| # |
May 17th 2021, 18:28 |
 ndm |
Right now it's really anything but straightforward. |
| # |
May 17th 2021, 18:28 |
ndm |
I would also vote for someone implementing configurable flash messages for both authentication and authorization middleware |
| # |
May 17th 2021, 18:27 |
kevin.pfeifer |
i just remembered that we talked about that not long ago :,) |
| # |
May 17th 2021, 18:27 |
ndm |
I knew this would come up again :) |
| # |
May 17th 2021, 18:26 |
kushan |
yeah :) what's the best way to set a Flash message when redirect using configs set in unauthorizedHandler |
| # |
May 17th 2021, 18:26 |
kevin.pfeifer |
and probably link a section in Request Authorization Middleware called “Handling Unauthorized Requests” to the already present one |
| # |
May 17th 2021, 18:24 |
kevin.pfeifer |
so the doc improvement would just be to add that exception per default to the example code |
| # |
May 17th 2021, 18:23 |
kevin.pfeifer |
thats cool |
| # |
May 17th 2021, 18:22 |
kevin.pfeifer |
ok thx :) |
| # |
May 17th 2021, 18:22 |
ndm |
The request authorization middleware as well as the authorization component throw `\Authorization\Exception\ForbiddenException`. |
| # |
May 17th 2021, 18:22 |
kevin.pfeifer |
ah damn, how did i overlook that |
| # |
May 17th 2021, 18:22 |
ndm |
In the `exceptions` of the `unauthorizedHandler` config. This defines what exceptions are being catched/handled. |
| # |
May 17th 2021, 18:21 |
kevin.pfeifer |
in what list did you add that forbidden exception now? I am a bit lost now ,:) |
| # |
May 17th 2021, 18:20 |
kushan |
@kevin.pfeifer @ndm thanks for your support :) |
| # |
May 17th 2021, 18:20 |
kushan |
doc should be imprived |
| # |
May 17th 2021, 18:19 |
kushan |
@ndm I've just tried what you said and it's Working :) |
| # |
May 17th 2021, 18:19 |
kushan |
no i meant in the RequestAuthorizationMiddleware |
| # |
May 17th 2021, 18:18 |
kevin.pfeifer |
https://github.com/cakephp/authorization/blob/master/src/Middleware/AuthorizationMiddleware.php#L64 |
| # |
May 17th 2021, 18:17 |
kushan |
but in defaultConfig I cannot see the key 'unauthorizeHandler' |
| # |
May 17th 2021, 18:15 |
kevin.pfeifer |
ok now I am lost :,) |
| # |
May 17th 2021, 18:15 |
ndm |
It will work fine when the forbidden exception is being included in the list of handled exceptions |
| # |
May 17th 2021, 18:13 |
kevin.pfeifer |
seems like that feature hasn’t been implemented in that middleware till now What I showed you is meant for `AuthorizationMiddleware` but the same feature doesn’t exist for the `RequestAuthorizationMiddleware` |
| # |
May 17th 2021, 18:13 |
ndm |
Someone needs to update the docs to include `\Authorization\Exception\ForbiddenException` |
| # |
May 17th 2021, 18:03 |
kushan |
@kevin.pfeifer Thanks for that. I added it as you could see below, but the redirection is not working |
| # |
May 17th 2021, 17:47 |
kevin.pfeifer |
@kushan see https://github.com/cakephp/authorization/blob/master/docs/en/middleware.rst#handling-unauthorized-requests |
| # |
May 17th 2021, 17:45 |
etibor |
but dont really know how to use Views for setting a layout(using as a menu for different roles) |
| # |
May 17th 2021, 17:45 |
etibor |
for example |
| # |
May 17th 2021, 17:45 |
etibor |
i know that i can setLayout, and setLayoutPath in controller |
| # |
May 17th 2021, 17:44 |
etibor |
i have never worked with view files only with templates, i need prefixed layout solution here: https://gist.github.com/TamiasSibiricus/a1010fc95839f79e9e8a just dont know how to to use this solution |
| # |
May 17th 2021, 17:44 |
kushan |
how/where do I handle that exception? @kevin.pfeifer |
| # |
May 17th 2021, 17:43 |
kushan |
yeah that's what I expected, but when canAccess() returns false, `!$result->getStatus()` becomes true, then throw the ForbiddenException |
| # |
May 17th 2021, 17:40 |
kevin.pfeifer |
if you don’t return true in there then it basically says “nope, not allowed” |
| # |
May 17th 2021, 17:40 |
kevin.pfeifer |
well what do you expect this request middleware does? You now have a `canAccess` function where all requests go through. You need to build a logic in there where you tell which users (depending on whatever logic you want) are allowed to access specific actions |
| # |
May 17th 2021, 17:40 |
etibor |
hello evryone |
| # |
May 17th 2021, 17:38 |
kushan |
so, what do you get? |
| # |
May 17th 2021, 17:38 |
kevin.pfeifer |
yes |
| # |
May 17th 2021, 17:38 |
kushan |
ok, if you login and try to access another controller, your canAccess() should return false |
| # |
May 17th 2021, 17:37 |
kevin.pfeifer |
i also commented out the ```$this->Authorization->skipAuthorization();``` at the start of my login function |
| # |
May 17th 2021, 17:37 |
kevin.pfeifer |
``` public function canAccess( $identity, ServerRequest $request ) { if( $request->getParam( 'controller' ) === 'Users' andand $request->getParam( 'action' ) === 'login' ) { return true; } return false; }``` |
| # |
May 17th 2021, 17:37 |
kushan |
would you be able to share? |
| # |
May 17th 2021, 17:37 |
kushan |
what's in your canAccess()? |