README

What's included

Filament template configured with some niceties

Filament pre-installed with Panels
Spatie Login Link added to login screen
Filament Activity Log User event logging and restore functionality
Advanced Permission Management System

Getting Started

Option 1: Use Template in Github

Permission Management System

The skeleton includes a robust permission management system built on top of Laravel's model system. This system provides fine-grained access control for all your models with minimal setup.

Key Features

Automatic CRUD permission generation for models
Role-based access control
Flexible permission naming conventions
Easy integration with Filament resources
Permission caching for optimal performance

Basic Usage

Extend the BaseModel in your models:

use App\Models\Base\BaseModel;

class Post extends BaseModel
{
    protected static function booted()
    {
        parent::booted();
        static::registerModelPermissions();
    }
}

Check permissions in your code:

// In controllers
if ($post->checkPermission(auth()->user(), 'update')) {
    // Proceed with update
}

// In Blade templates
@can('update', $post)
    <button>Edit Post</button>
@endcan

// In Filament resources
public static function canViewAny(): bool
{
    return auth()->user()->can('view post');
}

Custom Permissions

Add custom permissions beyond CRUD operations:

class Post extends BaseModel
{
    public static function getStandardPermissions(): array
    {
        return array_merge(parent::getStandardPermissions(), [
            'publish',
            'archive'
        ]);
    }
}

Middleware Integration

Protect your routes with the included middleware:

Route::get('/posts/{post}/edit', [PostController::class, 'edit'])
    ->middleware('check.permission:update');

Permission Naming Convention

Permissions follow a consistent naming pattern:

view post
create post
update post
delete post
publish post (custom)
archive post (custom)

Best Practices

Cache Permissions:
- Permissions are automatically cached
- Cache is invalidated on model updates
- Configurable cache duration
Role Organization:
- Create roles based on business domains
- Assign minimum required permissions
- Use role inheritance where appropriate
Security Considerations:
- Always check permissions on both frontend and backend
- Use middleware for route protection
- Implement proper permission checking in Filament resources

Implementation Example

Here's a complete example of implementing permissions in a Filament resource:

use App\Filament\Resources\PostResource;
use Filament\Resources\Resource;

class PostResource extends Resource
{
    public static function canViewAny(): bool
    {
        return auth()->user()->can('view post');
    }

    public static function canCreate(): bool
    {
        return auth()->user()->can('create post');
    }

    public static function canEdit(Model $record): bool
    {
        return auth()->user()->can('update post');
    }

    public static function canDelete(Model $record): bool
    {
        return auth()->user()->can('delete post');
    }

    // Custom action
    public function publish()
    {
        abort_unless(auth()->user()->can('publish post'), 403);
        // Publication logic
    }
}

Command Line Tools

The skeleton includes artisan commands for permission management:

# List all permissions
php artisan permissions:list

# Sync permissions for all models
php artisan permissions:sync

# Clear permission cache
php artisan permissions:clear-cache

Extending the System

You can extend the permission system by:

Creating custom permission providers
Adding new permission types
Implementing custom caching strategies
Adding permission inheritance
Creating permission groups

For more detailed information, check the documentation.

jordanpartridge / filament-skeleton

Maintainers

Details