Laravel nova make resource show only the data of the user

Question

I am trying to do something that seems to go out of the box with how laravel-nova works...

I have a Batch model/ressource that is used by super admins. Those batch reeports belongs to sevral merchants. We decided to add a layer of connection to are portal and allow merchants to log in and see there data. So obviously, when the merchant visites the batch repport page, he needs to see only data related to it's own account.

So what we did was add the merchant id inside the batch page like this: nova/resources/batch?mid=0123456789

The problem we then found out is that the get param is not send to the page it self but in a subpage called filter... so we hacked it and found a way to retreive it like this:

preg_match('/mid\=([0-9]{10})/', $_SERVER['HTTP_REFERER'], $matches);

Now that we have the mid, all we need to do is add a where() to the model but it's not working.

Obviously, this appoach is not the right way... so my question is not how to make this code work... but how to approche this to make it so that merchants can only see his own stuff when visiting a controller.

All i really need to is add some sort of a where('external_mid', '=' $mid) and everything is good.

The full code looks like this right now:

<?php

namespace App\Nova;

use App\Nova\Resource;
use Laravel\Nova\Fields\ID;
use Illuminate\Http\Request;
use Laravel\Nova\Fields\Text;
use Laravel\Nova\Fields\HasMany;
use Laravel\Nova\Fields\Currency;
use Laravel\Nova\Fields\BelongsTo;
use App\Nova\Filters\StatementDate;
use Laravel\Nova\Http\Requests\NovaRequest;

class Batch extends Resource
{
    /**
     * The model the resource corresponds to.
     *
     * @var string
     */
    //
    public static function query(){
        preg_match('/mid\=([0-9]{10})/', $_SERVER['HTTP_REFERER'], $matches);

        if (isset($matches['1'])&&$matches['1']!=''){
            $model = \App\Batch::where('external_mid', '=', $matches['1']);
        }else{
            $model = \App\Batch::class;
        }

        return $model;
    }

    public static $model = $this->query();

    /**
     * The single value that should be used to represent the resource when being displayed.
     *
     * @var string
     */
    public static $title = 'id';

    /**
     * The columns that should be searched.
     *
     * @var array
     */
    public static $search = [
        'id','customer_name', 'external_mid', 'merchant_id', 'batch_reference', 'customer_batch_reference',
        'batch_amt', 'settlement_date', 'fund_amt', 'payment_reference', 'payment_date'
    ];

     /**
     * Indicates if the resource should be globally searchable.
     *
     * @var bool
     */
    public static $globallySearchable = false;

    /**
     * Get the fields displayed by the resource.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    public function fields(Request $request)
    {

        return [
            ID::make()->hideFromIndex(),
            Text::make('Customer','customer_name'),
            Text::make('MID','external_mid'),
            Text::make('Batch Ref #','batch_reference'),
            Text::make('Batch ID','customer_batch_reference'),
            Text::make('Batch Date','settlement_date')->sortable(),
            Currency::make('Batch Amount','batch_amt'),

            Text::make('Funding Reference','payment_reference')->hideFromIndex(),
            Text::make('Funding Date','payment_date')->hideFromIndex(),
            Currency::make('Funding Amount','fund_amt')->hideFromIndex(),
            // **Relationships**
            HasMany::make('Transactions'),
            BelongsTo::make('Merchant')->hideFromIndex(),
            // ***
        ];

    }
    /**
     * Get the cards available for the request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    public function cards(Request $request)
    {
        return [];
    }

    /**
     * Get the filters available for the resource.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    public function filters(Request $request)
    {
        return [

        ];
    }

    /**
     * Get the lenses available for the resource.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    public function lenses(Request $request)
    {
        return [];
    }

    /**
     * Get the actions available for the resource.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    public function actions(Request $request)
    {
        return [];
    }

}

Answer 1

In Laravel Nova you can modify the result query of any Resource by adding the index Query method. This method allows you to use Eloquent to modify the results with any condition you define.

I understand you just need to maintain the $model property with the model with the default definition and modify the results in the indexQuery method:

...
public static $model = \App\Batch::class;

public static function indexQuery(NovaRequest $request, $query)
{
    // Using the same logic of the example above. I recommend to use the $request variable to access data instead of the $_SERVER global variable.
    preg_match('/mid\=([0-9]{10})/', $_SERVER['HTTP_REFERER'], $matches);
    if (isset($matches['1'])&&$matches['1']!=''){
        return $query->where('external_mid', '=', $matches['1']);
    }else{
        return $query;
    }
}

...

About the use of the PHP Global Variable, I recommend you to use the laravel default request() to look into your URL. You can use something like this $request->mid to read the value from the mid value in the URL.