| # |
Apr 15th 2019, 21:33 |
 ricksaccous |
that would be my approach anyway |
| # |
Apr 15th 2019, 21:32 |
ricksaccous |
based on what you find (or don't find) in the user context you are passing |
| # |
Apr 15th 2019, 21:32 |
ricksaccous |
@rightscoreanalysis i honestly haven't used CRUD although it seems to be one of the more popular plugins, i would think that it would make more sense to pass the user context to the validator and conditionally validate that field |
| # |
Apr 15th 2019, 21:22 |
rightscoreanalysis |
Is my approach here correct: I am saving an entity via the CRUD plugin. Before I save I want to check that a user has permission to edit, so in the Crud event "beforeSave" I am calling a function in my model class to check user is permitted, is this correct? |
| # |
Apr 15th 2019, 21:14 |
hollistergraham123 |
Has anyone used this plugin before? https://github.com/elstc/cakephp-activity-logger |
| # |
Apr 15th 2019, 21:14 |
rightscoreanalysis |
so I am also guessing that I should not want to chain other models in the model table class? |
| # |
Apr 15th 2019, 21:13 |
rightscoreanalysis |
@ricksaccous I can pass the value in as a parameter |
| # |
Apr 15th 2019, 21:07 |
ricksaccous |
good luck |
| # |
Apr 15th 2019, 21:07 |
ricksaccous |
I've never used muffin so I don't know too much about it |
| # |
Apr 15th 2019, 21:07 |
ricksaccous |
https://github.com/UseMuffin/Footprint |
| # |
Apr 15th 2019, 21:06 |
ricksaccous |
but I believe what's usually recommended if you absolutely need it is to use the Muffin plugin |
| # |
Apr 15th 2019, 21:06 |
ricksaccous |
@rightscoreanalysis the short answer is you should never want to access user information in a model, the best thing to do in these cases is to pass information from the controller |
| # |
Apr 15th 2019, 21:02 |
rightscoreanalysis |
... using the CakePHP Authentication plugin |
| # |
Apr 15th 2019, 20:57 |
rightscoreanalysis |
Can I get access to the AuthUser in a model function, When I try $this->AuthUser I get a message that AuthUser is not related to the Model in question |
| # |
Apr 15th 2019, 20:01 |
feLiruc |
Hello guys... I have some foreach and my final code is full of white lines with no code... my page is with 1k lines and 5k empty lines... how can I set the cake to not generate this white lines? My code is not with blank lines |
| # |
Apr 15th 2019, 16:50 |
admad |
@phantomwatson composer create-project cakephp/app:4.x-dev |
| # |
Apr 15th 2019, 16:19 |
phantomwatson |
Good point! |
| # |
Apr 15th 2019, 16:17 |
dereuromark |
it is also easier to contribute back right away, any fixes in app or core you might find along the way. |
| # |
Apr 15th 2019, 15:58 |
dereuromark |
I usually git clone the app repo and composer update |
| # |
Apr 15th 2019, 15:55 |
phantomwatson |
I'd like to try the CakePHP 4 alpha through the app skeleton, but I'm stuck on how to run `composer create-project` specifically for the `4.x` branch. Does anyone know off of the top of their heads how to do that? |
| # |
Apr 15th 2019, 15:35 |
unclezoot |
neon, dont know mate, we're using docker + ecs here |
| # |
Apr 15th 2019, 15:19 |
neon1024 |
I’m looking to setup one of my CakePHP applications on AWS to try it ou |
| # |
Apr 15th 2019, 15:19 |
neon1024 |
unclezoot, What’s the deal with Elastic Beanstalk, is that just a shortcut for setting up the bits you need to run a PHP instance in AWS? |
| # |
Apr 15th 2019, 15:19 |
neon1024 |
Are we all trying the Cake 4 alpha? |
| # |
Apr 15th 2019, 15:04 |
jeremyharris |
ok |
| # |
Apr 15th 2019, 15:04 |
jeremyharris |
are you resetting your session each time you test new settings? |
| # |
Apr 15th 2019, 15:04 |
unclezoot |
ill keep looking at it, thanks anyway |
| # |
Apr 15th 2019, 15:04 |
unclezoot |
that's the fallback (which doesnt appear to be working) |
| # |
Apr 15th 2019, 15:03 |
unclezoot |
it's this line isnt it? Session.php: if (!isset($sessionConfig['ini']['session.cookie_secure']) andand env('HTTPS') andand ini_get('session.cookie_secure') != 1) { |
| # |
Apr 15th 2019, 15:03 |
jeremyharris |
cake passes that ini value (or sets it to secure by default) when configuring the PHP sessions so PHP should kick in with the proper security |
| # |
Apr 15th 2019, 15:02 |
jeremyharris |
it’s the session cookie and not a different cookie? |
| # |
Apr 15th 2019, 15:02 |
jeremyharris |
are you sure it |
| # |
Apr 15th 2019, 15:01 |
jeremyharris |
(taking a look at the code) |
| # |
Apr 15th 2019, 14:59 |
unclezoot |
'Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.' |
| # |
Apr 15th 2019, 14:58 |
unclezoot |
that's what i thought, but in Chrome Dev Tools (Application>Cookies) the Secure tickbox is not ticked, and the penetration testing report flagged this up as a 'medium risk': The cookie does not contain the "secure" attribute. |
| # |
Apr 15th 2019, 14:55 |
jeremyharris |
if you’re on ssl |
| # |
Apr 15th 2019, 14:55 |
jeremyharris |
it is set to `true` by default |
| # |
Apr 15th 2019, 14:49 |
unclezoot |
does anyone know how to set the 'secure' flag on a session cookie in cake3? 'Session.ini.session.cookie_secure' => true isnt doing anything for me |
| # |
Apr 15th 2019, 14:48 |
unclezoot |
yeah i think that's what the guy at work ended up doing, some sort of cronjob to keep the lambda alive |
| # |
Apr 15th 2019, 14:42 |
jeremyharris |
because of the warmup time - which you could ping to keep awake if you needed to |
| # |
Apr 15th 2019, 14:41 |
jeremyharris |
I use s3 and cloudfront - no need for lamda because mine is statically generated. lamda is good for little tasks that get a lot of consistent hits |