In my Laravel project, I try to limit delete action. Non-admin users should be able to delete only their own content.
public function forceDelete(User $user, Slider $slider): bool
{
return $user->hasRole("Admin") || $slider->created_by === $user->id;
}
I can still see the bulk delete action select and I can still delete the content I didn’t create.
Is there a solution for this problem?
>Solution :
Unfortunately, all the built-in bulk actions suffer from this issue.
https://filamentphp.com/docs/3.x/panels/resources/getting-started#authorization
Filament uses the
forceDeleteAny()method because iterating through multiple records and checking theforceDelete()policy is not very performant.
In our case, we made a custom action (extended off Filament\Tables\Actions\BulkAction) that does iterate through all the items.