calendar icon indicating copy to clipboard operation
calendar copied to clipboard
verified publisher icon GuavaCZ

[Request]: allow policy-based context menu actions with event type detection

Open Gonzalo2683 opened this issue 11 months ago • 8 comments

What feature would you like to add?

What we need to achieve is that when clicking on a calendar event, the context menu should display actions based on the user's policies/permissions for that particular model type. For example, a user with "view_activity" but not "edit_activity" permissions should only see the view action when clicking on an Activity event(model).

I'm not sure if there's a way to access the event model type before the record is loaded - if there is, I'd appreciate guidance on how to implement this. This would allow proper integration with Laravel's policy system for granular permission control.

Currently calendar context menu actions (view/edit/delete) are always shown regardless of user permissions. This leads to two issues:

  1. Actions are visible even when users lack permissions
  2. The getEventRecord() method returns null on initial load, making it impossible to check model type for permission validation

We need a mechanism to:

  • Identify event model type before showing actions
  • Hide/show actions based on model policies

Example of current limitation:

public function getEventClickContextMenuActions(): array 
{
   $event = $this->getEventRecord(); // Returns null initially
   // Cannot determine if event is A/B
   // Cannot check appropriate policies
}

### Notes

_No response_

Gonzalo2683 avatar Jan 13 '25 22:01 Gonzalo2683

Hi @Gonzalo2683, this is currently not possible due to the way the context menu is created.

The context menu is created during the initial rendering phase of the page and then conditionally positioned and made visible when an event is clicked, with every single action configured for the context menu.

And only upon clicking on the action itself it is mounted with the event that was currently opened. So there's noway beforehand to know which actions to render.

If you have a suggestion or idea how to improve this, I'll be more than happy to merge the PR! :)

lukas-frey avatar Feb 17 '25 15:02 lukas-frey

Until there is a better way to solve this I have implemented a check before the form is filled and just close the model... it's not pretty but works:

editAction:

->beforeFormFilled(static function ($action, CalendarEvent $record) {
    if ($record->user_id !== auth()->id()) {
        Notification::make()
            ->danger()
            ->title(__('You do not have permission to edit this event'))
            ->send();

        $action->cancel();

        return false;
    }

    return true;
}),

martin-ro avatar Feb 22 '25 03:02 martin-ro

Wait a minute, I'm pretty sure the actions do check policies though.

The only thing not possible is to hide the actions completely or disable them if the user is not allowed to call the action.

If you didn't override the onEventClick method, it does check the policy before mounting the action.

lukas-frey avatar Feb 22 '25 06:02 lukas-frey

Would love event based context actions also. +1 for this

lukacavic avatar Nov 18 '25 10:11 lukacavic

That should be possible in the latest version already

lukas-frey avatar Nov 18 '25 14:11 lukas-frey

EventClickInfo should be passed also as evaluation parameter to MOST regular filament methods on the action, so you can conditionally hide an action based on the info from the EventClickInfo context

lukas-frey avatar Nov 18 '25 14:11 lukas-frey

EventClickInfo should be passed also as evaluation parameter to MOST regular filament methods on the action, so you can conditionally hide an action based on the info from the EventClickInfo context

Hi, yes. I can access record from action and set it visible. If all actions are hidden, small context menu container is displayed.

lukacavic avatar Nov 18 '25 15:11 lukacavic

Yeah that's the limitation of the current implementation

lukas-frey avatar Nov 18 '25 16:11 lukas-frey