Skip to main content

Field authorization

You may control whether a user can see and/or fill a field using methods like onlyOnDetail (see more information here: Field visibility), however relationship fields like BelongsTo and MorphMany will automatically be hidden if the user has no permission to view any of the related resource.

Usage

The way it works is simple, if you provide a third option to a Field::make() method, Qore will try to find this resource and do a permission check by default.

For example in a BelongsToMany field:

BelongsToMany::make('Medewerkers', 'employees', Employee::class)

You can use this parameter on a text field too:

Text::make(__('Name'), 'name', Employee::class)
danger

Note that if you do a custom query/filter that joins on multiple tables, you have to make sure the user has access to this data.