wip

Author: Baspa

README.md

@@ -85,6 +85,38 @@ public function panel(Panel $panel): Panel
 }
 ```
 
+### Security
+
+Using the `canManageMails()` method, you can define which users have access to the mail resources/pages. Here's a comprehensive example that includes additional logic for flexibility:
+
+```php
+use Backstage\FilamentMails\FilamentMailsPlugin;
+use Illuminate\Support\Facades\Auth;
+
+$panel
+    ->plugins([
+        FilamentMailsPlugin::make()
+            ->canManageMails(function () {
+                $user = Auth::user();
+
+                // Allow access for users with specific roles
+                if ($user->hasRole('admin') || $user->hasRole('supervisor')) {
+                    return true;
+                }
+
+                // Allow access for users with specific permissions
+                if ($user->hasPermissionTo('manage mails')) {
+                    return true;
+                }
+
+                // Restrict access for all other users
+                return false;
+            }),
+    ]);
+```
+
+This example demonstrates how to combine role-based and permission-based access control, providing a more robust and flexible approach to managing access to mail resources.
+
 ### Tenant middleware and route protection
 
 If you want to protect the mail routes with your (tenant) middleware, you can do so by adding the routes to the `tenantRoutes`:

src/FilamentMailsPlugin.php

@@ -8,9 +8,15 @@
 use Filament\Contracts\Plugin;
 use Filament\Panel;
 use Filament\Support\Colors\Color;
+use Filament\Support\Concerns\EvaluatesClosures;
+use Closure;
 
 class FilamentMailsPlugin implements Plugin
 {
+    use EvaluatesClosures;
+
+    public bool | Closure $canManageMails = true;
+
     public function getId(): string
     {
         return 'filament-mails';
@@ -46,4 +52,16 @@ public static function get(): static
 
         return $plugin;
     }
+
+    public function canManageMails(bool | Closure $canManageMails = true): static
+    {
+        $this->canManageMails = $canManageMails;
+
+        return $this;
+    }
+
+    public function userCanManageMails(): bool
+    {
+        return $this->evaluate($this->canManageMails);
+    }
 }

src/Resources/EventResource.php

@@ -4,6 +4,7 @@
 
 use Backstage\FilamentMails\Resources\EventResource\Pages\ListEvents;
 use Backstage\FilamentMails\Resources\EventResource\Pages\ViewEvent;
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Backstage\Mails\Enums\EventType;
 use Backstage\Mails\Models\MailEvent;
 use Filament\Actions\BulkActionGroup;
@@ -24,6 +25,11 @@ class EventResource extends Resource
 
     protected static bool $shouldRegisterNavigation = true;
 
+    public static function canAccess(): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     public static function getSlug(?Panel $panel = null): string
     {
         return config('filament-mails.resources.mail')::getSlug() . '/events';

src/Resources/EventResource/Pages/ListEvents.php

@@ -2,6 +2,7 @@
 
 namespace Backstage\FilamentMails\Resources\EventResource\Pages;
 
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Backstage\FilamentMails\Resources\EventResource;
 use Backstage\Mails\Enums\EventType;
 use Backstage\Mails\Models\MailEvent;
@@ -11,6 +12,11 @@
 
 class ListEvents extends ListRecords
 {
+    public static function canAccess(array $parameters = []): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     public static function getResource(): string
     {
         return config('filament-mails.resources.event', EventResource::class);

src/Resources/EventResource/Pages/ViewEvent.php

@@ -2,11 +2,17 @@
 
 namespace Backstage\FilamentMails\Resources\EventResource\Pages;
 
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Backstage\FilamentMails\Resources\EventResource;
 use Filament\Resources\Pages\ViewRecord;
 
 class ViewEvent extends ViewRecord
 {
+    public static function canAccess(array $parameters = []): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     public static function getResource(): string
     {
         return config('filament-mails.resources.event', EventResource::class);

src/Resources/MailResource.php

@@ -5,6 +5,7 @@
 use Backstage\FilamentMails\Resources\MailResource\Pages\ListMails;
 use Backstage\FilamentMails\Resources\MailResource\Pages\ViewMail;
 use Backstage\FilamentMails\Resources\MailResource\Widgets\MailStatsWidget;
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Backstage\Mails\Actions\ResendMail;
 use Backstage\Mails\Enums\EventType;
 use Backstage\Mails\Models\Mail;
@@ -45,6 +46,11 @@ class MailResource extends Resource
 
     protected static bool $shouldRegisterNavigation = true;
 
+    public static function canAccess(): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     public static function getModel(): string
     {
         return config('mails.models.mail');

src/Resources/MailResource/Pages/ListMails.php

@@ -4,13 +4,19 @@
 
 use Backstage\FilamentMails\Resources\MailResource;
 use Backstage\FilamentMails\Resources\MailResource\Widgets\MailStatsWidget;
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Backstage\Mails\Models\Mail;
 use Filament\Resources\Pages\ListRecords;
 use Filament\Schemas\Components\Tabs\Tab;
 use Illuminate\Database\Eloquent\Builder;
 
 class ListMails extends ListRecords
 {
+    public static function canAccess(array $parameters = []): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     public static function getResource(): string
     {
         return config('filament-mails.resources.mail', MailResource::class);

src/Resources/MailResource/Pages/ViewMail.php

@@ -2,11 +2,17 @@
 
 namespace Backstage\FilamentMails\Resources\MailResource\Pages;
 
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Backstage\FilamentMails\Resources\MailResource;
 use Filament\Resources\Pages\ViewRecord;
 
 class ViewMail extends ViewRecord
 {
+    public static function canAccess(array $parameters = []): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     public static function getResource(): string
     {
         return config('filament-mails.resources.mail', MailResource::class);

src/Resources/MailResource/Widgets/MailStatsWidget.php

@@ -2,6 +2,7 @@
 
 namespace Backstage\FilamentMails\Resources\MailResource\Widgets;
 
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Filament\Facades\Filament;
 use Filament\Widgets\StatsOverviewWidget as BaseWidget;
 use Filament\Widgets\StatsOverviewWidget\Stat;
@@ -12,6 +13,11 @@ class MailStatsWidget extends BaseWidget
 
     protected static bool $isDiscovered = false;
 
+    public static function canView(): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     protected function getStats(): array
     {
         $class = config('mails.models.mail');

src/Resources/SuppressionResource.php

@@ -3,6 +3,7 @@
 namespace Backstage\FilamentMails\Resources;
 
 use Backstage\FilamentMails\Resources\SuppressionResource\Pages\ListSuppressions;
+use Backstage\FilamentMails\FilamentMailsPlugin;
 use Backstage\Mails\Enums\EventType;
 use Backstage\Mails\Enums\Provider;
 use Backstage\Mails\Events\MailUnsuppressed;
@@ -22,6 +23,11 @@ class SuppressionResource extends Resource
 
     protected static bool $shouldRegisterNavigation = true;
 
+    public static function canAccess(): bool
+    {
+        return FilamentMailsPlugin::get()->userCanManageMails();
+    }
+
     public static function getSlug(?Panel $panel = null): string
     {
         return config('filament-mails.resources.mail')::getSlug() . '/suppressions';