Move to Policies #475

New Issue

Closed

opened 2026-02-05 17:39:47 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2026-02-05 17:39:47 +03:00

Owner

Copy Link

Originally created by @rmartinoscar on GitHub (Oct 25, 2025).

Overriding the can*() authorization methods on a Resource, RelationManager or ManageRelatedRecords class

Although these methods, such as canCreate(), canViewAny() and canDelete()weren’t documented, if you’re overriding those to provide custom authorization logic in v3, you should be aware that they aren’t always called in v4. The authorization logic has been improved to properly support policy response objects, and these methods were too simple as they are just able to return booleans.

If you can make the authorization customization inside the policy of the model instead, you should do that. If you need to customize the authorization logic in the resource or relation manager class, you should override the get*AuthorizationResponse() methods instead, such as getCreateAuthorizationResponse(), getViewAnyAuthorizationResponse() and getDeleteAuthorizationResponse(). These methods are called when the authorization logic is executed, and they return a policy response object. If you remove the override for the can*() methods, the get*AuthorizationResponse() methods will be used to determine the authorization response boolean, so you don't have to maintain the logic twice.

Source

Originally created by @rmartinoscar on GitHub (Oct 25, 2025). > Overriding the `can*()` authorization methods on a `Resource`, `RelationManager` or `ManageRelatedRecords` class</span> > > Although these methods, such as `canCreate()`, `canViewAny()` and `canDelete()`weren’t documented, if you’re overriding those to provide custom authorization logic in v3, you should be aware that they aren’t always called in v4. The authorization logic has been improved to properly support [policy response objects](https://laravel.com/docs/authorization#policy-responses), and these methods were too simple as they are just able to return booleans. > > If you can make the authorization customization inside the policy of the model instead, you should do that. If you need to customize the authorization logic in the resource or relation manager class, you should override the `get*AuthorizationResponse()` methods instead, such as `getCreateAuthorizationResponse()`, `getViewAnyAuthorizationResponse()` and `getDeleteAuthorizationResponse()`. These methods are called when the authorization logic is executed, and they return a [policy response object](https://laravel.com/docs/authorization#policy-responses). If you remove the override for the `can*()` methods, the `get*AuthorizationResponse()` methods will be used to determine the authorization response boolean, so you don't have to maintain the logic twice. [Source](https://filamentphp.com/docs/4.x/upgrade-guide#low-impact-changes)

OVERLORD closed this issue 2026-02-05 17:39:49 +03:00

OVERLORD commented 2026-02-05 17:39:51 +03:00

Author

Owner

Copy Link

@rmartinoscar commented on GitHub (Oct 25, 2025):

Since Database has a Policy its trying to use it and prevents the subusers from creating them in the client area

@rmartinoscar commented on GitHub (Oct 25, 2025): Since Database has a Policy its trying to use it and prevents the subusers from creating them in the client area

OVERLORD referenced this issue 2026-02-05 17:54:26 +03:00

[PR #483] [MERGED] Add timeouts #787

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

boy132/composer-update

boy132/reorderable-egg-stuff

boy132/replace-hardcoded-hex-strings

boy132/backup-notifications

boy132/backup-hosts

shift-2026-04

charles/filament-v5

release/v1.0.0-beta33

release/v1.0.0-beta32

lance/1228

lance/2026

lance/1022

lance/1585

lance/2163

charles/spotlight

charles/ex-im-servers

auto-claude/022-docker-image-links-plugin-dir-wrong

auto-claude/022-docker-image-links-plugin-dir-wrong-clean

release/v1.0.0-beta31

auto-claude/005-run-unit-tests-in-parallel

charles/new-activitylog

release/v1.0.0-beta30

release/v1.0.0-beta29

release/v1.0.0-beta28

release/v1.0.0-beta27

release/v1.0.0-beta26

release/v1.0.0-beta25

release/v1.0.0-beta24

release/v1.0.0-beta23

release/v1.0.0-beta22

release/v1.0.0-beta21

release/v1.0.0-beta20

release/v1.0.0-beta19

release/v1.0.0-beta18

release/v1.0.0-beta17

release/v1.0.0-beta16

release/v1.0.0-beta15

release/v1.0.0-beta14

release/v1.0.0-beta13

release/v1.0.0-beta11

release/v1.0.0-beta10

release/v1.0.0-beta9

release/v1.0.0-beta8

release/v1.0.0-beta7

release/v1.0.0-beta6

release/v1.0.0-beta5

release/v1.0.0-beta4

release/v1.0.0-beta3

release/v1.0.0-beta2

release/v1.0.0-beta1

3.x

v1.0.0-beta33

v1.0.0-beta32

v1.0.0-beta31

v1.0.0-beta30

v1.0.0-beta29

v1.0.0-beta28

v1.0.0-beta27

v1.0.0-beta26

v1.0.0-beta25

v1.0.0-beta24

v1.0.0-beta23

v1.0.0-beta22

v1.0.0-beta21

v1.0.0-beta20

v1.0.0-beta19

v1.0.0-beta18

v1.0.0-beta17

v1.0.0-beta16

v1.0.0-beta15

v1.0.0-beta14

v1.0.0-beta13

v1.0.0-beta11

v1.0.0-beta10

v1.0.0-beta9

v1.0.0-beta8

v1.0.0-beta7

v1.0.0-beta6

v1.0.0-beta5

v1.0.0-beta4

v1.0.0-beta3

v1.0.0-beta2

v1.0.0-beta1

2.x

1.x

0.x

Labels

Clear labels

not confirmed

pull-request

Mirrored from GitHub Pull Request

👑 sponsor

💰 fund

🔴 hard

🟡 medium

🟡 medium

🟡 medium

🟢 easy

🟢 easy

🟢 easy

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/panel-pelican-dev#475