Closed paperscissors closed 3 years ago
Tarpsvo
commented
3 years ago Hi! That depends on what you want to do. If you want to hide the page management from certain users, you should use the Tool authorization instead.
Like so:
// in app/Providers/NovaServiceProvider.php
public function tools()
{
return [
// ...
(new \OptimistDigital\NovaPageManager\NovaPageManager)->canSee(function ($request) {
return user()->isAdmin();
}),
];
}
paperscissors
commented
3 years ago Thanks! I used a more messy approach and switched the tools array depending on role, but this looks much more legible.
matthewjumpsoffbuildings
commented
2 years ago @Tarpsvo I am trying to use this approach, but its saying the $request->user() is null, when attempting to get the fields when editing a Region
The request is /nova-vendor/page-manager/region/2/fields and both ->user() and ->getUser() return null.
Is there a reason the user wouldnt be present on the Request object for this route?
Heres my code for reference:
public function tools() {
return [
(new \Outl1ne\PageManager\PageManager())
->canSee(function(Request $request) {
return in_array('cms', $request->user()->permissions);
}),
]}In other places (eg when generating the main left menu etc, the user object is set and works fine, its just when its a fields request that it seems to fail
Tarpsvo
commented
2 years ago Weird, I'm unable to reproduce this issue. I seem to have a $request->user() in the template's fields() function.
I've tried adding it to the policies array on
AuthServiceProviderbut Nova isn't picking it up, I assume because of how the package is setup in Nova.I'm calling the policy in the array like this:
Any thoughts on how I might be able to set one up to secure this section from certain roles?