Voyager: Menu only accept index routes

Created on 29 Sep 2017 · 6Comments · Source: the-control-group/voyager

Laravel Version: 5.5.13
Voyager Version: 1.0.4
PHP Version: 7.1.9
Database Driver & Version: Mysql 5.7

Description:

When I want to add a new item to the admin menu, it doesn't display.
After investigating, I found out that the permission is not allowed :

// admin_menu.blade.php
if(!Auth::user()->can('browse', $item)) {
    continue;
}

In my case, the link is _/admin/veille/weekly_ and the route _voyager.veille.currentWeek_ (added manually). By the way, "veille" is the french word for "survey".
The Voyager's MenuItemPolicy reformat the link to check the following permission : browse_veilleweekly.
According to generated permissions, the pattern is {action}_{table_name} (which is {action}_survey_articles in my case). It would be cleaner to have a "weekly_survey_articles" or "currentWeek_survey_articles". Am I right ?

So, I can add "browse_veilleweekly" in permissions table to make it works, but that's a little bit dirty.
This problem also appear if you want to add other BREAD routes like "create". Only browse route is allowed.

Steps To Reproduce:

Add a custom road that is note a "BREAD's index" (voyager.veille.currentWeek -> /admin/veille/weekly)
Add a menu item that point to this road (menu builder recognize it and show the url)
Not displayed !
Manually add a strange permission (browse_veilleweekly) to permission table
Edit Role and check "Browse Veilleweekly"
Finally displayed !

discussion enhancement open for suggestions

Source

Eliepse

👍1

Most helpful comment

I have the same issue trying to add custom route, either by static URL or dynamic route.
It was possible back in 0.11

DODMax on 10 Oct 2017

👍4

All 6 comments

Your /admin/veille/weekly issue is a fairly niche use-case. I don't expect too many people to need to add custom pages like that AND add them to the admin menu. With that said, there are certainly issues with the way the admin menu checks permissions.

Would it be acceptable to change the logic so it uses the 3rd part of the route name (i.e. voyager.posts.{browse}) as the action to check? We can add the proper checks so it doesn't error out and defaults to browse.

We could potentially make it a bit more complex, but more flexible by adding a field to the menu item editor called "permission" (up for discussion) that is used as the action.

Thoughts?

fletch3555 on 3 Oct 2017

For sure, my case is special.

I guess the way of checking the and of routes to check permissions is an interesting way. It allows people to add "add user" menu item if needed, or anything else. It also avoid the problematic of url with parameters.
If accepted, maybe dots should be converted into underscore before checking. So, routes like voyager.posts.{browse}.{subaction} could keep the format logic browse_subaction_posts.

The new field in menu is a way. I don't have much more opinion about it. It could be a dropdown with existing permissions filtered from the given route/model ?
It could also be a way to indicate if the menu item have to follow a permission or if it's _public_. I didn't saw the possibility to add external links on the menu (they don't always have to follow a permission, let's image a link to an external plateform/documentation/etc).

Eliepse on 4 Oct 2017

I have the same issue trying to add custom route, either by static URL or dynamic route.
It was possible back in 0.11

DODMax on 10 Oct 2017

👍4

I find a pretty simple work around for that using redirection :

In my exemple i make a link to my front-end index but it work with every URL
First make a route in your web.php to get a link in the /admin like this :

 Route::get('/admin/index', 'PagesController@getIndexVoyager')->name('voyager.index');

then go to your pages controller and put that in :

    public function getIndexVoyager() {
       return redirect('/');
    }

you can replace '/' by any external or internal link.

after that you need to add a row in the permission table. Something like that :

  id           key                    table_name,             permission_group_id
'51',    'browse_index',               NULL,                        NULL

return in Voyager and go to the role section to add the permission to your users,
then go to the menu builder and add the elements with a dynamic route set to: 'voyager.index',
save it and the link should appears in the voyager menu and will work just fine !

Hope this will help you !

Light-Studio on 11 Jan 2018

@Light-Studio That's not a good solution for the issue presented.

With that said, this issue should be fixed in 1.0.12. Please update Voyager.

fletch3555 on 11 Jan 2018

This issue has been automatically locked since there has not been any recent activity after it was closed. If you have further questions please ask in our Slack group.