-1

I am stuck with this problem.

Accounts controller manage all stuff from users table. But when i invoke it, got the error The request to *** did not apply any authorization checks

So, How can i use the Authorization Plugin in a controller without a model, but related with other models?

This should be easy for devs with more experiencie in cake, but was not for me.

Thanks!!

Ariel Ale
  • 1
  • 2
  • I am voting to close because it is not a question – Salines Sep 23 '21 at 08:10
  • Hello Salines! How do you suggest that I should post it to help other developers? It's my first post. Thanks! – Ariel Ale Sep 23 '21 at 12:49
  • You post the problem as a question, and the answer as an actual answer in the form below. If you have at least 15 points of reputation this can be done while creating the question, otherwise you'll have to answer later after posting the question. See **https://stackoverflow.com/help/self-answer** – ndm Sep 23 '21 at 14:39
  • Thanks!! I will try to make it that way :) – Ariel Ale Sep 24 '21 at 18:29
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Sep 30 '21 at 08:11

1 Answers1

0

Finally i found the solution! I share it for someone who is with the same doubt to start working with the Auth plungin.

Model: UsersTable.php
Controller: AccountsController.php

This is a controller without an entity or table in the database, but it uses the user model.

The AccountsController.php

<?PHP
declare(strict_types = 1);

namespace App\Controller;

use Cake\Routing\Router;

class AccountsController extends AppController
{

    public function initialize(): void
    {
        parent::initialize();
        $this->loadModel('Users');
    }

    public function beforeFilter(\Cake\Event\EventInterface $event)
    {
        parent::beforeFilter($event);
        $this->Authentication->addUnauthenticatedActions(['login']);

        // Skip all other methods
        $this->Authorization->skipAuthorization();
    }

    public function editar()
    {
        $user_id = $this->request->getSession()->read('Auth.id');

        // Forcing the method to Auth
        // 1st call the user model
        $usuario = $this->Users->get($user_id);
        // Then, call the auth in the Users Policy
        $this->Authorization->authorize($usuario, 'editar');
    }

And in the Users Policy:

    public function canEditar(IdentityInterface $user, User $resource)
    {
        // logged in users can delete their own articulos.
        return $this->isAuthor($user, $resource);
    }

    protected function isAuthor(IdentityInterface $user, User $resource)
    {
        return $user->id === $user->getIdentifier();
        // This is a simple logic. But others can be created.
    }

And that's all. You can find more about this plugin in the official Cake Book (https://book.cakephp.org/authorization/2/en/index.html) o in MarkStory Blog (http://mark-story.com/posts/view/introducing-the-cakephp-authorization-plugin)

bad_coder
  • 11,289
  • 20
  • 44
  • 72
Ariel Ale
  • 1
  • 2