# |
Jan 1st 2019, 03:19 |
challgren |
That and many other things, If you need to control deletion run your checks in the controller |
# |
Jan 1st 2019, 03:19 |
cgtag |
Because of associated data? |
# |
Jan 1st 2019, 03:18 |
challgren |
Nope |
# |
Jan 1st 2019, 03:18 |
cgtag |
Seems like a business rule constraint in the domain of the model. If you make it a rule it stops all attack vectors. Wouldn't it? |
# |
Jan 1st 2019, 03:17 |
challgren |
The validation is for data being created/patched you would need to define your own access control in the controller |
# |
Jan 1st 2019, 03:16 |
cgtag |
I want to check user ownership of records. Make sure the user_id is for the current user. |
# |
Jan 1st 2019, 03:16 |
challgren |
Why would you need validation rules when deleting? |
# |
Jan 1st 2019, 03:14 |
cgtag |
When creating a custom rule. The docs say that "$rules->add(..)" only adds rules for create and update options. Does this mean that the rule is excluded from delete operations? If so, does anyone know why it's excluded? |
# |
Jan 1st 2019, 03:13 |
cgtag |
I have a question about the documentation here: https://book.cakephp.org/3.0/en/orm/validation.html#creating-a-rules-checker |
# |
Jan 1st 2019, 03:13 |
cgtag |
Happy New Year! |
# |
Jan 1st 2019, 02:23 |
wp4nuv |
Happy New Year!! |
# |
Jan 1st 2019, 00:23 |
wp4nuv |
Hello folks! On Cake2, has anyone had issues with queries that do not return all requested fields? |
# |
Dec 31st 2018, 23:33 |
murat |
Just to differentiate between an error and authorization problem when I process the ajax response. |
# |
Dec 31st 2018, 23:32 |
murat |
Anything other than 500 is fine. |
# |
Dec 31st 2018, 23:32 |
challgren |
But on that I’m not 100% I could see you wanting 401 |
# |
Dec 31st 2018, 23:29 |
murat |
Thanks a lot. |
# |
Dec 31st 2018, 23:28 |
murat |
Yeah, that makes sense actually. |
# |
Dec 31st 2018, 23:28 |
challgren |
403 would be what you want honestly |
# |
Dec 31st 2018, 23:28 |
murat |
Is there a way to change the response for unauthorized AJAX requests to a particular HTTP code? |
# |
Dec 31st 2018, 23:26 |
challgren |
Sweet! |
# |
Dec 31st 2018, 23:26 |
murat |
Ok, now it gives `ForbiddenException` which is good. |
# |
Dec 31st 2018, 23:23 |
challgren |
Try putting it in initialize function |
# |
Dec 31st 2018, 23:23 |
murat |
@challgren I just realized, when an AJAX request is unauthorized, `$this->Auth` returns false and causes `beforeFilter()` to show an error about the failed call to `config()`. |
# |
Dec 31st 2018, 23:16 |
challgren |
I’ll be doing a big PR to fix em all. I’m tired of my logs getting filled from CommonComponent |
# |
Dec 31st 2018, 23:12 |
challgren |
Man @dereuromark the Tools plugin needs a lot of help with the tests! 100+ errors when turning on DEPREACTED warnings |
# |
Dec 31st 2018, 22:54 |
murat |
Thanks a lot :grinning: |
# |
Dec 31st 2018, 22:43 |
challgren |
sweet!! Glad it helped yah! |
# |
Dec 31st 2018, 22:24 |
murat |
This seems to work. ``` public function beforeFilter(Event $event) { if ($this->request->is('ajax')) { $this->Auth->config('unauthorizedRedirect', false); } } ``` |
# |
Dec 31st 2018, 22:13 |
murat |
I'm still working on it. I needed to take a quick break. |
# |
Dec 31st 2018, 22:07 |
challgren |
That work @murat ? |
# |
Dec 31st 2018, 21:43 |
challgren |
might need a $this->Auth->config(‘loginAction’, false); somewhere in there too but again depends on your config |
# |
Dec 31st 2018, 21:42 |
murat |
That's interesting; let me give it a try. |
# |
Dec 31st 2018, 21:41 |
murat |
Oh ok, I was confused because I keep thinking about `isAuthorized` or the action methods. |
# |
Dec 31st 2018, 21:40 |
challgren |
or initialize() |
# |
Dec 31st 2018, 21:40 |
challgren |
Depends on your config but beforeFilter of the AppController |
# |
Dec 31st 2018, 21:40 |
murat |
I'm not sure where I'm supposed to put that. |
# |
Dec 31st 2018, 21:35 |
challgren |
if ($this->getRequest()->is(’ajax) {} |
# |
Dec 31st 2018, 21:35 |
challgren |
$this->Auth->config(‘unauthorizedRedirect’, ‘false’); |
# |
Dec 31st 2018, 21:34 |
murat |
What's the proper to way to prevent redirection for AJAX calls? |
# |
Dec 31st 2018, 21:34 |
murat |
Hey guys, I have a question about AuthComponent. I set it up so that it redirects to the home page upon unauthorized access, but I don't want the redirection to happen when I |
# |
Dec 31st 2018, 18:24 |
challgren |
ModelAwareTrait right? |