Level 61
Are you talking about Laravel Nova?
May 3, 2020
15
Level 2
Using scope / policy / indexQuery for limiting what a user can see&do?
Hi all,
W have an application where people manage projects. One project can have multiple users, one user can have multiple projects, so we have a many to many for that.
I would like a select in the topbar: "Select your project". A lot of resources available for that user fall under a project, so when user has selected project ID 1, I want to show all resources where BelongsTo project_id = 1.
I'm a bit hesitant what to do, should I use a policy for this? Or a scope, or something else? How would you guys set this up?
And could someone point me to the right way how to add a select-field next to the search bar in the header if there's a proper way to do it please? I can hack it myself but hopefully there's a better way I haven't found before.
Level 88
A query scope normally works best for querying the specific underlying data. But it also depends a bit on what your setup is.
Can you post some code with logic that fetches the data?
Level 2
Yes - that's why I added it to that part of the forum, sorry wasn't too clear there.
Level 2
Well currently I just have a regular set-up with a few models/resources. Each model belongs to a project and I'd like to have a big project-select in the header, so everything you do is always connected to the selected model. I don't really know what code to show you now because I'm asking for an idea how to set it up :)
Level 61
I think I understand now, you want a select bar to scope everything to that project? Easiest way I can think of is following:
- on dashboard add all projects that user has relationship to
- let user pick specific project and store that in session
- use that session data to scope every
indexQueryto selected project - change template to show selected project
What you can also try is:
- change template to show selecting of projects
- on change set selected project to session
- use that session data to scope every
indexQueryto selected project
Seems doable.
Level 61
Haha, first win against all mighty @bobbybouwmann ☺️
Level 2
OK perfect, that will do the trick. Though, it would not block someone from entering another users projects right? They should not have access to other peoples data..
Level 61
Ofc, unless it is a wrong click on the best answer button 🤣
Level 61
OK perfect, that will do the trick. Though, it would not block someone from entering another users projects right? They should not have access to other peoples data..
Best way to allow access only to assigned projects is to use Policies.
Level 2
Thank you! And no, not a wrong click, very helpful :D
Level 61
Thank you!
You are very welcome.
And no, not a wrong click, very helpful :D
Woohooo, I'm going to get drunk right now :D
Level 88
@bugsysha Hehe awesome! Drink a beer for me too ;)
Level 61
@bobbybouwmann will do. Any specific beer? :)
Level 88
@bugsysha Heineken?!
Level 61
@bobbybouwmann You got it!
Please or to participate in this conversation.