# |
May 1st 2021, 14:28 |
kevin.pfeifer |
``` public function index() { $query = $this->Authorization->applyScope($this->Users->find()); $users = $this->paginate( $query ); $this->set( compact( 'users' ) ); }``` |
# |
May 1st 2021, 14:28 |
kevin.pfeifer |
and in your controller you can apply that scope via |
# |
May 1st 2021, 14:28 |
kevin.pfeifer |
which basically can have as many functions just like thath ``` public function scopeIndex( IdentityInterface $user, Query $query ) { return $query->were(['Users.id' => 1]); }``` |
# |
May 1st 2021, 14:27 |
kevin.pfeifer |
so you generate a Table Policy for your e.g. UsersTable |
# |
May 1st 2021, 14:26 |
kevin.pfeifer |
well basically you should apply scopes to your queries |
# |
May 1st 2021, 14:25 |
martin |
but quess I need to do this in the controller, add that to the output, need to check how I can do that when since I use the CRUD plugin :) |
# |
May 1st 2021, 14:23 |
martin |
yes when the suer is not allowed to see it is not in the output, so online if user can edit is required to add. |
# |
May 1st 2021, 14:09 |
kevin.pfeifer |
would be pretty awesome if we could set a virtual boolean field like `canEdit` automatically on each entity |
# |
May 1st 2021, 14:03 |
kevin.pfeifer |
@rightscoreanalysis i guess you could do something like that with "just" a .htaccess rewrite rule |
# |
May 1st 2021, 14:03 |
kevin.pfeifer |
as Martin already asked yesterday: Is it possible to access authorization data inside an entity? In his example he as an API where he needs to no which entity can be e.g. edited or deleted by the current user. |
# |
Apr 30th 2021, 23:00 |
rightscoreanalysis |
in the above case I want this to route to orders/view/5 |
# |
Apr 30th 2021, 22:36 |
rightscoreanalysis |
I have a problem because I need to handle routes such as: ```orders/store?store_id=5``` |
# |
Apr 30th 2021, 20:34 |
admad |
you can't use query string in routes |
# |
Apr 30th 2021, 20:32 |
rightscoreanalysis |
trying to escape it |
# |
Apr 30th 2021, 20:32 |
rightscoreanalysis |
the router doesn't like '?' |
# |
Apr 30th 2021, 20:13 |
rightscoreanalysis |
```Action OrdersController::store() could not be found``` |
# |
Apr 30th 2021, 20:12 |
rightscoreanalysis |
$builder->connect('/orders/store?store_id={storeId}', ['controller' => 'Orders', 'action' => 'index'], ['storeId' => '\d+', 'pass' => ['storeId']]); |
# |
Apr 30th 2021, 20:12 |
rightscoreanalysis |
this looks like a bug doesn't it? |
# |
Apr 30th 2021, 19:30 |
rightscoreanalysis |
both have connectivity to the same db |
# |
Apr 30th 2021, 19:30 |
rightscoreanalysis |
if so shuld I be using afterSave in the backend (cake2) or in the api's afterSave (cake4) |
# |
Apr 30th 2021, 19:29 |
rightscoreanalysis |
does this sound like the correct approach |
# |
Apr 30th 2021, 19:29 |
rightscoreanalysis |
I have implemented an API, when the Order is saved I have suggested that the Order only is save via the API, then any other related data should be handled with events |
# |
Apr 30th 2021, 19:28 |
rightscoreanalysis |
Looking for some advice regarding implementation. I am working on legacy Cake2 project, there is an Order save controller method, it is big and bulky. When an order is saved a lot of related data is added to the request - Customer Address and a host of other models, it's a real mess |
# |
Apr 30th 2021, 18:23 |
kevin.pfeifer |
god damn im stupid, behaviors are for tables, not entities |
# |
Apr 30th 2021, 18:15 |
kevin.pfeifer |
is it even possible to add virtual fields via a behavior? |
# |
Apr 30th 2021, 17:48 |
kevin.pfeifer |
add, edit and delete are separate actions of course but view is basically the first thing that should be checked |
# |
Apr 30th 2021, 17:47 |
kevin.pfeifer |
So what if the given user isn't even allowed to view the entity? Shouldn't it be excluded from the API anyways? |
# |
Apr 30th 2021, 17:13 |
kevin.pfeifer |
sure, try that |
# |
Apr 30th 2021, 17:10 |
sebastiansperandio093 |
maybe this TinyMCE https://github.com/CakeDC/TinyMCE |
# |
Apr 30th 2021, 17:09 |
sebastiansperandio093 |
@kevin.pfeifer Thanks for answer. I just need an usual WYSIWYG editor...nothing special. (I'm creating a posts CRUD) |
# |
Apr 30th 2021, 16:30 |
martin |
since you don’t have the user entity or autorization component inside a entity :( |
# |
Apr 30th 2021, 16:30 |
martin |
ok, I will also think about a way to do it :) |
# |
Apr 30th 2021, 16:29 |
kevin.pfeifer |
well i have to go now but i will definitely look into that later :) |
# |
Apr 30th 2021, 16:28 |
kevin.pfeifer |
authorization conserned |
# |
Apr 30th 2021, 16:28 |
martin |
yes |
# |
Apr 30th 2021, 16:28 |
kevin.pfeifer |
so you basically need a true/false for each action that could be done for each given entity in your API |
# |
Apr 30th 2021, 16:27 |
martin |
yes I was thinking I add it to the entity so it will be exposed in api. |
# |
Apr 30th 2021, 16:27 |
kevin.pfeifer |
i thought you need it in the view |
# |
Apr 30th 2021, 16:26 |
kevin.pfeifer |
ah ok, thats why you thought of the entity |
# |
Apr 30th 2021, 16:26 |
martin |
ah yes ok, but it is a json api so not using the views |
# |
Apr 30th 2021, 16:26 |
kevin.pfeifer |
or require `cakedc/auth` and only copy the helper and you should be good |