# |
May 18th 2021, 13:17 |
etibor |
using : $this->viewBuilder()->setLayout(''); will disable the rest of the template too not just the layout |
# |
May 18th 2021, 13:16 |
etibor |
hello how can i disable the default layout |
# |
May 18th 2021, 11:19 |
neon1024 |
Ah, it is still there. What an odd bug |
# |
May 18th 2021, 11:14 |
neon1024 |
Is the `Model.initialize` event not a thing any more? I can only see DebugKit calling it in my listener |
# |
May 18th 2021, 09:57 |
ndm |
Not necessarily, you can also do a find after using `saveAssociated()`, and then use the query model id for one last separate save that updates the order. |
# |
May 18th 2021, 09:50 |
rightscoreanalysis |
thanks @ndm - so the way to go would be to use seperate saves and then use $this->Model->Id to seed the foreign keys manually? |
# |
May 18th 2021, 09:39 |
ndm |
But even if it were generally possible, it would not be practical with a "to many" association, as the saving logic wouldn't which of the possibly many addresses should be associated with the order. |
# |
May 18th 2021, 09:37 |
ndm |
@rightscoreanalysis That's not possible no, only directly association models can be automatically decorated with a foreign key. |
# |
May 18th 2021, 09:32 |
rightscoreanalysis |
my question about saving back through a relationship better explained here, I am sure those most knowledgeable will know if what I am attempting is possible or not: https://stackoverflow.com/questions/67582761/cakephp-saving-fk-back-through-data-in-a-multiple-relation-structure |
# |
May 18th 2021, 09:21 |
neon1024 |
Thanks for the tips everyone :bow: |
# |
May 18th 2021, 09:21 |
slackebot |
I bet that will fill in my mental gaps :) |
# |
May 18th 2021, 09:21 |
neon1024 |
Oh right that does make sense. The main thing was that we have a custom RoleAuthorize class, which I wanted to keep. So I can refactor to Policies in another PR. The request middleware looked a good spot to just call an instance of that class and return it’s `authenticate()`. Which does seem to work, but now I know I need to massage it a bit :thumbsup: Although I’m going to read through the bits that @steinkel linked, as |
# |
May 18th 2021, 09:15 |
slackebot |
generally you can as well manually check the request (if you actually _want_ to use a request policy) on controller level and take actions into account that do not require authentication. ```$action = $this->request->getParam('action'); if (in_array($action, $this->Authentication->getUnauthenticatedActions(), true)) { $this->Authorization->skipAuthorization(); } else { $this->Authorization->authorize($this->request, 'access'); }``` |
# |
May 18th 2021, 09:15 |
ndm |
@neon1024 That's just how the request authorization middleware works, it unconditionally applies to every request, acting as a simple, early entry point for stuff like RBAC, ACL, etc., and if you don't want to duplicate config, then you should store it in a central point instead where both your policies as well as your controllers can look it up. Also, you don't necessarily _have_ to use the middleware to authorize requests, |
# |
May 18th 2021, 09:01 |
erwane |
So yes, we have to define it twice :) |
# |
May 18th 2021, 09:00 |
erwane |
In my AuthController (page with no authorization and not yet authenticated), i have to write ``` public function initialize() { parent::initialize(); $this->Authentication->allowUnauthenticated([ 'login', 'logout', 'passwordAsk', 'passwordRenew', ]); $this->skipAuthorization();``` |
# |
May 18th 2021, 09:00 |
neon1024 |
I’ll get my reading done this morning :thumbsup: |
# |
May 18th 2021, 08:59 |
neon1024 |
I' |
# |
May 18th 2021, 08:59 |
neon1024 |
..adn good old method called `can()` :) |
# |
May 18th 2021, 08:59 |
neon1024 |
Services, but not from a DI container! :p\ |
# |
May 18th 2021, 08:58 |
neon1024 |
Maps, Resolvers, Policies, Identities, Services |
# |
May 18th 2021, 08:58 |
neon1024 |
But hey, this is my first attempt at these plugins, so I have lots to learn :) |
# |
May 18th 2021, 08:57 |
erwane |
Why Authorization check if no Authentication ? |
# |
May 18th 2021, 08:57 |
erwane |
You're right. |
# |
May 18th 2021, 08:57 |
neon1024 |
..and, do correct me here, but Authentication provides the indentity |
# |
May 18th 2021, 08:56 |
neon1024 |
Yes, I’m just confused why Authorization would be called when there is no identity |
# |
May 18th 2021, 08:56 |
erwane |
I'm sure we have to do it twice. Authentication and Authorization are separated. You can request Authentication to access a page but don't check Authorization. |
# |
May 18th 2021, 08:55 |
steinkel |
If https://book.cakephp.org/4/en/tutorials-and-examples/cms/authorization.html is not clear, let me know |
# |
May 18th 2021, 08:54 |
neon1024 |
Awesome, thanks @steinkel :thumbsup: Figured there might be something |
# |
May 18th 2021, 08:54 |
steinkel |
https://www.cakedc.com/jorge_gonzalez/2020/05/19/working-with-cakephp-authorization could help too |
# |
May 18th 2021, 08:53 |
steinkel |
@neon1024 you have, in addition to the book, https://cakefest.org/archive/virtual-2020 (see Workshop 1 for authentication, 3 for Authorization) |
# |
May 18th 2021, 08:53 |
neon1024 |
Which seems like utter madness to me that I have to do the same configuration twice, but there you are. I’ve probably missed something |
# |
May 18th 2021, 08:52 |
slackebot |
<neon1024> |
# |
May 18th 2021, 08:52 |
neon1024 |
For the unlocked actions, I just tied it into the Authentication config |
# |
May 18th 2021, 08:52 |
erwane |
I'm using policy on Entity, and don't need this RequestAuthorization. Looking for the doc |
# |
May 18th 2021, 08:50 |
neon1024 |
Which looks remarkable like ACL wearing a trench coat |
# |
May 18th 2021, 08:50 |
neon1024 |
Just sidesteps all that Policy nonsense |
# |
May 18th 2021, 08:50 |
erwane |
never used RequestAuthorization :( |
# |
May 18th 2021, 08:49 |
erwane |
``` // Authentication $middlewareQueue->add(new AuthenticationMiddleware($this)); // Authorization $middlewareQueue->add(new AuthorizationMiddleware($this)); return $middlewareQueue;``` |
# |
May 18th 2021, 08:49 |
neon1024 |
I wonder if Authorization and RequestAuthorization are mutually exclusive |
# |
May 18th 2021, 08:49 |
neon1024 |
->add(new AuthenticationMiddleware($this)) ->add(new AuthorizationMiddleware($this)) ->add(new RequestAuthorizationMiddleware()); |