Authorization & Access Control
FrankenCMS does not include a built-in role or permission system. Instead, you control access using Laravel's native authorization tools and Filament's panel access controls.
Controlling Panel Access
Filament requires users to be authorized before they can access the admin panel. Implement the
canAccessPanel method on your User model to control who can log in:
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
class User extends Authenticatable implements FilamentUser
{
public function canAccessPanel(Panel $panel): bool
{
// Only allow users with verified emails
return $this->hasVerifiedEmail();
// Or check a specific domain
// return str_ends_with($this->email, '@yourcompany.com');
// Or check a database flag
// return $this->is_admin;
}
}Using Policies
Laravel policies let you define authorization logic for specific models. Filament automatically respects policies, so defining a policy is often all you need to restrict actions in the admin panel.
For example, you could restrict post editing to the original author:
use App\Models\User;
use FrankenCms\Models\Post;
class PostPolicy
{
public function update(User $user, Post $post): bool
{
return $user->id === $post->author_id;
}
public function delete(User $user, Post $post): bool
{
return $user->id === $post->author_id;
}
}
Register the policy in your AppServiceProvider:
use Illuminate\Support\Facades\Gate;
use App\Policies\PostPolicy;
use FrankenCms\Models\Post;
public function boot(): void
{
Gate::policy(Post::class, PostPolicy::class);
}Filament will now automatically check these policies when users attempt to edit or delete posts through the admin panel. For a full overview of policies, gates, and Blade authorization directives, see the Laravel Authorization documentation.