The Filament Library plugin includes a comprehensive permission system that allows you to control access to library items on a per-user basis.
- User-based permissions: Grant view/edit permissions to specific users
- Google Drive-style inheritance: Permissions cascade from parent folders to children
- Bulk permission management: Assign permissions to multiple users and items at once
- Cached performance: Permission checks are cached for optimal performance
- Configurable user model: Works with any Laravel user model
You can assign permissions to users in several ways:
- Go to the Library Items list
- Select one or more items
- Click "Manage Permissions" in the bulk actions
- Choose users and permission level (view/edit)
- Optionally cascade permissions to child items
use Tapp\FilamentLibrary\Services\PermissionService;
$permissionService = app(PermissionService::class);
// Assign view permission to a user
$permissionService->assignPermission($user, $libraryItem, 'view');
// Assign edit permission to a user
$permissionService->assignPermission($user, $libraryItem, 'edit');
// Bulk assign permissions
$permissionService->bulkAssignPermissions($items, [
'user_ids' => [1, 2, 3],
'permission' => 'view',
'cascade_to_children' => true
]);// Check if user can view an item
if ($libraryItem->hasPermission($user, 'view')) {
// User can view this item
}
// Check if user can edit an item
if ($libraryItem->hasPermission($user, 'edit')) {
// User can edit this item
}If you want to use the HasLibraryAccess trait for additional functionality:
// In your User model
use Tapp\FilamentLibrary\Traits\HasLibraryAccess;
class User extends Authenticatable
{
use HasLibraryAccess;
// Override to add role-based logic
public function isLibraryAdmin(): bool
{
return $this->hasRole('admin') || $this->hasRole('library-admin');
}
}Permissions automatically inherit from parent folders:
// If a user has 'view' permission on a folder,
// they automatically get 'view' permission on all child items
$folder = LibraryItem::where('name', 'Documents')->first();
$permissionService->assignPermission($user, $folder, 'view');
// Now the user can view all files in the Documents folder
$childFile = $folder->children()->first();
$childFile->hasPermission($user, 'view'); // Returns truePermission checks are cached for 1 hour by default. You can clear the cache:
// Clear all permission caches
$permissionService->clearPermissionCache($user);
// Or clear cache for a specific item
$permissionService->clearPermissionCache($user, $libraryItem);The library items table includes a toggleable "Permissions" column that shows:
- 👤 Owner (creator of the item)
- 👁️ Users with view permission
- ✏️ Users with edit permission
- Manage Permissions: Assign permissions to multiple users across multiple items
- Cascade to Children: Automatically apply permissions to all child items
- All permission checks go through Laravel's authorization system
- Policies ensure consistent permission enforcement
- Fallback implementations work even without the
HasLibraryAccesstrait - Creator permissions are always respected
If you see errors like canViewRootLibraryItems(), these methods have been moved to the LibraryItemPolicy. The permission system now uses Laravel's standard policy pattern for authorization.
If you have many users and items, consider:
- Adjusting the cache TTL in the
PermissionService - Using database indexes on the permission table
- Implementing role-based permissions for better performance
assignPermission($user, $item, $permission)- Assign a permissionremovePermission($user, $item, $permission)- Remove a permissionhasPermission($user, $item, $permission)- Check if user has permissionbulkAssignPermissions($items, $data)- Bulk assign permissionscascadePermissionsToChildren($folder, $userIds, $permission)- Cascade permissions
hasPermission($user, $permission)- Check if user has permission on this itempermissions()- Get all permissions for this itemgetAllPermissions()- Get all permissions including inherited ones