# |
May 1st 2021, 14:03 |
kevin.pfeifer |
@rightscoreanalysis i guess you could do something like that with "just" a .htaccess rewrite rule |
# |
May 1st 2021, 14:03 |
kevin.pfeifer |
as Martin already asked yesterday: Is it possible to access authorization data inside an entity? In his example he as an API where he needs to no which entity can be e.g. edited or deleted by the current user. |
# |
Apr 30th 2021, 23:00 |
rightscoreanalysis |
in the above case I want this to route to orders/view/5 |
# |
Apr 30th 2021, 22:36 |
rightscoreanalysis |
I have a problem because I need to handle routes such as: ```orders/store?store_id=5``` |
# |
Apr 30th 2021, 20:34 |
admad |
you can't use query string in routes |
# |
Apr 30th 2021, 20:32 |
rightscoreanalysis |
trying to escape it |
# |
Apr 30th 2021, 20:32 |
rightscoreanalysis |
the router doesn't like '?' |
# |
Apr 30th 2021, 20:13 |
rightscoreanalysis |
```Action OrdersController::store() could not be found``` |
# |
Apr 30th 2021, 20:12 |
rightscoreanalysis |
$builder->connect('/orders/store?store_id={storeId}', ['controller' => 'Orders', 'action' => 'index'], ['storeId' => '\d+', 'pass' => ['storeId']]); |
# |
Apr 30th 2021, 20:12 |
rightscoreanalysis |
this looks like a bug doesn't it? |
# |
Apr 30th 2021, 19:30 |
rightscoreanalysis |
both have connectivity to the same db |
# |
Apr 30th 2021, 19:30 |
rightscoreanalysis |
if so shuld I be using afterSave in the backend (cake2) or in the api's afterSave (cake4) |
# |
Apr 30th 2021, 19:29 |
rightscoreanalysis |
does this sound like the correct approach |
# |
Apr 30th 2021, 19:29 |
rightscoreanalysis |
I have implemented an API, when the Order is saved I have suggested that the Order only is save via the API, then any other related data should be handled with events |
# |
Apr 30th 2021, 19:28 |
rightscoreanalysis |
Looking for some advice regarding implementation. I am working on legacy Cake2 project, there is an Order save controller method, it is big and bulky. When an order is saved a lot of related data is added to the request - Customer Address and a host of other models, it's a real mess |
# |
Apr 30th 2021, 18:23 |
kevin.pfeifer |
god damn im stupid, behaviors are for tables, not entities |
# |
Apr 30th 2021, 18:15 |
kevin.pfeifer |
is it even possible to add virtual fields via a behavior? |
# |
Apr 30th 2021, 17:48 |
kevin.pfeifer |
add, edit and delete are separate actions of course but view is basically the first thing that should be checked |
# |
Apr 30th 2021, 17:47 |
kevin.pfeifer |
So what if the given user isn't even allowed to view the entity? Shouldn't it be excluded from the API anyways? |
# |
Apr 30th 2021, 17:13 |
kevin.pfeifer |
sure, try that |
# |
Apr 30th 2021, 17:10 |
sebastiansperandio093 |
maybe this TinyMCE https://github.com/CakeDC/TinyMCE |
# |
Apr 30th 2021, 17:09 |
sebastiansperandio093 |
@kevin.pfeifer Thanks for answer. I just need an usual WYSIWYG editor...nothing special. (I'm creating a posts CRUD) |
# |
Apr 30th 2021, 16:30 |
martin |
since you don’t have the user entity or autorization component inside a entity :( |
# |
Apr 30th 2021, 16:30 |
martin |
ok, I will also think about a way to do it :) |
# |
Apr 30th 2021, 16:29 |
kevin.pfeifer |
well i have to go now but i will definitely look into that later :) |
# |
Apr 30th 2021, 16:28 |
kevin.pfeifer |
authorization conserned |
# |
Apr 30th 2021, 16:28 |
martin |
yes |
# |
Apr 30th 2021, 16:28 |
kevin.pfeifer |
so you basically need a true/false for each action that could be done for each given entity in your API |
# |
Apr 30th 2021, 16:27 |
martin |
yes I was thinking I add it to the entity so it will be exposed in api. |
# |
Apr 30th 2021, 16:27 |
kevin.pfeifer |
i thought you need it in the view |
# |
Apr 30th 2021, 16:26 |
kevin.pfeifer |
ah ok, thats why you thought of the entity |
# |
Apr 30th 2021, 16:26 |
martin |
ah yes ok, but it is a json api so not using the views |
# |
Apr 30th 2021, 16:26 |
kevin.pfeifer |
or require `cakedc/auth` and only copy the helper and you should be good |
# |
Apr 30th 2021, 16:25 |
kevin.pfeifer |
sure its based on cakedc/auth but you could basically copy the helper and the trait, adjust it to use what you need and then you are independent of cakedc if you so desire |
# |
Apr 30th 2021, 16:21 |
martin |
@kevin.pfeifer but that uses the cakedc auth, not the authorization middleware? |
# |
Apr 30th 2021, 16:15 |
kevin.pfeifer |
@sebias |
# |
Apr 30th 2021, 16:15 |
kevin.pfeifer |
@martin look at the AuthLinkHelper from CakeDC https://github.com/CakeDC/users/blob/master/src/View/Helper/AuthLinkHelper.php |
# |
Apr 30th 2021, 16:13 |
sebastiansperandio093 |
Could someone to suggest the best option for wysiwyg editor in cakephp 4? |
# |
Apr 30th 2021, 16:13 |
martin |
was hoping i was able to just create a virtual field inside entity where I can return $user->can(‘edit’, $this); :P |
# |
Apr 30th 2021, 16:08 |
martin |
I’ve policies to check if the user is allowed to edit the entity. but since it is a api response, and user will see all entities the frontent needs to know which one can be edited |
# |
Apr 30th 2021, 16:08 |
kevin.pfeifer |
which therefore needs access to the table object |