# |
Aug 22nd 2019, 15:31 |
alexdd55976 |
now you got me all confused :) |
# |
Aug 22nd 2019, 15:31 |
ricksaccous |
makes sense |
# |
Aug 22nd 2019, 15:31 |
nemmons |
(well, i am also trying to avoid using the old AuthorizationComponent for the same reason) |
# |
Aug 22nd 2019, 15:30 |
nemmons |
ah yeah sorry, i should have specified |
# |
Aug 22nd 2019, 15:30 |
ricksaccous |
which is the new stuff |
# |
Aug 22nd 2019, 15:30 |
ricksaccous |
no he's talking about the authorization component that comes with the plugin |
# |
Aug 22nd 2019, 15:30 |
alexdd55976 |
it will be deprecated in the near future, won't it? |
# |
Aug 22nd 2019, 15:30 |
nemmons |
that way i can just unit test the policies and not worry about devs doing weird shit in controllers to break the auth |
# |
Aug 22nd 2019, 15:30 |
ricksaccous |
i see |
# |
Aug 22nd 2019, 15:29 |
nemmons |
i'm trying to avoid using the AuthorizationComponent at all because it seems to make more sense to do all the Auth at the middleware level |
# |
Aug 22nd 2019, 15:29 |
nemmons |
nah i think you're right. i was hoping this would automagically apply model-based policies using the OrmResolver |
# |
Aug 22nd 2019, 15:29 |
ricksaccous |
also with requestAuthorizationMiddleware do not expect to be able to use the component |
# |
Aug 22nd 2019, 15:28 |
ricksaccous |
i was hoping i could do those things when i set it up. lol |
# |
Aug 22nd 2019, 15:28 |
ricksaccous |
maybe i'm not making any sense/am wrong |
# |
Aug 22nd 2019, 15:28 |
ricksaccous |
i dunno |
# |
Aug 22nd 2019, 15:27 |
ricksaccous |
but you can still map policy resolvers on top |
# |
Aug 22nd 2019, 15:27 |
ricksaccous |
policy resolvers |
# |
Aug 22nd 2019, 15:27 |
ricksaccous |
so i think you won't have the automagic of the uhhh |
# |
Aug 22nd 2019, 15:27 |
ricksaccous |
but yeah, i'm wrong |
# |
Aug 22nd 2019, 15:27 |
nemmons |
ugh |
# |
Aug 22nd 2019, 15:27 |
ricksaccous |
you'll have their identity at that stage |
# |
Aug 22nd 2019, 15:26 |
ricksaccous |
yeah so you pretty much read the request and authorize them based on what you read |
# |
Aug 22nd 2019, 15:26 |
ricksaccous |
now that i'm looking at it |
# |
Aug 22nd 2019, 15:26 |
ricksaccous |
but yeah i did use map resolver |
# |
Aug 22nd 2019, 15:26 |
ricksaccous |
it's been a while |
# |
Aug 22nd 2019, 15:25 |
ricksaccous |
you're probably right |
# |
Aug 22nd 2019, 15:25 |
ricksaccous |
sorry |
# |
Aug 22nd 2019, 15:25 |
ricksaccous |
actually |
# |
Aug 22nd 2019, 15:25 |
nemmons |
I must be horribly misreading https://book.cakephp.org/authorization/1.1/en/request-authorization-middleware.html#using-it then |
# |
Aug 22nd 2019, 15:25 |
ricksaccous |
@nemmons no that's not really how RequestAuthorization middleware works |
# |
Aug 22nd 2019, 15:24 |
alexdd55976 |
i added it to my new cake4 project, but no idea how it works. seems not very approachable |
# |
Aug 22nd 2019, 15:24 |
nemmons |
ah, perhaps you're forced to use the MapResolver rather than the other policyresolvers and then you map the request to the resource or something like that... as kind of hinted of in the documentation? |
# |
Aug 22nd 2019, 15:23 |
ricksaccous |
@nemmons i should be more like you, i just use it, lol |
# |
Aug 22nd 2019, 15:20 |
slackebot2 |
step in reading this code... |
# |
Aug 22nd 2019, 15:20 |
nemmons |
does anyone have enough familiarity with the CakePHP Authorization middleware to help me understand something? in RequestAuthorizationMiddleware::invoke(), it calls `$service->can($identity, $this->getConfig('method'), $request);`. However, AuthorizationService::can() has the signature `can($user, $action, $resource)`.. I'm struggling to understand where/how the the request gets converted to a resource. I feel like i must be missing some |
# |
Aug 22nd 2019, 14:23 |
kaliel |
cakephp talks + onsens sounds great, but the fly is too expensive for me :disappointed_relieved: |
# |
Aug 22nd 2019, 14:11 |
alexdd55976 |
@spriz oh, that’s a great idea. My company won’t pay for a vacation in Japan, so this could be an alternative |
# |
Aug 22nd 2019, 14:09 |
spriz |
I'll buy a pass to see things online if possible though @alexdd55976 :) |
# |
Aug 22nd 2019, 14:00 |
spriz |
Unfortunately not :slightly_smiling_face: |
# |
Aug 22nd 2019, 13:58 |
ricksaccous |
undecided, i'll try to make it though |
# |
Aug 22nd 2019, 13:57 |
neon1024 |
I’m attending |