canAccessPanel() Not being called | Filament | Page 1

eternal pond Mar 1, 2025, 11:59 AM

#

I am triying to secure access but my canAccessPanel() is not being called. I am using FilamentUser contract in User. And below is my code. to test i am always retirnung false but i am still able to access panel. I cleared all caches. ``` public function canAccessPanel(Panel $panel): bool
{
dd('canAccessPanel is being called!');
return false;

    $panelId = $panel->getId();
    if ($panelId === 'labaiq-team') {
        return $this->user_type === 'platform_team_member' && str_ends_with($this->email, '@labaiq.com') && $this->email_verified_at;
    }

    if($panelId === 'user' || $panelId === 'company'){

        return $this->user_type === 'general_user';
    }


    return false;
}```

craggy blazeBOT Mar 1, 2025, 11:59 AM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

warped compass Mar 1, 2025, 3:35 PM

#

Is your environment local?

eternal pond Mar 1, 2025, 6:27 PM

#

Hi @warped compass . I tested in both local and production.

dusty mica Mar 1, 2025, 8:04 PM

#

I suggest looking if you have a piece of code that does this:

Gate::before(function ($user, $ability) { return $user->super_admin == 1 ? true : null; });

#

But that is just a hunch

warped compass Mar 2, 2025, 1:46 AM

#

eternal pond Hi <@357908684904595466> . I tested in both local and production.

Do you implement the interface on the user model?

eternal pond Mar 2, 2025, 4:38 AM

#

Yes only on User model ```

#[ObservedBy([UserObserver::class])]
class User extends Authenticatable implements FilamentUser, HasDefaultTenant, HasTenants, HasMedia, HasAvatar
{
use HasFactory;
use HasSlug;
use HasRolesAndPermissions;
use Notifiable;
use InteractsWithMedia;
use FavoriteCreateable;
use HasApiTokens;
public function canAccessPanel(Panel $panel): bool
{

    $panelId = $panel->getId();
    if ($panelId === 'labaiq-team') {
        return $this->user_type === 'platform_team_member' && str_ends_with($this->email, '@labaiq.com');
    }

    if($panelId === 'user' || $panelId === 'company'){

        return $this->user_type === 'general_user';
    }


    return false;
}

eternal pond Mar 2, 2025, 4:40 AM

#

dusty mica I suggest looking if you have a piece of code that does this: `Gate::before(fun...

Hi I appreciate this pointer but nothing found. But I agree we have our roles and permissions from scratch without using any package. Not very perfect but optimising. But we are not calling any Gate::before. Here is our PermissionServiceProvider code``` class PermissionServiceProvider extends ServiceProvider
{
/**
* Register services.
*/
public function register(): void
{
//
}

/**
 * Bootstrap services.
 */
public function boot(): void
{
    // Load permissions from the database and define gates for them
    if (Schema::hasTable('permissions')) {
        Permission::all()->each(function ($permission) {
            Gate::define($permission->name, function ($user = null) use ($permission) {
                return $user && $user->hasPermission($permission->name);
            });
        });
    }
}

}```

eternal pond Mar 3, 2025, 8:18 PM

#

Hi @warped compass I have custom authenticate middleware. Can this be an issue? Unable to figureout issue. ``` use Illuminate\Auth\Middleware\Authenticate as Middleware;

class CustomAuthenticate extends Middleware
{

public function handle($request, Closure $next, ...$guards)
{

    if (!Auth::check()) {
        // Save the intended URL in the session
        session(['url.intended' => $request->url()]); // Save intended URL

        session()->flash('open_authentication_modal', true);
        // Handle AJAX (JSON) request case
        if ($request->expectsJson()) {
            return response()->json(['message' => 'Unauthorized.'], 401);
        }

        // Return null to allow the modal to open without redirecting
        return redirect('/'); // Redirect to the home page
    }

    return $next($request); // Continue processing the request
}

}```

#

I am using like ->authMiddleware([ // Authenticate::class, CustomAuthenticate::class, EnsureUserHasVerifiedEmailMobile::class, ], isPersistent: true) in all panels.

#

Yes I checked. CanAccessPanel is now called when i commented out my Customauthenticate::class and reused filament Authenticate::class. not sure how to fix this.

eternal pond Mar 3, 2025, 8:52 PM

#

Thsnks I got the fix. I implemented ``` $panel = Filament::getCurrentPanel();

    abort_if(
        $user instanceof FilamentUser ?
            (! $user->canAccessPanel($panel)) :
            (config('app.env') !== 'local'),
        403,
    );``` in my CustomAuthenticate middleware and it did what i needed.

#

Error was due to using the Custom authentication middleware in all my panels. I had commented out Authenticate::class from all auth middleware. Filament native authenticate middleware calls canAccessPanel() method directly. Whereas I implemented CustomAuthenticate::class and removed filament one which caused and issue. Fix was to include this below peice of code in my CustomAuthentciate. ```$panel = Filament::getCurrentPanel();

    abort_if(
        $user instanceof FilamentUser ?
            (! $user->canAccessPanel($panel)) :
            (config('app.env') !== 'local'),
        403,
    );```

#canAccessPanel() Not being called