PHPackages adultdate/filament-shield - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. adultdate/filament-shield ActiveLibrary[Authentication & Authorization](/categories/authentication) adultdate/filament-shield ========================= Filament support for `spatie/laravel-permission`. 4.0.3(5mo ago)01MITPHPPHP ^8.2 Since Jan 3Pushed 4mo agoCompare [ Source](https://github.com/adultdate/filament-shield)[ Packagist](https://packagist.org/packages/adultdate/filament-shield)[ Docs](https://github.com/bezhansalleh/filament-shield)[ GitHub Sponsors](https://github.com/bezhanSalleh)[ RSS](/packages/adultdate-filament-shield/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (21)Versions (104)Used By (0) [![filament-shield-art](https://repository-images.githubusercontent.com/443775406/08a6c1ef-c8cc-4085-afb3-fb916ce6d3c6)](https://github.com/adultdate/filament-shield) [ ![FILAMENT 4.x](https://camo.githubusercontent.com/13befbe0cffd101b2484ce1cdd985dabcddcbf1176d17a675674d53af99cfdbc/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f46494c414d454e542d342e782d4542423330343f7374796c653d666f722d7468652d6261646765) ](https://filamentphp.com/docs/4.x/panels/installation) [ ![Packagist](https://camo.githubusercontent.com/9c6745f6b8663edffc6d58d30d875f07c4f33c6427956d014cf98a9812ef3fb0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6164756c74646174652f66696c616d656e742d736869656c642e7376673f7374796c653d666f722d7468652d6261646765266c6f676f3d7061636b6167697374) ](https://packagist.org/packages/adultdate/filament-shield) [ ![Tests Passing](https://camo.githubusercontent.com/089bd58b9df1b8507ebdc5326b86ac6fc4c3743495f80790bc15dce01098c19b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6164756c74646174652f66696c616d656e742d736869656c642f72756e2d74657374732e796d6c3f7374796c653d666f722d7468652d6261646765266c6f676f3d676974687562266c6162656c3d7465737473) ](https://github.com/adultdate/filament-shield/actions?query=workflow%3Arun-tests+branch%3Amain) [ ![Code Style Passing](https://camo.githubusercontent.com/b3a1fefc1349f8b59f2f69ecba472d81221b4230999d16205a2d1dba4013f01f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6164756c74646174652f66696c616d656e742d736869656c642f6c61726176656c2d70696e742e796d6c3f7374796c653d666f722d7468652d6261646765266c6f676f3d676974687562266c6162656c3d636f64652532307374796c65) ](https://github.com/adultdate/filament-shield/actions?query=workflow%3A)[ ![Downloads](https://camo.githubusercontent.com/1afa7733d0b2c31cf9700575942b1582fbc09d110a9c110be85388967c8ea787/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6164756c74646174652f66696c616d656e742d736869656c642e7376673f7374796c653d666f722d7468652d6261646765) ](https://packagist.org/packages/adultdate/filament-shield) Shield ====== [](#shield) The easiest and most intuitive way to add access management to your Filament panels. Important This iteration is a complete rewrite from versions 3.x and 4.x-beta and is not backward compatible. Please refer to the [Upgrade](#upgrade) section on how to proceed. Features -------- [](#features) - 🛡️ **Complete Authorization Management** - 📦 Resource Permissions - 📄 Page Permissions - 🧩 Widget Permissions - 🛠️ **Custom (ad-hoc) permissions** - 🤖 **Automatic Policy Generation** - 📜 Default Policy methods for Filament Resources - 🏷️ Per Resource Policy definition - 🔗 Third-party resource policy & permission generation - 👑 **Super admin role or gate interception** - 👤 **Optional baseline panel user role** - 🔄 **Multi-tenancy Support** - 🔍 **Entity discovery** (across all panels if enabled) - 🌐 **Localized permission & entity labels** - 🌱 **Seeder generation** (roles + direct permissions) - 🎨 **Intuitive UI** - 🖌️ Publish & customize the built-in resource - ⚡ **Fine-grained CLI tooling** with safe prohibiting Compatibility ------------- [](#compatibility) Package VersionFilament Version[2.x](https://github.com/bezhanSalleh/filament-shield/tree/2.x)2.x[3.x](https://github.com/bezhanSalleh/filament-shield/tree/3.x)3.x**4.x**4.x **Table of Contents**- [Installation](#installation) - [1. Install Package](#1-install-package) - [2. Configure Auth Provider](#2-configure-auth-provider) - [3. Setup Shield](#3-setup-shield) - [Usage & Configuration](#usage--configuration) - [Permissions](#permissions) - [Configuration](#configuration) - [Case](#case) - [Customize permission key composition](#customize-permission-key-composition) - [Policies](#policies) - [Configuration](#configuration-1) - [Methods](#methods) - [Merge](#merge) - [Single Parameter Methods](#single-parameter-methods) - [Policy Enforcement](#policy-enforcement) - [Resources](#resources) - [Configuration](#configuration-2) - [Subject](#subject) - [Manage](#manage) - [Exclude](#exclude) - [Pages & Widgets](#pages--widgets) - [Configuration](#configuration-3) - [Options](#options) - [Permission Enforcement](#permission-enforcement) - [Custom Permissions](#custom-permissions) - [Users (Assigning Roles to Users)](#users-assigning-roles-to-users) - [Shield Plugin & Resource](#shield-plugin--resource) - [Navigation](#navigation) - [Labels](#labels) - [Global Search](#global-search) - [Parent Resource](#parent-resource) - [Tenancy](#tenancy) - [Layout Customization](#layout-customization) - [Commands](#commands) - [Prohibited Commands](#prohibited-commands) - [Core Commands](#core-commands) - [Generate Command Options (recap)](#generate-command-options-recap) - [Localization](#localization) - [Configuration](#configuration-4) - [How It Works](#how-it-works) - [Generating Translation Files](#generating-translation-files) - [Translation Keys](#translation-keys) - [Default Package Translations](#default-package-translations) - [Upgrade](#upgrade) - [Translations](#translations) - [Testing](#testing) - [Changelog](#changelog) - [Contributing](#contributing) - [Security Vulnerabilities](#security-vulnerabilities) - [Credits](#credits) - [License](#license) Installation ============ [](#installation) 1. Install Package ------------------ [](#1-install-package) ``` composer require adultdate/filament-shield ``` 2. Configure Auth Provider -------------------------- [](#2-configure-auth-provider) 1. Publish the config and set your auth provider model. ``` php artisan vendor:publish --tag="filament-shield-config" ``` ``` // config/filament-shield.php return [ // ... 'auth_provider_model' => 'App\\Models\\User', // ... ]; ``` 2. Add the `HasRoles` trait to your auth provider model: ``` use Spatie\Permission\Traits\HasRoles; class User extends Authenticatable { use HasRoles; } ``` 3. Setup Shield --------------- [](#3-setup-shield) Run the setup command (it is interactive and smart): ``` php artisan shield:setup ``` Usage & Configuration ========================= [](#usage--configuration) The package comes with a sensible default configuration that should work for most applications. You can customize the configuration by modifying it to fit your needs. The following sections explain the various configuration options available. Permissions ----------- [](#permissions) You can customize how permission keys are generated to match your preferred naming conventions and organizational standards. Shield uses these settings from the `filament-shield.php` **config** file when creating permission names from your `{Resources|Pages|Widgets}`. ### Configuration [](#configuration) ``` 'permissions' => [ 'separator' => ':', 'case' => 'pascal', 'generate' => true, ], ``` ### Case [](#case) Shield formats permission keys using the specified case style. The available options are: - `camel` - `kebab` - `snake` - `pascal` (default) - `upper_snake` ### Customize permission key composition [](#customize-permission-key-composition) You can customize how permission keys are generated by providing your own callback to `buildPermissionKeyUsing` in your `AppServiceProvider`'s `boot()` method. The callback receives the following parameters: - `string $entity`: The type of entity (e.g., 'Resource', 'Page', 'Widget'). - `string $affix`: The action or method name (e.g., 'viewAny', 'create'). - `string $subject`: The subject or resource name (e.g., 'Post', 'Dashboard'). - `string $case`: The case format specified in the config (e.g., 'pascal'). - `string $separator`: The separator specified in the config (e.g., ':'). - Now let's consider an example where we want to handle `Resource` entities that handle the same `Model` or `Models` with the same name but with different namespaces and directory structures. The Filament [Demo](https://github.com/filamentphp/demo) has two resources with the same name that handle two different models: - `App\Filament\Resources\Blog\Categories\CategoryResource` that handles `App\Models\Blog\Category` - `App\Filament\Resources\Shop\Categories\CategoryResource` that handles `App\Models\Shop\Category` By default Shield will generate the same permission keys for both resources which can cause conflicts. To avoid this we can customize the permission key composition to include the navigation group of the resource as part of the permission key. Here's how you can do it: ``` use BezhanSalleh\FilamentShield\Facades\FilamentShield; use Filament\Resources\Resource; FilamentShield::buildPermissionKeyUsing( function (string $entity, string $affix, string $subject, string $case, string $separator) { if (is_subclass_of($entity, Resource::class) && in_array( needle: $entity, haystack: [ 'App\Filament\Resources\Blog\Categories\CategoryResource', 'App\Filament\Resources\Shop\Categories\CategoryResource' ], strict: true )) { $subject = str($subject) ->prepend($resource::getNavigationGroup()) ->trim() ->toString(); } return FilamentShield::defaultPermissionKeyBuilder( affix: $affix, separator: $separator, subject: $subject, case: $case ); } ); ``` Now when you run the `shield:generate` command, it will generate distinct permission keys for each `CategoryResource` based on their navigation groups: - For `Blog`'s `CategoryResource` since its navigation group is `Blog`: - `ViewAny:BlogCategories` - `View:BlogCategories` - `Create:BlogCategories` - `Update:BlogCategories` - `Delete:BlogCategories` - For `Shop`'s `CategoryResource` since it uses a cluster and its navigation group is blank, so it will just use the resource `subject` configured in the config `filament-shield.resources.subject` which is `model` by default: - `ViewAny:Categories` - `View:Categories` - `Create:Categories` - `Update:Categories` - `Delete:Categories` This approach ensures that each resource has a unique set of permission keys, preventing any conflicts and allowing for more granular access control. You can of course extract the logic to a separate class or function if it gets too complex, but this should give you a good starting point. Policies -------- [](#policies) Shield automatically generates policies for your Resources' Models. ### Configuration [](#configuration-1) ``` 'policies' => [ 'path' => app_path('Policies'), 'merge' => true, 'generate' => true, 'methods' => [ 'viewAny', 'view', 'create', 'update', 'delete', 'restore', 'forceDelete', 'forceDeleteAny', 'restoreAny', 'replicate', 'reorder', ], 'single_parameter_methods' => [ 'viewAny', 'create', 'deleteAny', 'forceDeleteAny', 'restoreAny', 'reorder', ], ], ``` ### Methods [](#methods) Each policy includes methods defined in the `policies.methods` config. You can customize this list to fit your application's needs. Since Filament Resources typically use a standard set of methods, the default configuration should suffice for most applications. If you have specific resources that require additional methods, you can easily add them to the list. However, it would be best to only include methods that are commonly used across your resources and define any resource-specific methods in the `resources.manage` config section. This approach keeps your policies clean and relevant to your application's requirements. ### Merge [](#merge) When `policies.merge` is set to `true`, Shield will combine the global methods defined in `policies.methods` with any resource-specific methods you define in `resources.manage`. This ensures that each resource's policy includes both the standard methods and any additional ones you need for that particular resource. ### Single Parameter Methods [](#single-parameter-methods) Some policy methods only require the user instance as a parameter (e.g., `viewAny`, `create`). These are defined in `policies.single_parameter_methods`. Shield will generate these methods accordingly in the policies. When you add new methods or resource-specific methods, ensure to update this list if they also only require the user instance. This helps maintain consistency and clarity in your policy definitions. ### Policy Enforcement [](#policy-enforcement) Laravel automatically resolves policies for models, but this is not always the case. For instance, if your models are not in the default `App\Models` namespace, are nested, or are from third-party plugins, you may need to manually register the policies. You can do this in a service provider's `boot()` method: ``` Gate::policy(Awcodes\Curator\Models\Media::class, App\Policies\MediaPolicy::class); ``` **Tip** For your in-app resources' models you can add the following method in the `boot()` method to automatically enforce policies, without the need to manually register each policy. This assumes your policies are in the `App\Policies` namespace and follow the naming convention of appending `Policy` to the model class name. Adjust the `str_replace` parameters if your structure differs: ``` use Illuminate\Support\Facades\Gate; Gate::guessPolicyNamesUsing(function (string $modelClass) { return str_replace('Models', 'Policies', $modelClass) . 'Policy'; }); ``` Resources --------- [](#resources) Shield derives resource permission keys from configured policy methods. Since Filament `Resources`' authorization is handled via policies, generated permissions align with policy methods. ### Configuration [](#configuration-2) ``` 'resources' => [ 'subject' => 'model', 'manage' => [ \BezhanSalleh\FilamentShield\Resources\Roles\RoleResource::class => [ 'viewAny', 'view', 'create', 'update', 'delete', ], ], 'exclude' => [ // ], ], ``` ### Subject [](#subject) You can customize the subject used for resource permissions by setting the `subject` key in the `resources` configuration. The subject can be set to either `class` or `model` (default is `model`). ### Manage [](#manage) You can define resource-specific policy methods in the `resources.manage` configuration. This allows you to tailor the permissions for individual resources (in-app or third-party) based on their unique requirements. When you specify methods here, Shield will generate permissions for these methods in addition to the global methods defined in `policies.methods`, provided that `policies.merge` is set to `true`. This ensures that each resource has a comprehensive set of permissions that reflect both standard and resource-specific actions. ### Exclude [](#exclude) You can exclude specific resources from permission generation by listing them in the `resources.exclude` configuration. This is useful for resources that should always be accessible or do not require permission checks. When a resource is excluded, Shield will skip generating permissions and policy for it. Pages & Widgets ------------------- [](#pages--widgets) Both **pages** and **widgets** in Filament follow a similar permission model. By default, they require **view** permissions. You can customize their behavior in the configuration, including subject, prefix, exclusions, and enforcement traits. ### Configuration [](#configuration-3) **Pages** ``` 'pages' => [ 'subject' => 'class', 'prefix' => 'view', 'exclude' => [ \Filament\Pages\Dashboard::class, ], ], ``` **Widgets** ``` 'widgets' => [ 'subject' => 'class', 'prefix' => 'view', 'exclude' => [ \Filament\Widgets\AccountWidget::class, \Filament\Widgets\FilamentInfoWidget::class, ], ], ``` ### Options [](#options) OptionDescription**Subject**Determines how the permission subject is generated. • `class` → Uses the class name (default). • `model` → Uses the model name (if the entity has a `static getModel()` method).**Prefix**Prepended to permission keys for distinction. • Example for Pages: `Page:IconLibrary` • Example for Widgets: `Widget:IncomeWidget`.**Exclude**Entities listed here will be skipped during permission generation. Useful for always-accessible entities like dashboards, account widgets, or system info.### Permission Enforcement [](#permission-enforcement) Use the appropriate **Shield trait** to automatically enforce permissions. When applied, these traits ensure: - Navigation or rendering is **hidden** if the user lacks permission. - Access to the page/widget is **restricted**. **Pages** ```