Add configurable authorisation gate for previewing unpublished pages

Author: sten

README.md

@@ -282,6 +282,7 @@ So you can achieve the following statuses by setting these dates in the past or
 - **Draft** - Page exists but not visible to public users
 - **Published** - Page is live and accessible via URL
 - **Scheduled** - Automatically publish/unpublish at specific times
+- **Preview** - Unpublished pages can be previewed, but are shielded by [a configurable authorisation gate](./documentation/configuration.md#page-resource-configuration).
 
 Use the `published()` scope in your queries to show only published content:
 

config/filament-flexible-content-block-pages.php

@@ -130,8 +130,12 @@
                 /*
                 | The authorisation gate to show the undeletable toggle on the edit page.
                 | The value should be the name of the gate to execute `Gate::allows($gateName, User $user, Page $page)`
+                |
+                | undeletable: to be able to toggle the undeletable switch after the page is created.
+                | view_unpublished_pages: to be able to view pages on the website that are not published.
                 */
-                'undeletable' => 'change_undeletable',
+                'undeletable' => 'changeUndeletable',
+                'view_unpublished_pages' => 'viewUnpublishedPages',
             ],
 
             /*

documentation/configuration.md

@@ -165,6 +165,7 @@ Configure various features and options for the page resource. These settings con
 - **enable_replicate_action_on_table**: Shows the replicate action in the table
 - **navigation_sort**: Controls the order of the page resource in the Filament navigation menu
 - **gates.undeletable**: The authorisation gate to allow the deletable toggle to be shown on the page edit page.
+- **gates.view_unpublished_pages**: The authorisation gate to allow viewing unpublished pages on the website. This is useful for content editors to preview.
 - **page_tree.max_depth**: The maximum allowed page depth in the tree hierarchy of pages. First, enable the page tree.
 
 ## CMS Panel Configuration

src/FilamentFlexibleContentBlockPagesConfig.php

@@ -349,11 +349,25 @@ public function getUndeletableGate(string $modelClass): ?string
         return $this->packageConfig("page_resource.{$modelClass}.gates.undeletable");
     }
 
+    /**
+     * @param  class-string<Model>  $modelClass
+     */
+    public function getViewUnpublishedPagesGate(string $modelClass): ?string
+    {
+        return $this->packageConfig("page_resource.{$modelClass}.gates.view_unpublished_pages");
+    }
+
+    /**
+     * @param  class-string<Model>  $modelClass
+     */
     public function getPageTreeMaximumDepth(string $modelClass): int
     {
         return $this->packageConfig("page_resource.{$modelClass}.page_tree.max_depth", 2);
     }
 
+    /**
+     * @param  class-string<Model>  $modelClass
+     */
     public function getPageNavigationSort(string $modelClass): ?int
     {
         return $this->packageConfig("page_resource.{$modelClass}.navigation_sort");

src/Form/Components/UndeletableToggle.php

@@ -37,11 +37,7 @@ public static function create(?string $label = null): static
                 $gate = FilamentFlexibleContentBlockPages::config()->getUndeletableGate($modelClass);
 
                 // If no gate set, no authorisation is wanted
-                if ($gate === null) {
-                    return true;
-                }
-
-                return Gate::allows($gate, $record);
+                return (!$gate) || Gate::allows($gate, $record);
             });
     }
 

src/Http/Controllers/PageController.php

@@ -6,6 +6,7 @@
 use Illuminate\Foundation\Validation\ValidatesRequests;
 use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 use Statikbe\FilamentFlexibleContentBlockPages\Facades\FilamentFlexibleContentBlockPages;
 use Statikbe\FilamentFlexibleContentBlockPages\Models\Page;
 
@@ -18,7 +19,8 @@ class PageController extends AbstractSeoPageController
     public function index(Page $page)
     {
         // check if page is published:
-        if (! Auth::user() || ! Auth::user()->can('viewUnpublishedPages')) {
+        $viewUnpublishedPagesGate = FilamentFlexibleContentBlockPages::config()->getViewUnpublishedPagesGate($page::class);
+        if (! Auth::user() || !($viewUnpublishedPagesGate && Gate::allows($viewUnpublishedPagesGate, $page))) {
             if (! $page->isPublished()) {
                 SEOMeta::setRobots('noindex');
                 abort(Response::HTTP_GONE);