Laravel Nova - How to hide 'Create' button from HasMany field?

Question

I've User model which has HasMany relation with Post model. When I include a field for HasMany in User resource of Nova, I see there is Create post button. How do I remove/hide that button?

Answer 1

I solved it by adding a authorizedToCreate(Request $request) in the nova model and inside check the $request['viaResource'] == relatedModel to return true or return false.

Answer 2

If you're like me, the last thing you want to do is set a policy blocking creation of the sub-resource referenced by the HasMany rule by setting a policy. The reason is that setting this addX() policy to false on the "Has" side of the HasMany not only blocks the creation of the sub-resource from the resource detail view, it also produces permission errors when creating the sub-resource from its page view, specifically that creation of the resource with references to the "parent" or "Has" is forbidden by the policy. Which when you think about how broad the permission statement of addClassName() is, isn't actually surprising.

Thus my solution ended up having to be butt ugly CSS. Just why is this the only way to do page dependant hiding of the create button. This should be a HasMany::make("")->canCreate(false) declaration in the Nova/*.php view file.

Anyway here's the CSS, hopefully, it helps someone.

div[dusk="parent-class-detail-component"] div[dusk="has-many-child-class-index-component"] a[dusk='create-button'] {
  display: none;
}

Answer 3

this question is answered in laravel nova official documentation

in my case i have user model and order model, user Hasmany order i added

public function addOrder()
{
    return false;
}

on user policy now create role button is gone on user detail page this is a screenshot of user detail page

Answer 4

In case someone is still looking for the solution, you can authorise attaching/detaching resources in your policies:

https://nova.laravel.com/docs/2.0/resources/authorization.html#authorizing-attaching-detaching

So in this case, you have a UserPolicy to which you add a function:

attachPost(User $user, User $model, Post $post)
{
    return false;
}

The $user variable is the user that is signed in, the $model variable is the user page that is viewed.

Answer 5

You need to 2 things here.

1. In your Post resource

   public static function authorizable() { return true; }

2. Now create policy for Post and return true for all methods except create, for create return false and in AuthServiceProvider.php

put

protected $policies = [
    Post::class => PostPolicy::class,
];

And you are done.

Answer 6

You could achieve this with Policies.

According to the documentation:

If a policy exists but is missing a method for a particular action, the user will not be allowed to perform that action. So, if you have defined a policy, don't forget to define all of its relevant authorization methods.

So in your case, if you want to hide the button completely, just create a policy for your resource (PostPolicy) and don't implement the create method.