Skip to content

Qore admin base features

Introduction

To be able to set features of Qore.admin base, make sure you add the QoreAdminBasePlugin::make() plugin, with the desired options, to the plugins section of the panel in the application service provider.

php
    public function panel(QorePanel|Panel $panel): QorePanel
    {
        return parent::panel($panel)
            ->default()
            ->id('admin')
            ->path('admin')
            ->authGuard('qore')
            ->authPasswordBroker('qore')
            ->plugins([
                QoreAdminBasePlugin::make()->setProfilePage(false),
                QoreRelationPlugin::make(),
                // ...
            ])
        );
    }

To get access to the features outside the plugin class, you can use the following:

php
QoreAdminBasePlugin::get()->assetResourceIsActive()

Assets

Show/hide the asset resource in the menu

Possible values

true        Show the default asset resource
false       Don't shouw the asset resource
classname   Show a custom asset resource

default     false

Example

php
QoreAdminBasePlugin::make()->setAssetResource(true)

Profile page

Show/hide the profile page in the user menu

Possible values

true        Show the default profile page
false       Don't show the profile page in the users manu
classname   Show a custom page as profile page

default     true

Example

php
QoreAdminBasePlugin::make()->setProfilePage()

Dashboard page

Show/hide the dashboard page in the menu

Possible values

true        Show the default dashboard page
false       Don't use a (default) dashboard page
classname   Show a custom page as dashboard page

default     true

Example

php
QoreAdminBasePlugin::make()->setDashboardPage()

FAQ

Show/hide the FAQ resource in the menu

Possible values`

true        Show the default FAQ resource
false       Don't shouw the FAQ resource
classname   Show a custom FAQ resource

default     false

Example

php
QoreAdminBasePlugin::make()->setFaqResource(true)

Qore user resource

Swap the admin users (QoreUser) resource for a custom one. Use this to extend the admin users screen — for example to add relation managers or extra pages — without touching the package.

Possible values

true        Use the default QoreUserResource
false       Don't register the QoreUser resource
classname   Register a custom QoreUser resource

default     QoreUserResource

Example

php
QoreAdminBasePlugin::make()->setQoreUserResource(\App\Application\Admin\Resources\QoreUserResource::class)

Your custom resource should extend the package resource and override only what you need. The base QoreUserResource registers no relation managers, so adding them is enough:

php
use QoreWorksBusiness\QoreAdminBase\Resources\QoreUserResource as BaseQoreUserResource;

class QoreUserResource extends BaseQoreUserResource
{
    public static function getRelations(): array
    {
        return [
            // your relation managers, e.g. SegmentRelationManager::class
        ];
    }
}

Adding dynamic relations to the QoreUser model

A relation manager binds to a relationship method on the model (protected static string $relationship = 'segments';). QoreUser lives in this package, so define the relationship from your application — without editing or subclassing the model — using Model::resolveRelationUsing() in a service provider's boot():

php
use Illuminate\Database\Eloquent\Relations\MorphToMany;
use QoreWorksBusiness\QoreAdminBase\Models\QoreUser;

public function boot(): void
{
    QoreUser::resolveRelationUsing('tags', fn (QoreUser $qoreUser): MorphToMany => $qoreUser
        ->morphToMany(Tag::class, 'model', 'model_has_tags')
        ->using(Tagging::class)
        ->withTimestamps());

    QoreUser::resolveRelationUsing('segments', fn (QoreUser $qoreUser): MorphToMany => $qoreUser
        ->tags()
        ->where('tags.type', TagType::Segment->value));
}

The relation name (segments) is what the relation manager references. Because the relations are added at runtime, QoreUser keeps its existing qoreUser morph alias — an enforced morph map (Relation::enforceMorphMap) keeps working and no new alias is required.

Booting

If you want to boot addition policies or other setup that needs to happen for filament only.

Possible values`

callable        A Closure that adds policy or other booting.
callable.panel  The first argument contains the Filament panel being booted

returns     null or callable response.

Example

php
QoreAdminBasePlugin::make()->setExtendedBootFunction(function(Panel $panel) {
        Gate::policy(Role::class, MyRolePolicy::class);
})

Single Sign-On (SSO)

If you want to enable Single Sign-On in your application add the plugin to the plugins() section of the applications panel service provider

Example

php
QoreAdminBasePlugin::make()->setEnableSsoAuthentication(true)

Google
For Google you need to set the redirect URL. Make sure it is configured as /admin/login/auth/google/callback as this is how the routes are specified in the QoreAdminBasePlugin.

php
Route::middleware(['web'])
    ->prefix('/admin/login/auth/')
    ->group(function () {
        Route::get('{provider}/redirect', [SocialiteController::class, 'redirect'])
            ->whereIn('provider', config('qore.sso.providers'))
            ->name('socialite.redirect');

        Route::get('{provider}/callback', [SocialiteController::class, 'callback'])
            ->whereIn('provider', config('qore.sso.providers'))
            ->name('socialite.callback');

When SSO is enabled, you are able to specify SSO providers and allow SSO only for specific domains. Both are configured via the .env file.

.env example configuration

php
SSO_PROVIDERS=google
ALLOWED_DOMAINS=dolphiq.nl, example.com

GOOGLE_SSO_CLIENT_ID=xxxx xxxx xxxx
GOOGLE_SSO_CLIENT_SECRET=xxxx xxxx xxxx
GOOGLE_SSO_REDIRECT_URL=/admin/login/auth/google/callback

Add this part to config/services.php

php
'google' => [
    'client_id' => env('GOOGLE_SSO_CLIENT_ID'),
    'client_secret' => env('GOOGLE_SSO_CLIENT_SECRET'),
    'redirect' => env('GOOGLE_SSO_REDIRECT_URL', '/admin/login/auth/google/callback'),
    ],

Multi-factor authentication (MFA)

Switchable, Filament-native multi-factor authentication for the Qore panel. It uses an authenticator app (TOTP — Google Authenticator, Authy, Microsoft Authenticator, …) together with recovery codes. The MFA challenge is enforced inside the panel login flow, so no extra middleware is required.

There are two switches:

  • The QORE_MFA_ENABLED environment variable (via config/qore.php) — the default for every panel using the plugin.
  • The plugin toggle setEnableMultiFactorAuthentication() — an explicit per-panel override that wins over the config/env default.

Possible values

true        Enable MFA on this panel
false       Disable MFA on this panel
null        Follow the QORE_MFA_ENABLED config/env value

default     null (follows config, which defaults to disabled)

Example

php
// Follow the QORE_MFA_ENABLED env value (default)
QoreAdminBasePlugin::make()

// Force MFA on for this panel, regardless of env
QoreAdminBasePlugin::make()->setEnableMultiFactorAuthentication(true)

// Force MFA off for this panel, regardless of env
QoreAdminBasePlugin::make()->setEnableMultiFactorAuthentication(false)

Checking if active

php
QoreAdminBasePlugin::get()->getEnableMultiFactorAuthentication()

.env example configuration

php
QORE_MFA_ENABLED=true              # master switch for the feature (default false)
QORE_MFA_REQUIRED=false            # force users to set up MFA right after login (default false)

# App (TOTP) provider tuning — optional
QORE_MFA_APP_RECOVERABLE=true              # generate recovery codes (default true)
QORE_MFA_APP_RECOVERY_CODE_COUNT=8         # number of recovery codes (default 8)
QORE_MFA_APP_BRAND_NAME=                   # label shown in the authenticator app (default: app name)
QORE_MFA_APP_CODE_WINDOW=8                 # TOTP validity window (default 8)

Enforcement

By default MFA is optional: users opt in from their profile page. Set QORE_MFA_REQUIRED=true to force users who have not yet configured MFA to set it up immediately after signing in.

Setting up MFA (profile page)

The setup UI (QR code + recovery codes) is rendered on the profile page, which is based on Filament's EditProfile. The profile page must be enabled (it is by default) for users to manage their own MFA. When QORE_MFA_REQUIRED=true, Filament also shows a dedicated setup step right after login.

Requirements

Rendering the TOTP QR code requires the PHP imagick extension with a working PNG coder (ImageMagick built with PNG support). Without it, the setup page throws ImagickException: Unable to set image format.

Locale Switch

Show/hide the locale switch dropdown in the Filament panel header.

Possible values

['nl', 'en']      Enable with these locales
false             Disable

default           disabled

Example

php
QoreAdminBasePlugin::make()->setLocaleSwitch(['nl', 'en'])
QoreAdminBasePlugin::make()->setLocaleSwitch(['nl', 'en', 'de', 'fr'])
QoreAdminBasePlugin::make()->setLocaleSwitch(false)

Checking if active

php
QoreAdminBasePlugin::get()->localeSwitchIsActive()