Log message #4193852

# At Username Text
# Jul 18th 2019, 11:37 neon1024 @davorminchorov Just for balance I’m the total opposite of @acosonic and would never setup my own mail server for sending email, and would instead use a service like Sendgrid
# Jul 18th 2019, 11:36 acosonic @davorminchorov anything that you have full control and responsibility of... If it's mail server, then it means making your own stmp, and ensuring it gets 10/10 on mail-tester.com ...
# Jul 18th 2019, 11:35 neon1024 When unit testing, do I have to declare a schema for a table? It seems to be missing, but I am not mocking the table class, and I’m using a fixture
# Jul 18th 2019, 11:35 acosonic I guess that you would need some kind of log analyser to ensure google did it's part
# Jul 18th 2019, 11:35 davorminchorov what would you suggest for enterprise?
# Jul 18th 2019, 11:34 acosonic for enterprise use...
# Jul 18th 2019, 11:34 acosonic including gmail...
# Jul 18th 2019, 11:34 acosonic @davorminchorov I'm avoiding cloud anything, at all costs :)
# Jul 18th 2019, 11:33 davorminchorov Anyone ever had issues sending emails via Gmail from their apps where there were connection timeouts from time to time in some cases? Is this possible to fix somehow?
# Jul 18th 2019, 11:33 acosonic @conehead first solution worked
# Jul 18th 2019, 11:21 conehead Or you could make that default array static. Then you could access it via EmailConfig::default
# Jul 18th 2019, 11:20 acosonic I'll test with var-dumping...
# Jul 18th 2019, 11:20 conehead You need to instantiate that class if you want to get the data. (new EmailConfig())->default;
# Jul 18th 2019, 11:19 neon1024 Would be my first guess
# Jul 18th 2019, 11:19 neon1024 `$Email->getConfig()`
# Jul 18th 2019, 11:08 acosonic Hi everyone, how can I read data from class EmailConfig { public $default = array( Should I somehow include that class? I want to get values from within default array...
# Jul 18th 2019, 10:58 neon1024 If you need to assign to a protected property
# Jul 18th 2019, 10:58 neon1024 I think you can also modify the property as part of either save() or patchEntity(), I don’t recall which one
# Jul 18th 2019, 10:57 neon1024 You could just add the property to your extending entity
# Jul 18th 2019, 10:37 mikemack protected function _setRole($value) { $this->set($value, ['role' => false]); }
# Jul 18th 2019, 10:35 mikemack Work with cakedc user plugin. I modify the user table, and follow https://github.com/CakeDC/users/blob/master/Docs/Documentation/Extending-the-Plugin.md#extending-the-model-tableentity And on the MyUser Entity, how to disable the
# Jul 18th 2019, 10:27 dereuromark not sure, arent there still cases where you - without fields list - would be allowed to mass assign then too much? I just use explicit fields always here.
# Jul 18th 2019, 10:23 slackebot user is admin if ($user->isAdmin()) { $userToUpdate->accessible('role, true); } // proceed as usual $this->Users->patchEntity($userToUpdate, $data) ``` You think this would be a suitable solution?
# Jul 18th 2019, 10:23 conehead Yes sure. Was just thinking about how to do it without editing the whitelist every time I add a property. Depending @felix.robaglia problem It should be possible to set the `$_accessible` `role => false` and before patching the entity in the controller you check if the current user has the rights to change the role. If yes, you could make that field accessible. ``` $data = $this->getRequest()->getData(); // allow to update role if current
# Jul 18th 2019, 10:09 dereuromark in general a whitelist is usually always safer than blacklists.
# Jul 18th 2019, 10:08 dereuromark no, that is all cachd.
# Jul 18th 2019, 10:07 conehead Hm schema by accessing the database? This could allow values that are restricted via `accessible`
# Jul 18th 2019, 09:23 dereuromark i might have made a convienience method for this in tools or shim plugin maybe
# Jul 18th 2019, 09:23 dereuromark you could using schema
# Jul 18th 2019, 09:21 conehead @dereuromark is there a way to set "fields" to "allFieldsExcept"? Or do I always need to list all the properties by hand? Documentation looks like I can only set fields that should be patches.
# Jul 18th 2019, 08:57 felix.robaglia Sure, will do !
# Jul 18th 2019, 08:54 aivaras.godliauskas @felix.robaglia shere your progress. Im interesed in this topic as well:)
# Jul 18th 2019, 08:53 felix.robaglia Thanks for the help i'll see what i can do
# Jul 18th 2019, 08:52 dereuromark Also check TinyAuth maybe in terms of DRY and secure ways to easily handle all of this. Make sure you use "fields" key always where you allow users to edit any user data and that role is never part of it for "crud editing" here.
# Jul 18th 2019, 08:51 dereuromark this is usually persisted into the session Auth.User data when writing login data
# Jul 18th 2019, 08:51 felix.robaglia I see :slightly_smiling_face: I already do that kind of redirects also
# Jul 18th 2019, 08:50 dereuromark if you do your login and user update actions (edit) correctly, all is save here
# Jul 18th 2019, 08:49 aivaras.godliauskas in my case, im checking if user can access current scope, before letting him there. For example if user has access to *users/edit* otherwise redirect him somewhere he belongs.
# Jul 18th 2019, 08:47 aivaras.godliauskas or maybe define('role', 'admin') somwhere in app controller? so u can access status globaly?
# Jul 18th 2019, 08:46 aivaras.godliauskas hmm not sure about best strategy, but you can have a variable, lets say ```$is_admin``` in entity. and pass it before update. $entity->setIsAdmin(true/false)
# Jul 18th 2019, 08:44 felix.robaglia ``` protected function _setRole() { if (!($this->Auth->user('role') === 'admin')) { return $this->Auth->user('role'); } } ```