| # |
May 17th 2021, 18:22 |
 kevin.pfeifer |
ah damn, how did i overlook that |
| # |
May 17th 2021, 18:22 |
ndm |
In the `exceptions` of the `unauthorizedHandler` config. This defines what exceptions are being catched/handled. |
| # |
May 17th 2021, 18:21 |
kevin.pfeifer |
in what list did you add that forbidden exception now? I am a bit lost now ,:) |
| # |
May 17th 2021, 18:20 |
kushan |
@kevin.pfeifer @ndm thanks for your support :) |
| # |
May 17th 2021, 18:20 |
kushan |
doc should be imprived |
| # |
May 17th 2021, 18:19 |
kushan |
@ndm I've just tried what you said and it's Working :) |
| # |
May 17th 2021, 18:19 |
kushan |
no i meant in the RequestAuthorizationMiddleware |
| # |
May 17th 2021, 18:18 |
kevin.pfeifer |
https://github.com/cakephp/authorization/blob/master/src/Middleware/AuthorizationMiddleware.php#L64 |
| # |
May 17th 2021, 18:17 |
kushan |
but in defaultConfig I cannot see the key 'unauthorizeHandler' |
| # |
May 17th 2021, 18:15 |
kevin.pfeifer |
ok now I am lost :,) |
| # |
May 17th 2021, 18:15 |
ndm |
It will work fine when the forbidden exception is being included in the list of handled exceptions |
| # |
May 17th 2021, 18:13 |
kevin.pfeifer |
seems like that feature hasn’t been implemented in that middleware till now What I showed you is meant for `AuthorizationMiddleware` but the same feature doesn’t exist for the `RequestAuthorizationMiddleware` |
| # |
May 17th 2021, 18:13 |
ndm |
Someone needs to update the docs to include `\Authorization\Exception\ForbiddenException` |
| # |
May 17th 2021, 18:03 |
kushan |
@kevin.pfeifer Thanks for that. I added it as you could see below, but the redirection is not working |
| # |
May 17th 2021, 17:47 |
kevin.pfeifer |
@kushan see https://github.com/cakephp/authorization/blob/master/docs/en/middleware.rst#handling-unauthorized-requests |
| # |
May 17th 2021, 17:45 |
etibor |
but dont really know how to use Views for setting a layout(using as a menu for different roles) |
| # |
May 17th 2021, 17:45 |
etibor |
for example |
| # |
May 17th 2021, 17:45 |
etibor |
i know that i can setLayout, and setLayoutPath in controller |
| # |
May 17th 2021, 17:44 |
etibor |
i have never worked with view files only with templates, i need prefixed layout solution here: https://gist.github.com/TamiasSibiricus/a1010fc95839f79e9e8a just dont know how to to use this solution |
| # |
May 17th 2021, 17:44 |
kushan |
how/where do I handle that exception? @kevin.pfeifer |
| # |
May 17th 2021, 17:43 |
kushan |
yeah that's what I expected, but when canAccess() returns false, `!$result->getStatus()` becomes true, then throw the ForbiddenException |
| # |
May 17th 2021, 17:40 |
kevin.pfeifer |
if you don’t return true in there then it basically says “nope, not allowed” |
| # |
May 17th 2021, 17:40 |
kevin.pfeifer |
well what do you expect this request middleware does? You now have a `canAccess` function where all requests go through. You need to build a logic in there where you tell which users (depending on whatever logic you want) are allowed to access specific actions |
| # |
May 17th 2021, 17:40 |
etibor |
hello evryone |
| # |
May 17th 2021, 17:38 |
kushan |
so, what do you get? |
| # |
May 17th 2021, 17:38 |
kevin.pfeifer |
yes |
| # |
May 17th 2021, 17:38 |
kushan |
ok, if you login and try to access another controller, your canAccess() should return false |
| # |
May 17th 2021, 17:37 |
kevin.pfeifer |
i also commented out the ```$this->Authorization->skipAuthorization();``` at the start of my login function |
| # |
May 17th 2021, 17:37 |
kevin.pfeifer |
``` public function canAccess( $identity, ServerRequest $request ) { if( $request->getParam( 'controller' ) === 'Users' andand $request->getParam( 'action' ) === 'login' ) { return true; } return false; }``` |
| # |
May 17th 2021, 17:37 |
kushan |
would you be able to share? |
| # |
May 17th 2021, 17:37 |
kushan |
what's in your canAccess()? |
| # |
May 17th 2021, 17:36 |
kevin.pfeifer |
where my default page is users controller and login action |
| # |
May 17th 2021, 17:36 |
kevin.pfeifer |
well it works for me |
| # |
May 17th 2021, 17:36 |
kushan |
whenever canAccess() returns false, the exception is thrown. |
| # |
May 17th 2021, 17:31 |
kevin.pfeifer |
let me try that too |
| # |
May 17th 2021, 17:30 |
kushan |
Yeah, I have that added. Auth and authorisation is working. I've wanted to try Request Authorization Middleware. So, I tried to follow the docs, but no luck :) |
| # |
May 17th 2021, 17:28 |
kevin.pfeifer |
as for authorization you need to call ```$this->Authorization->skipAuthorization();``` at the start of that function |
| # |
May 17th 2021, 17:28 |
kevin.pfeifer |
for authentication |
| # |
May 17th 2021, 17:28 |
kevin.pfeifer |
if you want to allow specific functions in controllers to be accessed as a not logged in user use ``` public function beforeFilter( \Cake\Event\EventInterface $event ) { parent::beforeFilter( $event ); // Configure the login action to not require authentication, preventing // the infinite redirect loop issue $this->Authentication->addUnauthenticatedActions( [ 'login' ] ); }``` inside the controller |
| # |
May 17th 2021, 17:25 |
kushan |
yeah :) |
| # |
May 17th 2021, 17:24 |
slackebot |
<kushan> |