# |
May 18th 2021, 08:57 |
erwane |
Why Authorization check if no Authentication ? |
# |
May 18th 2021, 08:57 |
erwane |
You're right. |
# |
May 18th 2021, 08:57 |
neon1024 |
..and, do correct me here, but Authentication provides the indentity |
# |
May 18th 2021, 08:56 |
neon1024 |
Yes, I’m just confused why Authorization would be called when there is no identity |
# |
May 18th 2021, 08:56 |
erwane |
I'm sure we have to do it twice. Authentication and Authorization are separated. You can request Authentication to access a page but don't check Authorization. |
# |
May 18th 2021, 08:55 |
steinkel |
If https://book.cakephp.org/4/en/tutorials-and-examples/cms/authorization.html is not clear, let me know |
# |
May 18th 2021, 08:54 |
neon1024 |
Awesome, thanks @steinkel :thumbsup: Figured there might be something |
# |
May 18th 2021, 08:54 |
steinkel |
https://www.cakedc.com/jorge_gonzalez/2020/05/19/working-with-cakephp-authorization could help too |
# |
May 18th 2021, 08:53 |
steinkel |
@neon1024 you have, in addition to the book, https://cakefest.org/archive/virtual-2020 (see Workshop 1 for authentication, 3 for Authorization) |
# |
May 18th 2021, 08:53 |
neon1024 |
Which seems like utter madness to me that I have to do the same configuration twice, but there you are. I’ve probably missed something |
# |
May 18th 2021, 08:52 |
slackebot |
<neon1024> |
# |
May 18th 2021, 08:52 |
neon1024 |
For the unlocked actions, I just tied it into the Authentication config |
# |
May 18th 2021, 08:52 |
erwane |
I'm using policy on Entity, and don't need this RequestAuthorization. Looking for the doc |
# |
May 18th 2021, 08:50 |
neon1024 |
Which looks remarkable like ACL wearing a trench coat |
# |
May 18th 2021, 08:50 |
neon1024 |
Just sidesteps all that Policy nonsense |
# |
May 18th 2021, 08:50 |
erwane |
never used RequestAuthorization :( |
# |
May 18th 2021, 08:49 |
erwane |
``` // Authentication $middlewareQueue->add(new AuthenticationMiddleware($this)); // Authorization $middlewareQueue->add(new AuthorizationMiddleware($this)); return $middlewareQueue;``` |
# |
May 18th 2021, 08:49 |
neon1024 |
I wonder if Authorization and RequestAuthorization are mutually exclusive |
# |
May 18th 2021, 08:49 |
neon1024 |
->add(new AuthenticationMiddleware($this)) ->add(new AuthorizationMiddleware($this)) ->add(new RequestAuthorizationMiddleware()); |
# |
May 18th 2021, 08:49 |
neon1024 |
I believe so |
# |
May 18th 2021, 08:47 |
erwane |
I prefer to add `skipAuthorization` in all methods, to be sure it's protected and prevent a security hole. |
# |
May 18th 2021, 08:45 |
erwane |
maybe you can add an Authentication test, if not authenticated, skip Authorization. |
# |
May 18th 2021, 08:44 |
erwane |
``` /** * Bands index * * @return \Cake\Http\Response|void * @throws \Exception */ public function index() { $this->Authorization->skipAuthorization();``` |
# |
May 18th 2021, 08:44 |
erwane |
But, Authentication and Authorization are not the same. On my public page, i have to add `$this->Authorization->skipAuthorization();` in methods with no check |
# |
May 18th 2021, 08:43 |
erwane |
You add the AuthorizationMiddleware AFTER Authentication ? |
# |
May 18th 2021, 08:37 |
neon1024 |
Is there a Cakefest talk on how these plugins work, as there are lots of new concepts here and they are not intuitive at all to my brain |
# |
May 18th 2021, 08:36 |
neon1024 |
I am very confused that that Authorization plugin is actioning my request first, and throwing a 403. Regardless of Authentication, and it fails to redirect back to my login |
# |
May 18th 2021, 08:09 |
rightscoreanalysis |
Currently I can save Order with related Users and Addresses, but Orders.address_id is not saved |
# |
May 18th 2021, 08:08 |
rightscoreanalysis |
if I have Order which BelongsTo User and Address, and User has many Addresses, can do a single save to Order which will save the address_id back through to Order? |
# |
May 18th 2021, 05:54 |
savant |
Wow cakephp is too powerful |
# |
May 17th 2021, 23:55 |
rightscoreanalysis |
but what does that mean? |
# |
May 17th 2021, 23:55 |
rightscoreanalysis |
an old cake2 project is not saveAssociated, when I debug the validation: ```array( 'Address' => array() )``` |
# |
May 17th 2021, 22:16 |
khalil |
@ndm nevermind! what you mentioned works perfectly, my issue was that I have multiple classes that extend AppController and a few classes underneath them, the inheritance wasn't done correctly, now everything is working fine! Thanks! |
# |
May 17th 2021, 22:01 |
khalil |
Whenever I try to access $currency in the template, i get undefined variable currency |
# |
May 17th 2021, 22:00 |
khalil |
And here's my AppController's beforeFilter: ```public function beforeFilter(EventInterface $event) { parent::beforeFilter($event); if(!$this->is('seller')) { $this->Flash->error('You are not allowed to access this location'); return $this->redirect('/'); } $currency = $this->Picked->currency(); $this->set('currency', $currency); $this->viewBuilder()->setLayout('my-shop'); }``` |
# |
May 17th 2021, 22:00 |
khalil |
Here's my AppController initialize method: ```public function initialize(): void { parent::initialize(); $this->loadComponent('Security'); $this->loadComponent('Picked'); }``` |
# |
May 17th 2021, 21:59 |
khalil |
I tried what you told me, and the variable is not accessible in the template files |
# |
May 17th 2021, 21:59 |
khalil |
Hey @ndm |
# |
May 17th 2021, 21:38 |
r.piel |
if it's Cake 3 you got an Entity with get(), try with setUser((array) $personeSesion) |
# |
May 17th 2021, 21:37 |
blackjccl |
@ndm What do you mean |
# |
May 17th 2021, 21:36 |
blackjccl |
@r.piel now my code is like this ```$personaSesion = $this->Persona->get($persona->id_persona); $this->Auth->setUser($personaSesion);``` and it follows the same error |