Log message #4263464

# At Username Text
# May 18th 2021, 13:37 etibor thank you @ndm
# May 18th 2021, 13:32 ndm @etibor Use `disableAutoLayout()` instead. On 3.x you could also set the layout to `false` instead of an empty string, but that won't work in 4.x anymore.
# May 18th 2021, 13:17 etibor using : $this->viewBuilder()->setLayout(''); will disable the rest of the template too not just the layout
# May 18th 2021, 13:16 etibor hello how can i disable the default layout
# May 18th 2021, 11:19 neon1024 Ah, it is still there. What an odd bug
# May 18th 2021, 11:14 neon1024 Is the `Model.initialize` event not a thing any more? I can only see DebugKit calling it in my listener
# May 18th 2021, 09:57 ndm Not necessarily, you can also do a find after using `saveAssociated()`, and then use the query model id for one last separate save that updates the order.
# May 18th 2021, 09:50 rightscoreanalysis thanks @ndm - so the way to go would be to use seperate saves and then use $this->Model->Id to seed the foreign keys manually?
# May 18th 2021, 09:39 ndm But even if it were generally possible, it would not be practical with a "to many" association, as the saving logic wouldn't which of the possibly many addresses should be associated with the order.
# May 18th 2021, 09:37 ndm @rightscoreanalysis That's not possible no, only directly association models can be automatically decorated with a foreign key.
# May 18th 2021, 09:32 rightscoreanalysis my question about saving back through a relationship better explained here, I am sure those most knowledgeable will know if what I am attempting is possible or not: https://stackoverflow.com/questions/67582761/cakephp-saving-fk-back-through-data-in-a-multiple-relation-structure
# May 18th 2021, 09:21 neon1024 Thanks for the tips everyone :bow:
# May 18th 2021, 09:21 slackebot I bet that will fill in my mental gaps :)
# May 18th 2021, 09:21 neon1024 Oh right that does make sense. The main thing was that we have a custom RoleAuthorize class, which I wanted to keep. So I can refactor to Policies in another PR. The request middleware looked a good spot to just call an instance of that class and return it’s `authenticate()`. Which does seem to work, but now I know I need to massage it a bit :thumbsup: Although I’m going to read through the bits that @steinkel linked, as
# May 18th 2021, 09:15 slackebot generally you can as well manually check the request (if you actually _want_ to use a request policy) on controller level and take actions into account that do not require authentication. ```$action = $this->request->getParam('action'); if (in_array($action, $this->Authentication->getUnauthenticatedActions(), true)) { $this->Authorization->skipAuthorization(); } else { $this->Authorization->authorize($this->request, 'access'); }```
# May 18th 2021, 09:15 ndm @neon1024 That's just how the request authorization middleware works, it unconditionally applies to every request, acting as a simple, early entry point for stuff like RBAC, ACL, etc., and if you don't want to duplicate config, then you should store it in a central point instead where both your policies as well as your controllers can look it up. Also, you don't necessarily _have_ to use the middleware to authorize requests,
# May 18th 2021, 09:01 erwane So yes, we have to define it twice :)
# May 18th 2021, 09:00 erwane In my AuthController (page with no authorization and not yet authenticated), i have to write ``` public function initialize() { parent::initialize(); $this->Authentication->allowUnauthenticated([ 'login', 'logout', 'passwordAsk', 'passwordRenew', ]); $this->skipAuthorization();```
# May 18th 2021, 09:00 neon1024 I’ll get my reading done this morning :thumbsup:
# May 18th 2021, 08:59 neon1024 I'
# May 18th 2021, 08:59 neon1024 ..adn good old method called `can()` :)
# May 18th 2021, 08:59 neon1024 Services, but not from a DI container! :p\
# May 18th 2021, 08:58 neon1024 Maps, Resolvers, Policies, Identities, Services
# May 18th 2021, 08:58 neon1024 But hey, this is my first attempt at these plugins, so I have lots to learn :)
# May 18th 2021, 08:57 erwane Why Authorization check if no Authentication ?
# May 18th 2021, 08:57 erwane You're right.
# May 18th 2021, 08:57 neon1024 ..and, do correct me here, but Authentication provides the indentity
# May 18th 2021, 08:56 neon1024 Yes, I’m just confused why Authorization would be called when there is no identity
# May 18th 2021, 08:56 erwane I'm sure we have to do it twice. Authentication and Authorization are separated. You can request Authentication to access a page but don't check Authorization.
# May 18th 2021, 08:55 steinkel If https://book.cakephp.org/4/en/tutorials-and-examples/cms/authorization.html is not clear, let me know
# May 18th 2021, 08:54 neon1024 Awesome, thanks @steinkel :thumbsup: Figured there might be something
# May 18th 2021, 08:54 steinkel https://www.cakedc.com/jorge_gonzalez/2020/05/19/working-with-cakephp-authorization could help too
# May 18th 2021, 08:53 steinkel @neon1024 you have, in addition to the book, https://cakefest.org/archive/virtual-2020 (see Workshop 1 for authentication, 3 for Authorization)
# May 18th 2021, 08:53 neon1024 Which seems like utter madness to me that I have to do the same configuration twice, but there you are. I’ve probably missed something
# May 18th 2021, 08:52 slackebot <neon1024>
# May 18th 2021, 08:52 neon1024 For the unlocked actions, I just tied it into the Authentication config
# May 18th 2021, 08:52 erwane I'm using policy on Entity, and don't need this RequestAuthorization. Looking for the doc
# May 18th 2021, 08:50 neon1024 Which looks remarkable like ACL wearing a trench coat
# May 18th 2021, 08:50 neon1024 Just sidesteps all that Policy nonsense
# May 18th 2021, 08:50 erwane never used RequestAuthorization :(
# May 18th 2021, 08:49 erwane ``` // Authentication $middlewareQueue->add(new AuthenticationMiddleware($this)); // Authorization $middlewareQueue->add(new AuthorizationMiddleware($this)); return $middlewareQueue;```