Even if I assign a single role to a user, which only allows them to view one resource, why do they have the same permissions as a super admin? (Except for managing roles) It's as if each user I create inherits the roles. I've checked them from Tinker and it correctly indicates their role and permissions. However, they still have many more permissions than assigned.
Make sure you've run the core Shield policy generation command:
php artisan shield:generate --all
This command creates the necessary policies for your resources and registers them appropriately. It's an essential step after installing Shield or adding new resources.
Additionally, If you need to define custom permissions (e.g., publish, archive, etc.), you can specify them directly in your resource class by implementing the HasShieldPermissions interface.
Here's an example:
<?php
namespace App\Filament\Resources;
use BezhanSalleh\FilamentShield\Contracts\HasShieldPermissions;
use Filament\Resources\Resource;
class YourResource extends Resource implements HasShieldPermissions
{
public static function getPermissionPrefixes(): array
{
return [
'view',
'view_any',
'create',
'update',
'delete',
'delete_any',
'publish' // Custom permission
];
}
}
This allows Shield to recognize and manage these permissions through roles and policies.
Official Docs:
Generate Commands: https://filamentphp.com/plugins/bezhansalleh-shield#generate-command-options
Core commands: https://filamentphp.com/plugins/bezhansalleh-shield#core-commands
Custom permissions: https://filamentphp.com/plugins/bezhansalleh-shield#custom-permissions