| # |
Apr 23rd 2021, 16:59 |
 tyler.adam.lazenby |
Here is my source ```/** * Initialize method * * @param array $config The configuration for the Table. * @return void */ public function initialize(array $config): void { parent::initialize($config); $this->setTable('accounts'); $this->setDisplayField('name'); $this->setPrimaryKey('id'); $this->addBehavior('Timestamp'); $this->belongsTo('Users', [ 'foreignKey' => 'user_id', |
| # |
Apr 23rd 2021, 16:59 |
blackjccl |
Hi I am using cakephp 4 and I have created a Custom class and added a folder with my class inside the src `src/ClickMeeting/ClickMeetingRestclient.php` and in my code it is like this `namespace App\ClickMeeting;` and in I am using it like this in my component `use App\ClickMeeting\ClickMeetingRestClient;` but when I run it on my server I get this error `Class 'App\ClickMeeting\ClickMeetingRestClient' not found` |
| # |
Apr 23rd 2021, 16:58 |
tyler.adam.lazenby |
so if I make it know that it has a relationship to the user via its user_id, it can get $account->user but if I add in the relationship for hasMany users, then it stops realizing that, even though both are configured |
| # |
Apr 23rd 2021, 16:58 |
tyler.adam.lazenby |
But only the first declaration is being used |
| # |
Apr 23rd 2021, 16:57 |
tyler.adam.lazenby |
I am trying to configure the Accounts table to know that it can relate to users and and to the single user. The users have an account ID and the accounts table has a user_id |
| # |
Apr 23rd 2021, 16:57 |
tyler.adam.lazenby |
well actually its exactly one |
| # |
Apr 23rd 2021, 16:57 |
tyler.adam.lazenby |
Basically accounts can have many users but there is at least one user who is considered the account holder |
| # |
Apr 23rd 2021, 16:56 |
tyler.adam.lazenby |
I have both a users table and an accounts table |
| # |
Apr 23rd 2021, 16:56 |
tyler.adam.lazenby |
OK I am now running into something different |
| # |
Apr 23rd 2021, 16:55 |
slackebot |
the controller methods be adjusted (maybe?) because they authorization is “injected” via a middleware • And then also with the same plugin and the same Request Policy but a more controller adjustable approach where you can call that Request Policy Class again with `$this->Authorization->can($this->request, 'access')` and no “injected” middleware |
| # |
Apr 23rd 2021, 16:55 |
slackebot |
index). These also need to be checked in the used controller method via `->authorize($entity)` for entity related authorization or `$this->Authorization->applyScope($this->Users->find())` for table/query related authorization • Then we have https://github.com/CakeDC/auth which lets you handle everything but with a more generic Request policy (so not 1 Class per entity/table but 1 Class for *everything*) which doesn’t need to have |
| # |
Apr 23rd 2021, 16:55 |
kevin.pfeifer |
Please correct me if I am wrong but now it seems like there are now 3 main ways how you can handle configuration for authorization: • The “default” cakephp/authorization way where you have Policy Classes for each Entity like `UserPolicy::canEdit()` (for all the entity related authorization like add, edit, view and delete) and Tables `UsersTablePolicy::scopeIndex()` (for mostly query related authorization like |
| # |
Apr 23rd 2021, 16:00 |
tyler.adam.lazenby |
Yeah I know. I fully plan on implimenting it in the near future, and I understand the need to not paint myself further into a corner. BUT this is something I need now and for a single action... and it wouldn't exactly be business smart at this point to change that much source code when I have a deadline for a simple change. |
| # |
Apr 23rd 2021, 15:59 |
admad |
> I want to authorize based on actions Ditto |
| # |
Apr 23rd 2021, 15:57 |
admad |
cakedc/auth's RBAC policy allows handling all permission from a single config file. So you would we removing good from 50+ controllers |
| # |
Apr 23rd 2021, 15:56 |
tyler.adam.lazenby |
some with over 15 methods. |
| # |
Apr 23rd 2021, 15:56 |
tyler.adam.lazenby |
right, but we are talking about altering the logic for about 50 controllers at this point |
| # |
Apr 23rd 2021, 15:53 |
ndm |
No, it's for the plugin, which has a component too. The policy would be a table policy, so for example `UsersTablePolicy` (wrong name in my previous comment, sorry). Again, not a fan, I'd rather use a request policy if I want to authorize based on actions :) |
| # |
Apr 23rd 2021, 15:51 |
tyler.adam.lazenby |
not the authorization plugin? |
| # |
Apr 23rd 2021, 15:51 |
tyler.adam.lazenby |
also isn't this for the auth component |
| # |
Apr 23rd 2021, 15:50 |
tyler.adam.lazenby |
I still need to check if the user is an administrator |
| # |
Apr 23rd 2021, 15:50 |
tyler.adam.lazenby |
OK I get that this command says to automatically authorize the use BUTTTTTT where do I configure the policy? |
| # |
Apr 23rd 2021, 15:47 |
ndm |
Ok, it's not the action map, but the model map :) |
| # |
Apr 23rd 2021, 15:47 |
ndm |
https://book.cakephp.org/authorization/2/en/component.html#automatic-authorization-checks |
| # |
Apr 23rd 2021, 15:46 |
ndm |
You wouldn't pass anything with the first method, it would happen automatically once you've configured the components action map. |
| # |
Apr 23rd 2021, 15:45 |
tyler.adam.lazenby |
just running this as my policy ```return $identity->is_admin;``` |
| # |
Apr 23rd 2021, 15:45 |
tyler.adam.lazenby |
especially since the entity has no data that I am actually checking |
| # |
Apr 23rd 2021, 15:44 |
tyler.adam.lazenby |
I would rather not run through each entity |
| # |
Apr 23rd 2021, 15:43 |
tyler.adam.lazenby |
the issue with the first method is that I can't seem to figure out why when I pass a result set that it throws this error `Policy for Cake\ORM\ResultSet has not been defined.` |
| # |
Apr 23rd 2021, 15:33 |
slackebot |
middleware ( https://book.cakephp.org/authorization/2/en/request-authorization-middleware.html ), or by manually checking the request in your controller, like `$this->Authorization->can($this->request, 'access')`. |
| # |
Apr 23rd 2021, 15:33 |
ndm |
The plugin basically does what you could/would do manually. Generally you basically have two options, you can either use the authorization component's action handling (personally I'm not really a fan of it), which would invoke `can%Action%` on the controller's default model, for example `UserPolicy::canIndex()`, or you can use a request policy (that's what cakedc/auth does), either combined with the request authorization |
| # |
Apr 23rd 2021, 15:31 |
tyler.adam.lazenby |
Just was wondering people's opinions. But I guess that your opinion to use that plugin is just as valid. |
| # |
Apr 23rd 2021, 15:30 |
tyler.adam.lazenby |
I am pretty far into the project and I am not familiar enough with the cakedc/auth plugin to want to impliment it into this one. BUT i will be using it from here on out, because I know it will make things easier |
| # |
Apr 23rd 2021, 15:30 |
tyler.adam.lazenby |
I am guessing role based access control? |
| # |
Apr 23rd 2021, 15:29 |
tyler.adam.lazenby |
??? I am not sure what those letters mean |
| # |
Apr 23rd 2021, 15:28 |
admad |
cakedc/auth plugin provided a policy for the authoz plugin for RBAC |
| # |
Apr 23rd 2021, 15:25 |
tyler.adam.lazenby |
The irony that the last discussion was about authroization is not lost on me btw |
| # |
Apr 23rd 2021, 15:23 |
tyler.adam.lazenby |
I usually on other methods have it check a single entity and make sure that the user that is trying to request the action is authorized by using a policy. ```$this->Authorization->authorize($entity, 'actionAlias');``` |
| # |
Apr 23rd 2021, 15:22 |
tyler.adam.lazenby |
What is the best way to use the Authorization plugin to limit if somebody can use the index method? I am trying to limit it to roles that are at the administrative level. |
| # |
Apr 23rd 2021, 13:44 |
ndm |
*cricket noises* |
| # |
Apr 23rd 2021, 13:27 |
mainanthem |
Hello ! |