| # |
Jun 27th 2019, 14:39 |
 jeremyharris |
yeah I’ve done prefix based roles before, works pretty well until things get complicated or require hierarchy |
| # |
Jun 27th 2019, 14:39 |
neon1024 |
It’s prefix based still as I thought that would make it a bit simpler |
| # |
Jun 27th 2019, 14:38 |
neon1024 |
Figured it can’t be that hard, but then I realised that I give a role access, but I need to restrict them elsewhere |
| # |
Jun 27th 2019, 14:38 |
neon1024 |
Yeah, I should have done that |
| # |
Jun 27th 2019, 14:38 |
jeremyharris |
@neon1024 might be worth looking into RBAC (role based access control) plugins for ideas, or the new authorization lib which has a really nice policy system which you might be able to gain insight from |
| # |
Jun 27th 2019, 14:29 |
neon1024 |
Ah, I can make my own Role Auth :) |
| # |
Jun 27th 2019, 14:26 |
mdotobie |
Evening @admad, per our discussion yesterday about when `Form::schema()` is called, I did not realize that `__debuginfo` is a magic method that gets called when `print_r` is used on an object. PsySH is using print_r to immediately output objects you’ve mutated or instantiated which in turn is calling the `__debuginfo` method on the Form object and within that the Schema dependency. |
| # |
Jun 27th 2019, 14:24 |
neon1024 |
Kinda like a `$this->Auth->allow()` but with a value to match |
| # |
Jun 27th 2019, 14:22 |
neon1024 |
Or it the controllers `isAuthorized()` perhaps, by overloading the AppController method |
| # |
Jun 27th 2019, 14:22 |
neon1024 |
Or give access to controllers and manage action permission in the controller beforeFilter? |
| # |
Jun 27th 2019, 14:21 |
neon1024 |
Is there a more elegant way to manage permissions by role, other than a big `isAuthorized()` method? |
| # |
Jun 27th 2019, 14:06 |
admad |
@challgren this deprecation notices in validator exist since 3.8.0-beta1 https://github.com/cakephp/cakephp/commit/d1a0cfe0fc0677d78f69cfec589acca296384720 |
| # |
Jun 27th 2019, 13:42 |
neon1024 |
Oh, I guessed correctly! `[‘controller’ => ‘Examples’, ‘action’ => ‘view’, ‘prefix’ => ’foo/bar\ |
| # |
Jun 27th 2019, 13:41 |
neon1024 |
When using nested prefixes, what does the ‘prefix’ url array option look like? |
| # |
Jun 27th 2019, 13:34 |
cake-aml |
I can think of other solutions such as checking the route for that controller or avoid using the middleware and load a component that could then be configured, but I feel like there's a more elegant solution somewhere |
| # |
Jun 27th 2019, 13:30 |
cake-aml |
thanks for the reply. Is there then any 'good' way of achieving what I want? |
| # |
Jun 27th 2019, 13:28 |
admad |
response instance should never be modified before calling $next(). While it will work for now it will break in 4.0 |
| # |
Jun 27th 2019, 13:16 |
slackebot |
calls $next() first then applies the headers) am I simply approaching this wrong and shouldn't unset the header in my Controller? or is there a clean way to unset the header? so far overriding the middleware to set the headers before $next() or using a "global" instance (SecurityHeadersMiddleware::instance() and change it there) have worked for me, but I'm not convinced I should be doing that |
| # |
Jun 27th 2019, 13:16 |
cake-aml |
hi I'm trying to set X-Frame-Options to 'sameorigin' in my application, but I want to manually disable it in a specific Controller. I tried using the setXFrameOptions method in SecurityHeadersMiddleware + manually unsetting the header in that controller's beforeFilter ($this->response = $this->response->withoutHeader('x-frame-options')) the problem is that the SecurityHeadersMiddleware always sets the Headers after the controller (__invoke |
| # |
Jun 27th 2019, 10:09 |
neon1024 |
@david last time I hit this issue it was because I had misconfigured my Nginx setup |
| # |
Jun 27th 2019, 09:55 |
vossen.steven |
array notation isnt needed if only one word though |
| # |
Jun 27th 2019, 09:54 |
vossen.steven |
__('Some word: {0}, ['word']) |
| # |
Jun 27th 2019, 09:54 |
egalles |
mmm ok, thanks |
| # |
Jun 27th 2019, 09:54 |
vossen.steven |
should be {0} instead of %s |
| # |
Jun 27th 2019, 09:53 |
egalles |
when I do that, the text in view shows me: Some word: %s |
| # |
Jun 27th 2019, 09:53 |
egalles |
hi there, looking for translate some texts, it's that the correct way ? __('Some word: %s,'word'); ¿? |
| # |
Jun 27th 2019, 09:40 |
david |
any idea? |
| # |
Jun 27th 2019, 09:40 |
david |
when using ADmad/cakephp-i18n, if I do not set the language, like: http://mydomain.com It is redirecting me to http://mydomain.com//es (notice the double slash before the language slug). It's the first time I have this problem, I always use this plugin and I'm sure I'm doing something wrong this time, but I can't figure what is. |
| # |
Jun 27th 2019, 09:37 |
david |
morning |
| # |
Jun 27th 2019, 09:12 |
slackebot |
CORE/Cake/Routing/Dispatcher.php line 200 → Controller->render() CORE/Cake/Routing/Dispatcher.php line 167 → Dispatcher->_invoke(SuivisController, CakeRequest) APP/webroot/index.php line 117 → Dispatcher->dispatch(CakeRequest, CakeResponse) ``` I don't understand why... (CakePHP 2.10.13) |
| # |
Jun 27th 2019, 09:12 |
a.didier |
Hello, when i put `App::uses('HttpSocket', 'Network/Http');` in my Component all my app crash with this error message `Cannot use object of type stdClass as array` The stack trace say this : ``` CORE/Cake/View/View.php line 971 → include() CORE/Cake/View/View.php line 933 → View->_evaluate(string, array) CORE/Cake/View/View.php line 473 → View->_render(string) CORE/Cake/Controller/Controller.php line 968 → View->render(null, null) |
| # |
Jun 27th 2019, 08:59 |
challgren |
@admad do you know of any CVE’s with cake 2.10.13+? |
| # |
Jun 27th 2019, 08:47 |
challgren |
I wonder if dereuromark already fixed his upgrade plugin |
| # |
Jun 27th 2019, 08:44 |
challgren |
I was planning on update to the final release and push to prod |
| # |
Jun 27th 2019, 08:44 |
challgren |
Ok, cause I was all gun hoe about it being ready for 3.8 and now I got work to do |
| # |
Jun 27th 2019, 08:44 |
admad |
@challgren I'll bring that up with the team and try to do better in future :slightly_smiling_face: |
| # |
Jun 27th 2019, 08:43 |
challgren |
Ok back to 3.8.0 why didn’t the validation deprecation change happen during the RC? |
| # |
Jun 27th 2019, 08:41 |
madbbb |
@admad thank you! It is really sends event to global listener))) I didn't notice that trait returns local event manager |
| # |
Jun 27th 2019, 08:41 |
slackebot |
<challgren> |
| # |
Jun 27th 2019, 08:41 |
neon1024 |
;) |
| # |
Jun 27th 2019, 08:41 |
neon1024 |
Careful, or we’ll throw a random u in there too! |