# |
Jul 18th 2017, 14:12 |
mikesmoniker |
@irongomme https://book.cakephp.org/3.0/en/orm/saving-data.html#changing-accessible-fields |
# |
Jul 18th 2017, 14:11 |
saeideng |
you can use `$_accessible` |
# |
Jul 18th 2017, 14:11 |
irongomme |
@admad :thumbsup: |
# |
Jul 18th 2017, 14:11 |
admad |
*sure is |
# |
Jul 18th 2017, 14:11 |
admad |
sure it, set it non accessible only in add() method for newEntity() call |
# |
Jul 18th 2017, 14:10 |
irongomme |
@admad, ok but i need it to be editable later , is this possible in that way ? |
# |
Jul 18th 2017, 14:10 |
admad |
'accessibleFields' option for newEntity/patchEntity() |
# |
Jul 18th 2017, 14:10 |
mikesmoniker |
It defines “Fields that can be mass assigned using newEntity() or patchEntity().” - So make sure you’re using those to go from request -> model. |
# |
Jul 18th 2017, 14:10 |
saeideng |
:$ |
# |
Jul 18th 2017, 14:10 |
saeideng |
just misunderstand |
# |
Jul 18th 2017, 14:10 |
mikesmoniker |
Have a look at Entity::$_accessible. |
# |
Jul 18th 2017, 14:10 |
admad |
@saeideng he wants to prevent it from being added, not require it (unless i misunderstood his statement) |
# |
Jul 18th 2017, 14:09 |
saeideng |
`->requirePresence('username', 'create')` |
# |
Jul 18th 2017, 14:09 |
admad |
@irongomme set that field and inaccessible in entity then it cant be saved, no need to validate :slightly_smiling_face: |
# |
Jul 18th 2017, 14:09 |
dereuromark |
you can whitelist the accepted fields on marshalling |
# |
Jul 18th 2017, 14:08 |
dereuromark |
I think whitelisting is alsways better than blacklisting |
# |
Jul 18th 2017, 14:08 |
saeideng |
require....() |
# |
Jul 18th 2017, 14:07 |
irongomme |
Hello everybody, How to add a validation rule to prevent for adding a forbidden field on create ? |
# |
Jul 18th 2017, 14:06 |
cake-novice |
+1 |
# |
Jul 18th 2017, 14:04 |
admad |
you would need a to decide the JWT only once per request. The performance difference in that case would be irrelevant imo |
# |
Jul 18th 2017, 14:04 |
dereuromark |
also i am not comparing firebase with any solution |
# |
Jul 18th 2017, 14:03 |
cake-novice |
but we should also look at performace at any solution before implement... |
# |
Jul 18th 2017, 14:02 |
admad |
i am not comparing firebase and https://github.com/lcobucci/jwt .. just was looking at but https://github.com/Spomky-Labs/jose/issues/161 https://github.com/lcobucci/jwt/issues/187 seems some perfomance issue there |
# |
Jul 18th 2017, 14:02 |
admad |
firebase/jwt is absolutely fine. If you prefer using builders use lcobucci/jwt |
# |
Jul 18th 2017, 14:02 |
admad |
decoding a jwt token isn't rocket science, why is performance even an issue? |
# |
Jul 18th 2017, 14:00 |
sathomsen |
i agreee with you but ADmad plugin also required same Firebase |
# |
Jul 18th 2017, 14:00 |
sathomsen |
I’ve also build a plugin for Facebook authentication that can be used with that plugin for pure API auth :slightly_smiling_face: |
# |
Jul 18th 2017, 14:00 |
dereuromark |
why is perrformance relevant? |
# |
Jul 18th 2017, 14:00 |
neon1024 |
cake-novice, I haven’t compared them all. |
# |
Jul 18th 2017, 14:00 |
cake-novice |
@neon1024 what about its performance issue ? it little bit slow than other solution ? |
# |
Jul 18th 2017, 13:59 |
sathomsen |
@cake_novice I’ve worked a great deal with ADmad plugin works great:) |
# |
Jul 18th 2017, 13:57 |
cleptric |
Token signature also there seems |
# |
Jul 18th 2017, 13:57 |
cleptric |
fair enough, array vs mutators |
# |
Jul 18th 2017, 13:56 |
neon1024 |
@cleptric https://github.com/lcobucci/jwt/blob/3.2/README.md#creating |
# |
Jul 18th 2017, 13:55 |
cake-novice |
i was also looking at this.. but https://github.com/Spomky-Labs/jose/issues/161 https://github.com/lcobucci/jwt/issues/187 seems some perfomance issue there |
# |
Jul 18th 2017, 13:55 |
cleptric |
Calling decode and encode :) ? |
# |
Jul 18th 2017, 13:55 |
neon1024 |
It’s api is much more logical imho |
# |
Jul 18th 2017, 13:54 |
neon1024 |
https://github.com/lcobucci/jwt |
# |
Jul 18th 2017, 13:54 |
neon1024 |
then which one ? |
# |
Jul 18th 2017, 13:54 |
neon1024 |
I’d say to not use that one |
# |
Jul 18th 2017, 13:53 |
cleptric |
So yes, it should do the job |