How does one create a custom filtered list view?

[borrows08]

I've been trying to follow the documentation but I have not found an easy way to be able to filter a list view.

I have three tables:

• events
• event_owners
• attendees

The event_owners table dictate who's supposed to have access to the event. Only event owners should be able to view the list of attendees based on users.id and event_owners.user_id and events.id. In the list of attendees CRUD, it should list only attendees for a specific event that the current user has access to.

For that particular use, I tried implementing:
/admin/attendee?event_id=XX

I used addBaseClause() so that the filtered view would show only total number of entries that match the event ID. However, I'm encountering issues with Edit (and probably Delete too) because the Edit link becomes: /admin/attendee?event_id=XX/yy/edit. Ideally, we should have just the primary key: /admin/attendee/123/edit.

I also tried implementing a custom route:
/admin/event/1/attendee

When I do this, I'm getting a bunch of different errors that look like this:

During one of my attempts, I also encountered this error which seems to suggest that there is an issue with the way I'm customizing the list view:

{
    "message": "Trying to access array offset on null",
    "exception": "ErrorException",
    "file": "/home/app/vendor/backpack/crud/src/app/Library/CrudPanel/Traits/Read.php",
    "line": 278,
    "trace": [
        {
            "file": "/home/app/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php",
            "line": 256,
            "function": "handleError",
            "class": "Illuminate\\Foundation\\Bootstrap\\HandleExceptions",
            "type": "->"
        },
        {
            "file": "/home/app/vendor/backpack/crud/src/app/Library/CrudPanel/Traits/Read.php",
            "line": 278,
            "function": "{closure:Illuminate\\Foundation\\Bootstrap\\HandleExceptions::forwardsTo():255}",
            "class": "Illuminate\\Foundation\\Bootstrap\\HandleExceptions",
            "type": "->"
        },
        {
            "file": "/home/app/vendor/backpack/crud/src/app/Library/CrudPanel/Traits/Read.php",
            "line": 374,
            "function": "addCustomPageLengthToPageLengthMenu",
            "class": "Backpack\\CRUD\\app\\Library\\CrudPanel\\CrudPanel",
            "type": "->"
        },

What is the best approach for this? Is it possible to customize Backpack so that it can hide data users are not supposed to have access to?

[backpack-ai-bot[bot]]

I'll help you create a custom filtered list view in Backpack that restricts attendees based on event ownership. This is a common requirement when implementing access control in admin panels.

Filtering Data Based on User Access

The best approach is to use addClause() or addBaseClause() in your AttendeesCrudController to filter the data based on the current user's permissions. Here's how you can implement it:

Option 1: Using Query Parameters with Base Clauses

In your AttendeesCrudController.php, you can implement the following in the setupListOperation() method:

protected function setupListOperation()
{
    // Get event_id from query parameter
    $event_id = request()->query('event_id');
    
    if ($event_id) {
        // Check if current user is an owner of this event
        $isOwner = \App\Models\EventOwner::where('user_id', backpack_user()->id)
            ->where('event_id', $event_id)
            ->exists();
            
        if ($isOwner) {
            // Only show attendees for this event
            CRUD::addBaseClause('where', 'event_id', $event_id);
        } else {
            // User is not authorized to see this event's attendees
            abort(403);
        }
    } else {
        // If no event_id specified, only show attendees for events the user owns
        CRUD::addBaseClause('whereIn', 'event_id', function($query) {
            $query->select('event_id')
                ->from('event_owners')
                ->where('user_id', backpack_user()->id);
        });
    }
    
    // Rest of your list setup...
}

The issue with the edit links is likely because you're not properly handling the route. You need to override the edit() method to ensure proper access control:

public function edit($id)
{
    // Get the attendee
    $attendee = $this->crud->getEntry($id);
    
    // Check if current user is an owner of this attendee's event
    $isOwner = \App\Models\EventOwner::where('user_id', backpack_user()->id)
        ->where('event_id', $attendee->event_id)
        ->exists();
        
    if (!$isOwner) {
        abort(403);
    }

    return parent::edit($id);
}

Option 2: Custom Routes Approach

For the custom route approach (/admin/event/{event_id}/attendee), you need to set up custom routes in your routes/backpack/custom.php file:

Route::get('event/{event_id}/attendee', 'AttendeesCrudController@eventAttendees');
Route::post('event/{event_id}/attendee/search', 'AttendeesCrudController@search');

Then in your controller:

public function eventAttendees($event_id)
{
    // Check if current user is an owner of this event
    $isOwner = \App\Models\EventOwner::where('user_id', backpack_user()->id)
        ->where('event_id', $event_id)
        ->exists();
        
    if (!$isOwner) {
        abort(403);
    }
    
    // Filter attendees by event_id
    $this->crud->addClause('where', 'event_id', $event_id);
    
    return $this->index();
}

The error you're encountering is likely related to how Backpack handles the custom routes and AJAX requests for the DataTables. This approach requires more customization of the controller methods.

Best Practices

Based on the knowledge sources, the most reliable approach is to:

1. Use addBaseClause() in the setupListOperation() method to filter data as shown in the documentation
2. Override the edit(), update(), and destroy() methods to ensure users can only access records they're authorized to see as recommended in this issue
3. Consider creating separate controllers for different views if your filtering logic becomes complex as suggested in this community discussion

For your specific case, I recommend the first approach with proper access control in the controller methods, as it's simpler and follows Backpack's patterns more closely.

Remember that addBaseClause() affects the base query, so it will show the correct total number of entries that the user has access to, while addClause() would show the total before filtering.

Let me know if you need more specific guidance on implementing any of these approaches!

ℹ️ Please note our AI Bot does not reply to follow-ups, this will be the only AI answer in this thread. If the AI helped you find the answer, please mark it as answered or write details below so it can learn. Then close the conversation. If not, please give more information for when a human reads this. ℹ️

Relevant sources:

List Operation|List Operation
Github Issue (closed): How can I make custom filters?
Custom Views, defined by the admin
How to show correct filtering values and deal with addBaseClause()
Github Issue (closed): How to Access Data / Field just One User
Github Issue (closed): How to load a 'list' crud view with a filter enabled
Github Issue (closed): Extra List View to Crud Controller
2. CRUD Operations|Filters
Github Issue (closed): Question: how to apply default filters (from url parameters)?
Filters not working on custom views for list operation (Pro)
Github Issue (closed): [ASK] Data based on user login

[jcastroa87]

Hello @borrows08 can you share Controller and Model to replicate in my side.

Did you try the approach our bot suggest to you?

Cheers.