#How to redirect unauthorized F4 admin panel access to homepage in L12?

4 messages · Page 1 of 1 (latest)

silk cloud
#

Hi everyone,

I’m working with Filament 4 and Laravel 12. I have a user model with a canAccessPanel() method to control access to my admin panel:

public function canAccessPanel(Panel $panel): bool
{
if ($panel->getId() === 'admin') {
return str_ends_with($this->email, '@example.com') && $this->hasVerifiedEmail();
}

return true;

}

Currently, if a user who is not allowed tries to access the admin panel, Filament shows a 403 error page. I want to redirect them to the homepage (/) instead.

I’ve tried returning redirect('/') directly in canAccessPanel(), but that breaks the type contract and throws errors. I also tried modifying the exception handler, but nothing works reliably with Livewire requests.

My questions:

What’s the recommended way in Laravel 12 + Filament 4 to redirect unauthorized users from the admin panel to the homepage?

How can this work with both normal requests and Livewire/AJAX requests inside Filament?

Is using a middleware the best approach, or is there a simpler way?

Thanks in advance for any guidance or example snippets!

delicate swanBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

fair kernel
silk cloud
# fair kernel I think you can use a middleware

This middleware works perfect with multi-panel (Created with GTP) 😊

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;
use Filament\Facades\Filament;
use Filament\Models\Contracts\FilamentUser;

class RedirectIfNotFilamentAdmin
{
public function handle(Request $request, Closure $next)
{
$auth = Filament::auth();
$panel = Filament::getCurrentPanel();
$user = $auth->user();

    // Not logged in → let them access login page
    if (!$auth->check()) {
        return $next($request);
    }

    Auth::shouldUse(Filament::getAuthGuard());

    if (!($user instanceof FilamentUser)) {
        return redirect('/'); // fallback
    }

    // Allowed roles per panel
    $allowedRoles = [
        'admin' => ['admin'],
        'dashboard' => ['admin', 'staff'],
        'patient' => ['admin', 'patient', 'staff'],
        // add more panels here in the future
    ];

    $panelId = $panel?->getId();

    if ($panelId && isset($allowedRoles[$panelId])) {
        if (!in_array($user->role, $allowedRoles[$panelId])) {
            // Redirect based on role
            switch ($user->role) {
                case 'admin':
                    return redirect('/admin');
                case 'staff':
                    return redirect('/dashboard');
                case 'patient':
                    return redirect('/patient');
                default:
                    return redirect('/'); // fallback
            }
        }
    } else {
        // Panel doesn't exist or user can't access → destroy session
        Auth::logout();
        $request->session()->invalidate();
        $request->session()->regenerateToken();
        return redirect('/login')->with('error', 'You cannot access.');
    }

    return $next($request);
}

}