Log message #4171977

# At Username Text
# Jan 1st 2019, 03:20 challgren The entity wont get the request data so it wont be able to do any validation
# Jan 1st 2019, 03:19 cgtag okay
# Jan 1st 2019, 03:19 challgren That and many other things, If you need to control deletion run your checks in the controller
# Jan 1st 2019, 03:19 cgtag Because of associated data?
# Jan 1st 2019, 03:18 challgren Nope
# Jan 1st 2019, 03:18 cgtag Seems like a business rule constraint in the domain of the model. If you make it a rule it stops all attack vectors. Wouldn't it?
# Jan 1st 2019, 03:17 challgren The validation is for data being created/patched you would need to define your own access control in the controller
# Jan 1st 2019, 03:16 cgtag I want to check user ownership of records. Make sure the user_id is for the current user.
# Jan 1st 2019, 03:16 challgren Why would you need validation rules when deleting?
# Jan 1st 2019, 03:14 cgtag When creating a custom rule. The docs say that "$rules->add(..)" only adds rules for create and update options. Does this mean that the rule is excluded from delete operations? If so, does anyone know why it's excluded?
# Jan 1st 2019, 03:13 cgtag I have a question about the documentation here: https://book.cakephp.org/3.0/en/orm/validation.html#creating-a-rules-checker
# Jan 1st 2019, 03:13 cgtag Happy New Year!
# Jan 1st 2019, 02:23 wp4nuv Happy New Year!!
# Jan 1st 2019, 00:23 wp4nuv Hello folks! On Cake2, has anyone had issues with queries that do not return all requested fields?
# Dec 31st 2018, 23:33 murat Just to differentiate between an error and authorization problem when I process the ajax response.
# Dec 31st 2018, 23:32 murat Anything other than 500 is fine.
# Dec 31st 2018, 23:32 challgren But on that I’m not 100% I could see you wanting 401
# Dec 31st 2018, 23:29 murat Thanks a lot.
# Dec 31st 2018, 23:28 murat Yeah, that makes sense actually.
# Dec 31st 2018, 23:28 challgren 403 would be what you want honestly
# Dec 31st 2018, 23:28 murat Is there a way to change the response for unauthorized AJAX requests to a particular HTTP code?
# Dec 31st 2018, 23:26 challgren Sweet!
# Dec 31st 2018, 23:26 murat Ok, now it gives `ForbiddenException` which is good.
# Dec 31st 2018, 23:23 challgren Try putting it in initialize function
# Dec 31st 2018, 23:23 murat @challgren I just realized, when an AJAX request is unauthorized, `$this->Auth` returns false and causes `beforeFilter()` to show an error about the failed call to `config()`.
# Dec 31st 2018, 23:16 challgren I’ll be doing a big PR to fix em all. I’m tired of my logs getting filled from CommonComponent
# Dec 31st 2018, 23:12 challgren Man @dereuromark the Tools plugin needs a lot of help with the tests! 100+ errors when turning on DEPREACTED warnings
# Dec 31st 2018, 22:54 murat Thanks a lot :grinning:
# Dec 31st 2018, 22:43 challgren sweet!! Glad it helped yah!
# Dec 31st 2018, 22:24 murat This seems to work. ``` public function beforeFilter(Event $event) { if ($this->request->is('ajax')) { $this->Auth->config('unauthorizedRedirect', false); } } ```
# Dec 31st 2018, 22:13 murat I'm still working on it. I needed to take a quick break.
# Dec 31st 2018, 22:07 challgren That work @murat ?
# Dec 31st 2018, 21:43 challgren might need a $this->Auth->config(‘loginAction’, false); somewhere in there too but again depends on your config
# Dec 31st 2018, 21:42 murat That's interesting; let me give it a try.
# Dec 31st 2018, 21:41 murat Oh ok, I was confused because I keep thinking about `isAuthorized` or the action methods.
# Dec 31st 2018, 21:40 challgren or initialize()
# Dec 31st 2018, 21:40 challgren Depends on your config but beforeFilter of the AppController
# Dec 31st 2018, 21:40 murat I'm not sure where I'm supposed to put that.
# Dec 31st 2018, 21:35 challgren if ($this->getRequest()->is(’ajax) {}
# Dec 31st 2018, 21:35 challgren $this->Auth->config(‘unauthorizedRedirect’, ‘false’);
# Dec 31st 2018, 21:34 murat What's the proper to way to prevent redirection for AJAX calls?