# |
May 17th 2021, 11:49 |
ndm |
ps, you better pass the customer as an option to the identifier config, then you can remove the hard router depdendency. |
# |
May 17th 2021, 11:48 |
ndm |
I see. And do you have matching users in your database that you could identify by the username, or by information returned from the LDAP search? |
# |
May 17th 2021, 11:48 |
kushan |
the namespace of the above class is App\Identifier |
# |
May 17th 2021, 11:46 |
slackebot |
in_array($result[0]['employeetype'][0], EMPLOYEE_TYPE) ? USER_ROLE_ADMIN : false ]), 'customer_id' => Router::getRequest()->getAttribute('customer')->id ]); } } catch (ErrorException $e) { $this->_handleLdapError($e->getMessage()); } $this->_ldap->unbind(); return null; }``` |
# |
May 17th 2021, 11:46 |
slackebot |
= $this->_ldap->bind($config['bindDN']($username), $password); if ($ldapBind === true) { $filter = "(cn={$username})"; $result = $this->_ldap->search($config['baseDN'], $filter); $this->_ldap->unbind(); return new ArrayObject([ $config['fields'][self::CREDENTIAL_USERNAME] => $username, 'user_role' => new ArrayObject([ 'role' => |
# |
May 17th 2021, 11:46 |
kushan |
@ndm yes, but I extended Authentication\Identifier\LdapIdentifier class. In my CustomLdapIdentifier::_bindUser() ```/** * Try to bind the given user to the LDAP server * * @param string $username The username * @param string $password The password * * @return ArrayAccess|null */ protected function _bindUser(string $username, string $password): ?ArrayAccess { $config = $this->getConfig(); try { $ldapBind |
# |
May 17th 2021, 11:43 |
ndm |
@kushan Where does the LDAP identifier get all that information from? `customer_id`, `user_role` (a nested array)? Usually it returns an array object with just one field, the username. |
# |
May 17th 2021, 11:00 |
slackebot |
$user->get('user_role')['role']] //$user->get('user_role')['role'] is 'admin' in this case, and the 'admin is existed already'` `],` `}` `return $user->setAuthorization($auth);` `}` `]));` `}` |
# |
May 17th 2021, 11:00 |
slackebot |
\Authentication\Identity) {` `$Users = TableRegistry::_getTableLocator_()->get('Users');` `$user = $Users->newEntity(` `[` `'name' => 'test',` `'email' => 'test@test.com',` `'customer_id' => $user->get('customer_id'),` `'user_role_id' => 3,` `'user_role' => ['role' => |
# |
May 17th 2021, 11:00 |
slackebot |
My code... `public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue` `{` `$middlewareQueue` `// few other middleware before auth` `->add(new AuthenticationMiddleware($this))` `->add(new AuthorizationMiddleware($this, [` `// 'requireAuthorizationCheck' => false,` `'identityDecorator' => function ($auth, $user) {` `// for users authenticated via LDAP` `if ($user instanceof |
# |
May 17th 2021, 11:00 |
slackebot |
working as I cannot create and new user entity due to one of the DB rules set. I have Users and UserRoles models. In the UserRoles the 'role' filed is unique. If I tried to create a new entity to match the Users model using the data returned via LDAP auth, it throws an error as the role field is unique. I'm using the Authorization middleware similar to what's explained here https://book.cakephp.org/authorization/2/en/middleware.html |
# |
May 17th 2021, 11:00 |
kushan |
Hi, could someone help me with CakePHP authorisation issue please... I've been adding the new Authentication and Authorization plugins to an existing CakePHP 4.x application. I'm using Password and Ldap authentication at the moment, and the authentication with both methods is working. Also, the authorisation, when authenticated via the password, is working. However, the authorisation when authenticated via LDAP is not |
# |
May 17th 2021, 10:59 |
paolo.bragagni |
some 'bake for dummies' somewhere? |
# |
May 17th 2021, 10:58 |
paolo.bragagni |
cant understand how to bake my own actions and views in cake4 :( |
# |
May 17th 2021, 09:30 |
dereuromark |
I see. As said before best to use automated approach as much as possible, and add on top what is missing then. Or provide pr to also allow automating that. |
# |
May 17th 2021, 08:45 |
kevinfrom |
Plugin `A` might have an `AHelper` used in a plugin `B` template |
# |
May 17th 2021, 08:45 |
kevinfrom |
I agree - but the problem is that some Theme plugins have View helpers used in different places. The hope was to avoid creating a ThemeView in every time to type this |
# |
May 17th 2021, 08:42 |
dereuromark |
Helpers should never be configured in the templates imo. Thats what the tool write into appview class for. |
# |
May 17th 2021, 08:40 |
neon1024 |
PHP Storm :point_up: |
# |
May 17th 2021, 08:39 |
slackebot |
<neon1024> |
# |
May 17th 2021, 08:38 |
neon1024 |
Yes |
# |
May 17th 2021, 08:38 |
kevinfrom |
But does your IDE suggest methods when writing `$this->HelperName` then? |
# |
May 17th 2021, 08:36 |
neon1024 |
If you use @dereuromark IdeHelper plugin, it can generate all these for you automatically |
# |
May 17th 2021, 08:36 |
neon1024 |
`@var \Example\HelperName $HelperName` |
# |
May 17th 2021, 08:36 |
neon1024 |
@kevinfrom I tend to just use `$HelperName` |
# |
May 17th 2021, 08:03 |
kevinfrom |
A techical question - in a template, is it possible to define that my AppView uses a Helper? My problem is, that I'm not able to update the AppView class. ```/**``` |
# |
May 17th 2021, 06:20 |
paolo.bragagni |
2. Where can I modify the actions code build from bake? |
# |
May 17th 2021, 06:19 |
paolo.bragagni |
1. How can I build a 'stand alone' theme that is independent from the application? I'd like that all my (future) applications will have my own actions. |
# |
May 17th 2021, 06:18 |
paolo.bragagni |
Hi, I read here https://book.cakephp.org/bake/2/en/development.html#bake-events thet if I want to add new action to my theme, I had to modify my src/Application . It's true? |
# |
May 15th 2021, 20:10 |
kevin.pfeifer |
yup, that was the issue ,:) |
# |
May 15th 2021, 20:02 |
kevin.pfeifer |
need to update my bake template ,:) |
# |
May 15th 2021, 20:01 |
kevin.pfeifer |
ah, it seems its related to https://github.com/cakephp/bake/releases/tag/2.5.0 |
# |
May 15th 2021, 19:52 |
kevin.pfeifer |
did i miss something or since when does baking a model result in the accessibility array having `=> 1,` instead of `=> true` as a value for each accessible field? |
# |
May 15th 2021, 19:39 |
kevin.pfeifer |
sure thats going to be a testing nightmare ,:) |
# |
May 15th 2021, 19:36 |
ndm |
Good luck debugging that... or even testing... testing generated SQL in 3rd party code? Oh boy, the slightest change in output produced by the core and you're in maintenance hell :upside_down_face: |
# |
May 15th 2021, 19:36 |
ndm |
And that might not even cause an error, but just give you totally wrong results. |
# |
May 15th 2021, 19:32 |
slackebot |
conditions are moved from outer queries to inner queries :grimacing: |
# |
May 15th 2021, 19:32 |
ndm |
Unfortunately when developing 3rd party code for CakePHP I can't solely rely on the framework doing the right thing, I must be sure that I'm using it in a way that it is actually able to do the right thing. The dialects transforming code for example can really hit you by surprise, transforming tuples for Sqlite and Sqlserver really tripped me recently, as it can cause references to aliases targeting the wrong queries when |
# |
May 15th 2021, 19:24 |
kevin.pfeifer |
thats why we are all very grateful to our cakephp core overlords who figure those things out for us lower folks so we can use a framework which just works :bow: |
# |
May 15th 2021, 18:50 |
slackebot |
that could slowly approach almost exponential territory, that's wild x) |
# |
May 15th 2021, 18:50 |
ndm |
Soooo, CI for code that needs to support all DBMS (MySQL, MariaDB, Sqlite, Postgres, SQL Server) and their quirks, basically needs to run at least 4 (DB types) * 2 (min/max PHP version) * 2 (min/max CakePHP version) jobs, + 1 or 2 separate ones for SQL server (if we're not too cocky and want to make it 5*2*2), that would already be 16-18 jobs, and god forbid I'd want to test with intermediate PHP/CakePHP versions too, over time |