource extends Resource
]); ]);
} }
public static function canViewAny(): bool
{
return user()?->can(Permission::ACTION_ALLOCATION_READ, Filament::getTenant());
}
public static function canCreate(): bool
{
return user()?->can(Permission::ACTION_ALLOCATION_CREATE, Filament::getTenant());
}
public static function canEdit(Model $record): bool
{
return user()?->can(Permission::ACTION_ALLOCATION_UPDATE, Filament::getTenant());
}
public static function canDelete(Model $record): bool
{
return user()?->can(Permission::ACTION_ALLOCATION_DELETE, Filament::getTenant());
}
/** @return array<string, PageRegistration> */ /** @return array<string, PageRegistration> */
public static function getDefaultPages(): array public static function getDefaultPages(): array
{ {

16
app/Filament/Server/Resources/Backups/BackupResource.php
View File

@ -40,7 +40,6 @@ use Filament\Support\Enums\IconSize;
use Filament\Tables\Columns\IconColumn; use Filament\Tables\Columns\IconColumn;
use Filament\Tables\Columns\TextColumn; use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Table; use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Client\ConnectionException; use Illuminate\Http\Client\ConnectionException;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\HttpException; use Symfony\Component\HttpKernel\Exception\HttpException;
@ -298,21 +297,6 @@ class BackupResource extends Resource
]); ]);
} }
public static function canViewAny(): bool
{
return user()?->can(Permission::ACTION_BACKUP_READ, Filament::getTenant());
}
public static function canCreate(): bool
{
return user()?->can(Permission::ACTION_BACKUP_CREATE, Filament::getTenant());
}
public static function canDelete(Model $record): bool
{
return user()?->can(Permission::ACTION_BACKUP_DELETE, Filament::getTenant());
}
/** @return array<string, PageRegistration> */ /** @return array<string, PageRegistration> */
public static function getDefaultPages(): array public static function getDefaultPages(): array
{ {

26
app/Filament/Server/Resources/Databases/DatabaseResource.php
View File

@ -31,7 +31,6 @@ use Filament\Schemas\Schema;
use Filament\Support\Enums\IconSize; use Filament\Support\Enums\IconSize;
use Filament\Tables\Columns\TextColumn; use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Table; use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Str; use Illuminate\Support\Str;
class DatabaseResource extends Resource class DatabaseResource extends Resource
@ -210,31 +209,6 @@ class DatabaseResource extends Resource
]); ]);
} }
public static function canViewAny(): bool
{
return user()?->can(Permission::ACTION_DATABASE_READ, Filament::getTenant());
}
public static function canView(Model $record): bool
{
return user()?->can(Permission::ACTION_DATABASE_READ, Filament::getTenant());
}
public static function canCreate(): bool
{
return user()?->can(Permission::ACTION_DATABASE_CREATE, Filament::getTenant());
}
public static function canEdit(Model $record): bool
{
return user()?->can(Permission::ACTION_DATABASE_UPDATE, Filament::getTenant());
}
public static function canDelete(Model $record): bool
{
return user()?->can(Permission::ACTION_DATABASE_DELETE, Filament::getTenant());
}
/** @return array<string, PageRegistration> */ /** @return array<string, PageRegistration> */
public static function getDefaultPages(): array public static function getDefaultPages(): array
{ {

23
app/Filament/Server/Resources/Files/FileResource.php
View File

@ -7,14 +7,11 @@ use App\Filament\Server\Resources\Files\Pages\EditFiles;
use App\Filament\Server\Resources\Files\Pages\ListFiles; use App\Filament\Server\Resources\Files\Pages\ListFiles;
use App\Filament\Server\Resources\Files\Pages\SearchFiles; use App\Filament\Server\Resources\Files\Pages\SearchFiles;
use App\Models\File; use App\Models\File;
use App\Models\Permission;
use App\Traits\Filament\BlockAccessInConflict; use App\Traits\Filament\BlockAccessInConflict;
use App\Traits\Filament\CanCustomizePages; use App\Traits\Filament\CanCustomizePages;
use App\Traits\Filament\CanCustomizeRelations; use App\Traits\Filament\CanCustomizeRelations;
use Filament\Facades\Filament;
use Filament\Resources\Pages\PageRegistration; use Filament\Resources\Pages\PageRegistration;
use Filament\Resources\Resource; use Filament\Resources\Resource;
use Illuminate\Database\Eloquent\Model;
class FileResource extends Resource class FileResource extends Resource
{ {
@ -30,26 +27,6 @@ class FileResource extends Resource
protected static bool $isScopedToTenant = false; protected static bool $isScopedToTenant = false;
public static function canViewAny(): bool
{
return user()?->can(Permission::ACTION_FILE_READ, Filament::getTenant());
}
public static function canCreate(): bool
{
return user()?->can(Permission::ACTION_FILE_CREATE, Filament::getTenant());
}
public static function canEdit(Model $record): bool
{
return user()?->can(Permission::ACTION_FILE_UPDATE, Filament::getTenant());
}
public static function canDelete(Model $record): bool
{
return user()?->can(Permission::ACTION_FILE_DELETE, Filament::getTenant());
}
/** @return array<string, PageRegistration> */ /** @return array<string, PageRegistration> */
public static function getDefaultPages(): array public static function getDefaultPages(): array
{ {

26
app/Filament/Server/Resources/Schedules/ScheduleResource.php
View File

@ -13,7 +13,6 @@ use App\Filament\Server\Resources\Schedules\Pages\ListSchedules;
use App\Filament\Server\Resources\Schedules\Pages\ViewSchedule; use App\Filament\Server\Resources\Schedules\Pages\ViewSchedule;
use App\Filament\Server\Resources\Schedules\RelationManagers\TasksRelationManager; use App\Filament\Server\Resources\Schedules\RelationManagers\TasksRelationManager;
use App\Helpers\Utilities; use App\Helpers\Utilities;
use App\Models\Permission;
use App\Models\Schedule; use App\Models\Schedule;
use App\Traits\Filament\BlockAccessInConflict; use App\Traits\Filament\BlockAccessInConflict;
use App\Traits\Filament\CanCustomizePages; use App\Traits\Filament\CanCustomizePages;
@ -26,7 +25,6 @@ use Filament\Actions\CreateAction;
use Filament\Actions\DeleteAction; use Filament\Actions\DeleteAction;
use Filament\Actions\EditAction; use Filament\Actions\EditAction;
use Filament\Actions\ViewAction; use Filament\Actions\ViewAction;
use Filament\Facades\Filament;
use Filament\Forms\Components\Select; use Filament\Forms\Components\Select;
use Filament\Forms\Components\TextInput; use Filament\Forms\Components\TextInput;
use Filament\Forms\Components\Toggle; use Filament\Forms\Components\Toggle;
@ -46,7 +44,6 @@ use Filament\Support\Exceptions\Halt;
use Filament\Tables\Columns\IconColumn; use Filament\Tables\Columns\IconColumn;
use Filament\Tables\Columns\TextColumn; use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Table; use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\HtmlString; use Illuminate\Support\HtmlString;
use Throwable; use Throwable;
@ -64,26 +61,6 @@ class ScheduleResource extends Resource
protected static string|\BackedEnum|null $navigationIcon = 'tabler-clock'; protected static string|\BackedEnum|null $navigationIcon = 'tabler-clock';
public static function canViewAny(): bool
{
return user()?->can(Permission::ACTION_SCHEDULE_READ, Filament::getTenant());
}
public static function canCreate(): bool
{
return user()?->can(Permission::ACTION_SCHEDULE_CREATE, Filament::getTenant());
}
public static function canEdit(Model $record): bool
{
return user()?->can(Permission::ACTION_SCHEDULE_UPDATE, Filament::getTenant());
}
public static function canDelete(Model $record): bool
{
return user()?->can(Permission::ACTION_SCHEDULE_DELETE, Filament::getTenant());
}
/** /**
* @throws Exception * @throws Exception
*/ */
@ -357,7 +334,8 @@ class ScheduleResource extends Resource
->state(fn (Schedule $schedule) => $schedule->status === ScheduleStatus::Active ? $schedule->next_run_at : null), ->state(fn (Schedule $schedule) => $schedule->status === ScheduleStatus::Active ? $schedule->next_run_at : null),
]) ])
->recordActions([ ->recordActions([
ViewAction::make(), ViewAction::make()
->hidden(fn ($record) => static::getEditAuthorizationResponse($record)->allowed()),
EditAction::make(), EditAction::make(),
DeleteAction::make() DeleteAction::make()
->after(function (Schedule $schedule) { ->after(function (Schedule $schedule) {

21
app/Filament/Server/Resources/Users/UserResource.php
View File

@ -37,7 +37,6 @@ use Filament\Support\Enums\IconSize;
use Filament\Tables\Columns\ImageColumn; use Filament\Tables\Columns\ImageColumn;
use Filament\Tables\Columns\TextColumn; use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Table; use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Model;
class UserResource extends Resource class UserResource extends Resource
{ {
@ -63,26 +62,6 @@ class UserResource extends Resource
return $server->subusers->count(); return $server->subusers->count();
} }
public static function canViewAny(): bool
{
return user()?->can(Permission::ACTION_USER_READ, Filament::getTenant());
}
public static function canCreate(): bool
{
return user()?->can(Permission::ACTION_USER_CREATE, Filament::getTenant());
}
public static function canEdit(Model $record): bool
{
return user()?->can(Permission::ACTION_USER_UPDATE, Filament::getTenant());
}
public static function canDelete(Model $record): bool
{
return user()?->can(Permission::ACTION_USER_DELETE, Filament::getTenant());
}
public static function defaultTable(Table $table): Table public static function defaultTable(Table $table): Table
{ {
/** @var Server $server */ /** @var Server $server */

2
app/Policies/ApiKeyPolicy.php → app/Policies/Admin/ApiKeyPolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
class ApiKeyPolicy class ApiKeyPolicy
{ {

2
app/Policies/DatabaseHostPolicy.php → app/Policies/Admin/DatabaseHostPolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
use App\Models\DatabaseHost; use App\Models\DatabaseHost;
use App\Models\User; use App\Models\User;

2
app/Policies/DefaultPolicies.php → app/Policies/Admin/DefaultPolicies.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
use App\Models\User; use App\Models\User;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;

2
app/Policies/EggPolicy.php → app/Policies/Admin/EggPolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
class EggPolicy class EggPolicy
{ {

2
app/Policies/MountPolicy.php → app/Policies/Admin/MountPolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
use App\Models\Mount; use App\Models\Mount;
use App\Models\User; use App\Models\User;

2
app/Policies/NodePolicy.php → app/Policies/Admin/NodePolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
use App\Models\Node; use App\Models\Node;
use App\Models\User; use App\Models\User;

2
app/Policies/RolePolicy.php → app/Policies/Admin/RolePolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
class RolePolicy class RolePolicy
{ {

10
app/Policies/Admin/ServerPolicy.php Normal file
View File

@ -0,0 +1,10 @@
<?php
namespace App\Policies\Admin;
class ServerPolicy
{
use DefaultPolicies;
protected string $modelName = 'server';
}

2
app/Policies/UserPolicy.php → app/Policies/Admin/UserPolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
use App\Models\User; use App\Models\User;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;

2
app/Policies/WebhookConfigurationPolicy.php → app/Policies/Admin/WebhookConfigurationPolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Admin;
class WebhookConfigurationPolicy class WebhookConfigurationPolicy
{ {

10
app/Policies/DatabasePolicy.php
View File

@ -1,10 +0,0 @@
<?php
namespace App\Policies;
class DatabasePolicy
{
use DefaultPolicies;
protected string $modelName = 'database';
}

21
app/Policies/Server/ActivityLogPolicy.php Normal file
View File

@ -0,0 +1,21 @@
<?php
namespace App\Policies\Server;
use App\Models\Permission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
class ActivityLogPolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ACTION_ACTIVITY_READ, Filament::getTenant());
}
public function view(User $user, Model $model): bool
{
return $user->can(Permission::ACTION_ACTIVITY_READ, Filament::getTenant());
}
}

36
app/Policies/Server/AllocationPolicy.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace App\Policies\Server;
use App\Models\Permission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
class AllocationPolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ACTION_ALLOCATION_READ, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_ALLOCATION_READ, Filament::getTenant());
}
public function create(User $user): bool
{
return $user->can(Permission::ACTION_ALLOCATION_CREATE, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_ALLOCATION_UPDATE, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_ALLOCATION_DELETE, Filament::getTenant());
}
}

31
app/Policies/Server/BackupPolicy.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace App\Policies\Server;
use App\Models\Permission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
class BackupPolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ACTION_BACKUP_READ, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_BACKUP_READ, Filament::getTenant());
}
public function create(User $user): bool
{
return $user->can(Permission::ACTION_BACKUP_CREATE, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_BACKUP_DELETE, Filament::getTenant());
}
}

36
app/Policies/Server/DatabasePolicy.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace App\Policies\Server;
use App\Models\Permission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
class DatabasePolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ACTION_DATABASE_READ, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_DATABASE_READ, Filament::getTenant());
}
public function create(User $user): bool
{
return $user->can(Permission::ACTION_DATABASE_CREATE, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_DATABASE_UPDATE, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_DATABASE_DELETE, Filament::getTenant());
}
}

36
app/Policies/Server/FilePolicy.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace App\Policies\Server;
use App\Models\Permission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
class FilePolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ACTION_FILE_READ, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_FILE_READ_CONTENT, Filament::getTenant());
}
public function create(User $user): bool
{
return $user->can(Permission::ACTION_FILE_CREATE, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_FILE_UPDATE, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_FILE_DELETE, Filament::getTenant());
}
}

36
app/Policies/Server/SchedulePolicy.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace App\Policies\Server;
use App\Models\Permission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
class SchedulePolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ACTION_SCHEDULE_READ, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_SCHEDULE_READ, Filament::getTenant());
}
public function create(User $user): bool
{
return $user->can(Permission::ACTION_SCHEDULE_CREATE, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_SCHEDULE_UPDATE, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_SCHEDULE_DELETE, Filament::getTenant());
}
}

10
app/Policies/ServerPolicy.php → app/Policies/Server/ServerPolicy.php
View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Policies\Server;
use App\Models\Permission; use App\Models\Permission;
use App\Models\Server; use App\Models\Server;
@ -8,10 +8,6 @@ use App\Models\User;
class ServerPolicy class ServerPolicy
{ {
use DefaultPolicies;
protected string $modelName = 'server';
/** /**
* Runs before any of the functions are called. Used to determine if the (sub-)user has permissions. * Runs before any of the functions are called. Used to determine if the (sub-)user has permissions.
*/ */
@ -48,8 +44,10 @@ class ServerPolicy
* This is a horrendous hack to avoid Laravel's "smart" behavior that does * This is a horrendous hack to avoid Laravel's "smart" behavior that does
* not call the before() function if there isn't a function matching the * not call the before() function if there isn't a function matching the
* policy permission. * policy permission.
*
* @param array<string, mixed> $arguments
*/ */
public function __call(string $name, mixed $arguments): void public function __call(string $name, array $arguments): void
{ {
// do nothing // do nothing
} }

36
app/Policies/Server/UserPolicy.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace App\Policies\Server;
use App\Models\Permission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
class UserPolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ACTION_USER_READ, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_USER_READ, Filament::getTenant());
}
public function create(User $user): bool
{
return $user->can(Permission::ACTION_USER_CREATE, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_USER_UPDATE, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
return $user->can(Permission::ACTION_USER_DELETE, Filament::getTenant());
}
}

18
app/Providers/AppServiceProvider.php
View File

@ -26,6 +26,7 @@ use App\Services\Helpers\SoftwareVersionService;
use Dedoc\Scramble\Scramble; use Dedoc\Scramble\Scramble;
use Dedoc\Scramble\Support\Generator\OpenApi; use Dedoc\Scramble\Support\Generator\OpenApi;
use Dedoc\Scramble\Support\Generator\SecurityScheme; use Dedoc\Scramble\Support\Generator\SecurityScheme;
use Filament\Facades\Filament;
use Illuminate\Config\Repository; use Illuminate\Config\Repository;
use Illuminate\Database\Eloquent\Relations\Relation; use Illuminate\Database\Eloquent\Relations\Relation;
use Illuminate\Foundation\Application; use Illuminate\Foundation\Application;
@ -106,8 +107,21 @@ class AppServiceProvider extends ServiceProvider
]); ]);
} }
Gate::before(function (User $user, $ability) { Gate::before(fn (User $user, $ability) => $user->isRootAdmin() ? true : null);
return $user->isRootAdmin() ? true : null;
Gate::guessPolicyNamesUsing(function (string $modelClass) {
$panelId = mb_ucfirst(Filament::getCurrentOrDefaultPanel()->getId());
if ($panelId === 'App') {
return;
}
$modelName = class_basename($modelClass);
$class = "App\\Policies\\{$panelId}\\{$modelName}Policy";
if (class_exists($class)) {
return $class;
}
}); });
AboutCommand::add('Pelican', [ AboutCommand::add('Pelican', [