| # |
Jul 18th 2019, 11:19 |
 neon1024 |
`$Email->getConfig()` |
| # |
Jul 18th 2019, 11:08 |
acosonic |
Hi everyone, how can I read data from class EmailConfig { public $default = array( Should I somehow include that class? I want to get values from within default array... |
| # |
Jul 18th 2019, 10:58 |
neon1024 |
If you need to assign to a protected property |
| # |
Jul 18th 2019, 10:58 |
neon1024 |
I think you can also modify the property as part of either save() or patchEntity(), I don’t recall which one |
| # |
Jul 18th 2019, 10:57 |
neon1024 |
You could just add the property to your extending entity |
| # |
Jul 18th 2019, 10:37 |
mikemack |
protected function _setRole($value) { $this->set($value, ['role' => false]); } |
| # |
Jul 18th 2019, 10:35 |
mikemack |
Work with cakedc user plugin. I modify the user table, and follow https://github.com/CakeDC/users/blob/master/Docs/Documentation/Extending-the-Plugin.md#extending-the-model-tableentity And on the MyUser Entity, how to disable the |
| # |
Jul 18th 2019, 10:27 |
dereuromark |
not sure, arent there still cases where you - without fields list - would be allowed to mass assign then too much? I just use explicit fields always here. |
| # |
Jul 18th 2019, 10:23 |
slackebot |
user is admin if ($user->isAdmin()) { $userToUpdate->accessible('role, true); } // proceed as usual $this->Users->patchEntity($userToUpdate, $data) ``` You think this would be a suitable solution? |
| # |
Jul 18th 2019, 10:23 |
conehead |
Yes sure. Was just thinking about how to do it without editing the whitelist every time I add a property. Depending @felix.robaglia problem It should be possible to set the `$_accessible` `role => false` and before patching the entity in the controller you check if the current user has the rights to change the role. If yes, you could make that field accessible. ``` $data = $this->getRequest()->getData(); // allow to update role if current |
| # |
Jul 18th 2019, 10:09 |
dereuromark |
in general a whitelist is usually always safer than blacklists. |
| # |
Jul 18th 2019, 10:08 |
dereuromark |
no, that is all cachd. |
| # |
Jul 18th 2019, 10:07 |
conehead |
Hm schema by accessing the database? This could allow values that are restricted via `accessible` |
| # |
Jul 18th 2019, 09:23 |
dereuromark |
i might have made a convienience method for this in tools or shim plugin maybe |
| # |
Jul 18th 2019, 09:23 |
dereuromark |
you could using schema |
| # |
Jul 18th 2019, 09:21 |
conehead |
@dereuromark is there a way to set "fields" to "allFieldsExcept"? Or do I always need to list all the properties by hand? Documentation looks like I can only set fields that should be patches. |
| # |
Jul 18th 2019, 08:57 |
felix.robaglia |
Sure, will do ! |
| # |
Jul 18th 2019, 08:54 |
aivaras.godliauskas |
@felix.robaglia shere your progress. Im interesed in this topic as well:) |
| # |
Jul 18th 2019, 08:53 |
felix.robaglia |
Thanks for the help i'll see what i can do |
| # |
Jul 18th 2019, 08:52 |
dereuromark |
Also check TinyAuth maybe in terms of DRY and secure ways to easily handle all of this. Make sure you use "fields" key always where you allow users to edit any user data and that role is never part of it for "crud editing" here. |
| # |
Jul 18th 2019, 08:51 |
dereuromark |
this is usually persisted into the session Auth.User data when writing login data |
| # |
Jul 18th 2019, 08:51 |
felix.robaglia |
I see :slightly_smiling_face: I already do that kind of redirects also |
| # |
Jul 18th 2019, 08:50 |
dereuromark |
if you do your login and user update actions (edit) correctly, all is save here |
| # |
Jul 18th 2019, 08:49 |
aivaras.godliauskas |
in my case, im checking if user can access current scope, before letting him there. For example if user has access to *users/edit* otherwise redirect him somewhere he belongs. |
| # |
Jul 18th 2019, 08:47 |
aivaras.godliauskas |
or maybe define('role', 'admin') somwhere in app controller? so u can access status globaly? |
| # |
Jul 18th 2019, 08:46 |
aivaras.godliauskas |
hmm not sure about best strategy, but you can have a variable, lets say ```$is_admin``` in entity. and pass it before update. $entity->setIsAdmin(true/false) |
| # |
Jul 18th 2019, 08:44 |
felix.robaglia |
``` protected function _setRole() { if (!($this->Auth->user('role') === 'admin')) { return $this->Auth->user('role'); } } ``` |
| # |
Jul 18th 2019, 08:44 |
felix.robaglia |
I thought I could do something like this, but I don't have access to Auth in Entity/User.php. Any ideas how I could accomplish this ? |
| # |
Jul 18th 2019, 08:26 |
felix.robaglia |
I meant User entity. |
| # |
Jul 18th 2019, 08:26 |
felix.robaglia |
I think I found a way using _setRole in UsersTable. Thanks :slightly_smiling_face: |
| # |
Jul 18th 2019, 08:14 |
challgren |
if ($user->isAdmin) { $role = “html for input type”; } |
| # |
Jul 18th 2019, 08:13 |
felix.robaglia |
Cause even though they shouldn't be able to, i'm always scared they add a input manually to the dom connected to role and change it to become admin |
| # |
Jul 18th 2019, 08:13 |
felix.robaglia |
Hello, what is the easiest way to tell Cake : 'Users that aren't 'admin' can't modify the 'role' column" ? |
| # |
Jul 18th 2019, 08:12 |
dereuromark |
The delete ajax thingie worked quite well for now to roll out on all paginated tables. |
| # |
Jul 18th 2019, 08:12 |
dereuromark |
I think in 3.x/4.x it should be rather easy to generate some more generic tooling that easily injects itself here, or provides some skeleton around these tasks. too much manual is not DRY IMO^^ |
| # |
Jul 18th 2019, 08:09 |
challgren |
As for AJAX, autocomplete, edit in place I kind of do that manually and dont depend on a plugin |
| # |
Jul 18th 2019, 08:09 |
challgren |
@dereuromark DataTables is the only one that comes to mind |
| # |
Jul 18th 2019, 08:08 |
dereuromark |
Do people have easy to use plugins/code around AJAX and auto-complete, edit-in-place etc? |
| # |
Jul 18th 2019, 08:06 |
challgren |
Yep https://book.cakephp.org/3.0/en/orm/query-builder.html#passing-conditions-to-contain |
| # |
Jul 18th 2019, 08:06 |
scuadra |
Is this possible in Cake3? |
| # |
Jul 18th 2019, 08:05 |
scuadra |
Hello. As long as I remember in Cake 2 find it was possible to do something like 'contain' => ['Images' => ['limit' => 1]] |