# |
Feb 13th 2020, 15:25 |
spriz |
Which one do you use - why? :) |
# |
Feb 13th 2020, 15:24 |
spriz |
``` $this->request = $this->request->withData('foo', 'bar'); |
# |
Feb 13th 2020, 14:42 |
damiano |
ok |
# |
Feb 13th 2020, 14:40 |
noel |
The way I've done that in the past is in AppController... there I check the path in `$_SERVER['REQUEST_URI']` and set a viewVar if it is the home page. |
# |
Feb 13th 2020, 14:38 |
damiano |
so i need to find a way to understanrd if it is the home page or not, or maybe i just set('home', 1) inside the index() action and stop |
# |
Feb 13th 2020, 14:38 |
damiano |
i must load different classes |
# |
Feb 13th 2020, 14:38 |
damiano |
@noel it is a view problem, if it is the home page the header is different |
# |
Feb 13th 2020, 14:37 |
noel |
er.. sorry that posted while I was still thinking about it. pls ignore. |
# |
Feb 13th 2020, 14:36 |
noel |
@damiano I think you're approaching this in the wrong way. The way I would do that is in the AppController and use it to layout |
# |
Feb 13th 2020, 14:35 |
alexmax |
So I've got a question. I don't use `'type' => 'select', 'multiple' => 'checkbox'` with the formHelper terribly often, and I'm getting an error message saying that there is no `checkboxContainer` template. Is this expected? Does CakePHP simply not come with a built-in `checkboxContainer` template? Is that even the correct template for it to grab? Or is this likely something in my app breaking things? |
# |
Feb 13th 2020, 14:35 |
damiano |
so basically two different header so i woukld like to check automatically what class i should use looking at the current route/page |
# |
Feb 13th 2020, 14:34 |
damiano |
because in the header of my template i have different classes |
# |
Feb 13th 2020, 14:34 |
damiano |
then i need a way to understand if the page the user is seeing is the home page or not |
# |
Feb 13th 2020, 14:34 |
damiano |
@noel inside a view i need to check if the current route is a specified named route for example i add _name => 'home' inside my routes.php |
# |
Feb 13th 2020, 14:33 |
noel |
@damiano I'm not sure I understand your question. What is "Current Page"? |
# |
Feb 13th 2020, 14:30 |
damiano |
(inside a view) |
# |
Feb 13th 2020, 14:29 |
rightscoreanalysis |
but I think I need to lock down some fields |
# |
Feb 13th 2020, 14:29 |
rightscoreanalysis |
as mentioned I have some model methods which check a user is the owner of an entity and isAllowed |
# |
Feb 13th 2020, 14:29 |
damiano |
hi guys how can i check if the current page is == named route? |
# |
Feb 13th 2020, 14:28 |
rightscoreanalysis |
but the Cake validation class would cover this I believe |
# |
Feb 13th 2020, 14:28 |
noel |
You can validate in any way you choose. It's just code at the end of the day. |
# |
Feb 13th 2020, 14:27 |
rightscoreanalysis |
I believe you can allow a writ but deny update |
# |
Feb 13th 2020, 14:27 |
noel |
Of course. |
# |
Feb 13th 2020, 14:26 |
rightscoreanalysis |
ah ok so then the validators could be used i guess to prevent updates of certain fields iirc? |
# |
Feb 13th 2020, 14:26 |
noel |
E.g. Does this user have privilege to UPDATE or only INSERT? If it's the latter then it's not a valid request. |
# |
Feb 13th 2020, 14:26 |
noel |
Well of course if it's a valid request then you don't want to prevent it. The trick is determining what makes it an invalid request and coding that into your validators. |
# |
Feb 13th 2020, 14:25 |
rightscoreanalysis |
but if they mock a valid requst I don't see how it can be prevented |
# |
Feb 13th 2020, 14:23 |
noel |
@rightscoreanalysis You have to validate each request. That's down to your business rules. |
# |
Feb 13th 2020, 14:23 |
rightscoreanalysis |
I then post to Model to update the price paid |
# |
Feb 13th 2020, 14:22 |
rightscoreanalysis |
Or a simple example - I make a purchase for price X |
# |
Feb 13th 2020, 14:22 |
rightscoreanalysis |
I have checks to ensure the User is allowed to edit the model - for example they should be the owner.... |
# |
Feb 13th 2020, 14:21 |
noel |
@rightscoreanalysis you can't. You have to limit their privileges based on their user type. But you can't stop them doing something they are authorised to do. What would be the point? |
# |
Feb 13th 2020, 14:21 |
challgren |
@rightscoreanalysis https://book.cakephp.org/4/en/controllers/components/security.html |
# |
Feb 13th 2020, 14:21 |
rightscoreanalysis |
@noel yes I see your point. So how can we prevent soemone who is authorised from posting to the backend? |
# |
Feb 13th 2020, 14:18 |
challgren |
No that really depends on your requirements what you have protected and what you dont |
# |
Feb 13th 2020, 14:18 |
sebastian.krzewinski. |
its something wrong? |
# |
Feb 13th 2020, 14:17 |
challgren |
If thats what you want. |
# |
Feb 13th 2020, 14:17 |
sebastian.krzewinski. |
but only for home and pages |
# |
Feb 13th 2020, 14:17 |
sebastian.krzewinski. |
i think about this: $this->Authentication->addUnauthenticatedActions(['index', 'view']); |
# |
Feb 13th 2020, 14:16 |
challgren |
@sebastian.krzewinski. see https://book.cakephp.org/4/en/tutorials-and-examples/cms/authentication.html near `In your UsersController, add the following code:` |
# |
Feb 13th 2020, 14:14 |
noel |
@rightscoreanalysis for that to happen, the authorised use would be the hacker and would be hacking his own session... which isn't what CSRF protection is designed to prevent. |