Log message #4193828

# At Username Text
# Jul 18th 2019, 10:09 dereuromark in general a whitelist is usually always safer than blacklists.
# Jul 18th 2019, 10:08 dereuromark no, that is all cachd.
# Jul 18th 2019, 10:07 conehead Hm schema by accessing the database? This could allow values that are restricted via `accessible`
# Jul 18th 2019, 09:23 dereuromark i might have made a convienience method for this in tools or shim plugin maybe
# Jul 18th 2019, 09:23 dereuromark you could using schema
# Jul 18th 2019, 09:21 conehead @dereuromark is there a way to set "fields" to "allFieldsExcept"? Or do I always need to list all the properties by hand? Documentation looks like I can only set fields that should be patches.
# Jul 18th 2019, 08:57 felix.robaglia Sure, will do !
# Jul 18th 2019, 08:54 aivaras.godliauskas @felix.robaglia shere your progress. Im interesed in this topic as well:)
# Jul 18th 2019, 08:53 felix.robaglia Thanks for the help i'll see what i can do
# Jul 18th 2019, 08:52 dereuromark Also check TinyAuth maybe in terms of DRY and secure ways to easily handle all of this. Make sure you use "fields" key always where you allow users to edit any user data and that role is never part of it for "crud editing" here.
# Jul 18th 2019, 08:51 dereuromark this is usually persisted into the session Auth.User data when writing login data
# Jul 18th 2019, 08:51 felix.robaglia I see :slightly_smiling_face: I already do that kind of redirects also
# Jul 18th 2019, 08:50 dereuromark if you do your login and user update actions (edit) correctly, all is save here
# Jul 18th 2019, 08:49 aivaras.godliauskas in my case, im checking if user can access current scope, before letting him there. For example if user has access to *users/edit* otherwise redirect him somewhere he belongs.
# Jul 18th 2019, 08:47 aivaras.godliauskas or maybe define('role', 'admin') somwhere in app controller? so u can access status globaly?
# Jul 18th 2019, 08:46 aivaras.godliauskas hmm not sure about best strategy, but you can have a variable, lets say ```$is_admin``` in entity. and pass it before update. $entity->setIsAdmin(true/false)
# Jul 18th 2019, 08:44 felix.robaglia ``` protected function _setRole() { if (!($this->Auth->user('role') === 'admin')) { return $this->Auth->user('role'); } } ```
# Jul 18th 2019, 08:44 felix.robaglia I thought I could do something like this, but I don't have access to Auth in Entity/User.php. Any ideas how I could accomplish this ?
# Jul 18th 2019, 08:26 felix.robaglia I meant User entity.
# Jul 18th 2019, 08:26 felix.robaglia I think I found a way using _setRole in UsersTable. Thanks :slightly_smiling_face:
# Jul 18th 2019, 08:14 challgren if ($user->isAdmin) { $role = “html for input type”; }
# Jul 18th 2019, 08:13 felix.robaglia Cause even though they shouldn't be able to, i'm always scared they add a input manually to the dom connected to role and change it to become admin
# Jul 18th 2019, 08:13 felix.robaglia Hello, what is the easiest way to tell Cake : 'Users that aren't 'admin' can't modify the 'role' column" ?
# Jul 18th 2019, 08:12 dereuromark The delete ajax thingie worked quite well for now to roll out on all paginated tables.
# Jul 18th 2019, 08:12 dereuromark I think in 3.x/4.x it should be rather easy to generate some more generic tooling that easily injects itself here, or provides some skeleton around these tasks. too much manual is not DRY IMO^^
# Jul 18th 2019, 08:09 challgren As for AJAX, autocomplete, edit in place I kind of do that manually and dont depend on a plugin
# Jul 18th 2019, 08:09 challgren @dereuromark DataTables is the only one that comes to mind
# Jul 18th 2019, 08:08 dereuromark Do people have easy to use plugins/code around AJAX and auto-complete, edit-in-place etc?
# Jul 18th 2019, 08:06 challgren Yep https://book.cakephp.org/3.0/en/orm/query-builder.html#passing-conditions-to-contain
# Jul 18th 2019, 08:06 scuadra Is this possible in Cake3?
# Jul 18th 2019, 08:05 scuadra Hello. As long as I remember in Cake 2 find it was possible to do something like 'contain' => ['Images' => ['limit' => 1]]
# Jul 18th 2019, 08:01 neon1024 Morning all
# Jul 18th 2019, 07:58 val Hi, is there a way to disable one specific cache configuration in 3.x?
# Jul 18th 2019, 07:03 welo.lamacchia but this code: $this->request->getCookie($cookieName) return null
# Jul 18th 2019, 07:03 welo.lamacchia i think it's work, chrome network panel showing the cookie just created
# Jul 18th 2019, 07:00 welo.lamacchia i have also to return the response?
# Jul 18th 2019, 06:59 admad you need to assign back the instance `$this->response = $this->response->withCookie($cookie);`
# Jul 18th 2019, 06:57 welo.lamacchia Cake does not save cookie, what is wrong?
# Jul 18th 2019, 06:47 ajibarra If you want to override the view you need to create src/Template/Plugin/CakeDC/Users/Users/profile.ctp
# Jul 18th 2019, 06:46 ajibarra because the user is sent to view layer including any contain in configuration..and if you need something more specific you can always override get method in your users table (in case you have one)
# Jul 18th 2019, 06:45 ajibarra You can just override the view