User Resource For Filament Admin along with Roles & Permissions using Spatie
You can install the package via composer:
composer require phpsa/filament-authenticationand run the install command
php artisan filament-authentication:installthis will publish the config file and migrations
optionally publish views / translations
artisan vendor:publish --tag=filament-authentication-views
artisan vendor:publish --tag=filament-authentication-translationsIf you have not yet configured this package it is automatically added by this installer, run the following steps:
- You should publish the migration and the config/permission.php config file with:
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
php artisan migrate-
Add the
Spatie\Permission\Traits\HasRolestrait to your Users model -
Add Roles & Permissions as required
For more see: https://spatie.be/docs/laravel-permission/v6/introduction
in your Filament panel file you need to add the following to the Plugins section
add the resources
public function panel(Panel $panel): Panel
{
return $panel
...
->plugins([
\Phpsa\FilamentAuthentication\FilamentAuthentication::make(),
])
...You can configure this via either the config file or the plugin.
LatestUsersWidget can be added to your dashboard by adding it to your panel widgets area..
LatestUsersWidget::class
Note that it is also attached to the UserPolicy::viewAny policy value if the policy exists
If you have not configured this package it is automatically added by this install, run the following steps:
- Add the trait
Lab404\Impersonate\Models\Impersonateto your User model. - edit the config file and set impersonate->enabled to true
By default all users can impersonate an user.
You need to add the method canImpersonate() to your user model:
/**
* @return bool
*/
public function canImpersonate()
{
// For example
return $this->is_admin == 1;
}By default all users can be impersonated.
You need to add the method canBeImpersonated() to your user model to extend this behavior:
/**
* @return bool
*/
public function canBeImpersonated()
{
// For example
return $this->can_be_impersonated == 1;
}Protect From Impersonation
You can use the middleware impersonate.protect to protect your routes against user impersonation.
This middleware can be useful when you want to protect specific pages like users subscriptions, users credit cards, ...
Router::get('/my-credit-card', function() {
echo "Can't be accessed by an impersonator";
})->middleware('impersonate.protect');Events There are two events available that can be used to improve your workflow:
TakeImpersonationis fired when an impersonation is taken.LeaveImpersonationis fired when an impersonation is leaved.
Each events returns two properties $event->impersonator and $event->impersonated containing User model instance.
Introduced in V4.2.0 - this allows you to enforce a user to change their password every X days.
Enable this & configure this as Follows:
- add the
Phpsa\FilamentAuthentication\Traits\CanRenewPasswordtrait to your user model - configure the options for pruning and renewal day period in the config file
- if not published, publish migration
artisan vendor:publish --tag filament-authentication-migrations
this will force a user to update their password, note -- all existing users will initially be foreced to, this can be ignored by running the following command:
From V5.0.0 - there is a new validation rule that can be added to validate that a password has not been used before.
Phpsa\FilamentAuthentication\Rules\PreventPasswordReuseRule - this will use the value from config filament-authentication.password_renew.prevent_password_reuse 0 to disable, any number of previous to block out fro re-use.
-- If using socialite / Filament-socialite etc, you will need to override the public function needsRenewal(): bool method in the trait,
EG:
use CanRenewPassword {
CanRenewPassword::needsRenewal as traitNeedsRenewal;
}
public function needsRenewal(): bool
{
if ($this->password === null && SocialiteUser::where('user_id', $this->id)->exists()) {
return false;
}
return $this->traitNeedsRenewal();
}Introduced in V4.2.0 - this allows you to log each user login attempt.
Enable this & configure this as follows:
- add the
Phpsa\FilamentAuthentication\Traits\LogsAuthenticationtrait to your user model - configure the options for prune in the authentication_log section of the config
- optionally enable the resource in navigation section of the config file.
- if not published, publish migration
artisan vendor:publish --tag filament-authentication-migrations
this will now log login and logouts on the system.
Roles & Permissions can be secured using Laravel Policies, create your policies and register then in the AuthServiceProvider
protected $policies = [
Role::class => RolePolicy::class,
Permission::class => PermissionPolicy::class,
CustomPage::class => CustomPagePolicy::class,
SettingsPage::class => SettingsPagePolicy::class
// 'App\Models\Model' => 'App\Policies\ModelPolicy',
];We have a Custom Page Trait: Phpsa\FilamentAuthentication\Traits\PagePolicyTrait and a Spatie Settings Page Trait Phpsa\FilamentAuthentication\Traits\SettingsPage\PolicyTrait that you can add to your pages / settings pages.
By defining a model and mapping it with a viewAny($user) method you can define per policies whether or not to show the page in navigation.
Phpsa\FilamentAuthentication\Events\UserCreated is triggered when a user is created via the Resource
Phpsa\FilamentAuthentication\Events\UserUpdated is triggered when a user is updated via the Resource
- MFA Authentication
- Socialite Authentication
- Biometrics Athentication
Please see CHANGELOG for more information on what has changed recently.
The MIT License (MIT). Please see License File for more information.