| # |
May 17th 2021, 17:44 |
 kushan |
how/where do I handle that exception? @kevin.pfeifer |
| # |
May 17th 2021, 17:43 |
kushan |
yeah that's what I expected, but when canAccess() returns false, `!$result->getStatus()` becomes true, then throw the ForbiddenException |
| # |
May 17th 2021, 17:40 |
kevin.pfeifer |
if you don’t return true in there then it basically says “nope, not allowed” |
| # |
May 17th 2021, 17:40 |
kevin.pfeifer |
well what do you expect this request middleware does? You now have a `canAccess` function where all requests go through. You need to build a logic in there where you tell which users (depending on whatever logic you want) are allowed to access specific actions |
| # |
May 17th 2021, 17:40 |
etibor |
hello evryone |
| # |
May 17th 2021, 17:38 |
kushan |
so, what do you get? |
| # |
May 17th 2021, 17:38 |
kevin.pfeifer |
yes |
| # |
May 17th 2021, 17:38 |
kushan |
ok, if you login and try to access another controller, your canAccess() should return false |
| # |
May 17th 2021, 17:37 |
kevin.pfeifer |
i also commented out the ```$this->Authorization->skipAuthorization();``` at the start of my login function |
| # |
May 17th 2021, 17:37 |
kevin.pfeifer |
``` public function canAccess( $identity, ServerRequest $request ) { if( $request->getParam( 'controller' ) === 'Users' andand $request->getParam( 'action' ) === 'login' ) { return true; } return false; }``` |
| # |
May 17th 2021, 17:37 |
kushan |
would you be able to share? |
| # |
May 17th 2021, 17:37 |
kushan |
what's in your canAccess()? |
| # |
May 17th 2021, 17:36 |
kevin.pfeifer |
where my default page is users controller and login action |
| # |
May 17th 2021, 17:36 |
kevin.pfeifer |
well it works for me |
| # |
May 17th 2021, 17:36 |
kushan |
whenever canAccess() returns false, the exception is thrown. |
| # |
May 17th 2021, 17:31 |
kevin.pfeifer |
let me try that too |
| # |
May 17th 2021, 17:30 |
kushan |
Yeah, I have that added. Auth and authorisation is working. I've wanted to try Request Authorization Middleware. So, I tried to follow the docs, but no luck :) |
| # |
May 17th 2021, 17:28 |
kevin.pfeifer |
as for authorization you need to call ```$this->Authorization->skipAuthorization();``` at the start of that function |
| # |
May 17th 2021, 17:28 |
kevin.pfeifer |
for authentication |
| # |
May 17th 2021, 17:28 |
kevin.pfeifer |
if you want to allow specific functions in controllers to be accessed as a not logged in user use ``` public function beforeFilter( \Cake\Event\EventInterface $event ) { parent::beforeFilter( $event ); // Configure the login action to not require authentication, preventing // the infinite redirect loop issue $this->Authentication->addUnauthenticatedActions( [ 'login' ] ); }``` inside the controller |
| # |
May 17th 2021, 17:25 |
kushan |
yeah :) |
| # |
May 17th 2021, 17:24 |
slackebot |
<kushan> |
| # |
May 17th 2021, 17:24 |
kushan |
@kevin.pfeifer it's coming from https://book.cakephp.org/authorization/2/en/request-authorization-middleware.html#using-it |
| # |
May 17th 2021, 17:23 |
kushan |
@neon1024 This is not easy to explain. I've been through this it wasn't easy tbh. Please see the attached pics from my codebase. This is how I'm using. |
| # |
May 17th 2021, 17:22 |
kevin.pfeifer |
that is the vendor code throwing the exception but what code causes that? |
| # |
May 17th 2021, 17:15 |
kushan |
has anybody managed to get RequestAuthorizationMiddleware? I tried the following, but when user is not logged in I keep getting Authorization\Exception\ForbiddenException https://book.cakephp.org/authorization/2/en/request-authorization-middleware.html |
| # |
May 17th 2021, 16:31 |
kevin.pfeifer |
but there are also Table Policies which can be used to filter Queries so only "allowed" data is being shown in queries |
| # |
May 17th 2021, 16:30 |
kevin.pfeifer |
in this example there is only an Entity Policy where you call `$this->Authorization->authorize($article);` on whatever entity you try to perform an action on |
| # |
May 17th 2021, 16:26 |
kevin.pfeifer |
so like the one explained here? https://book.cakephp.org/4/en/tutorials-and-examples/cms/authorization.html |
| # |
May 17th 2021, 16:23 |
neon1024 |
The pattern hasn’t clicked in my brain yet |
| # |
May 17th 2021, 16:22 |
neon1024 |
Anyone have an example app demonstrating Authorize policies? Maybe a Cake workshop project? |
| # |
May 17th 2021, 16:09 |
kevin.pfeifer |
sorry but i haven't doven into that area that deep ,:) |
| # |
May 17th 2021, 16:07 |
neon1024 |
Or should I be loading the controller instance and looking for the actions configured for the AuthenticationComponent? |
| # |
May 17th 2021, 16:07 |
ovidiu.marinoiu |
but this one returns missing controller |
| # |
May 17th 2021, 16:07 |
ovidiu.marinoiu |
the name of the plugin is PaperLayout |
| # |
May 17th 2021, 16:07 |
neon1024 |
Is it right that actions which require no authentication still require authorization?! Seems confusing to me |
| # |
May 17th 2021, 16:06 |
ovidiu.marinoiu |
I was hoping this will work |
| # |
May 17th 2021, 16:06 |
ovidiu.marinoiu |
```echo $this->Html->meta ( 'favicon.ico', 'paper-layout/favicon.ico', array ('type' => 'icon') );``` |
| # |
May 17th 2021, 16:06 |
kevin.pfeifer |
or hardcode it without using the helper function :man-shrugging: |
| # |
May 17th 2021, 16:05 |
kevin.pfeifer |
if you can create symlinks i would just load the "default" webroot/favicon.ico and symlink that to your plugins favicon.ico |
| # |
May 17th 2021, 16:05 |
kevin.pfeifer |
puh |