authorization icon indicating copy to clipboard operation
authorization copied to clipboard
verified publisher icon cakephp

Authorization Identity can() method need to allow second parms to optional.

Open hanumanyadav1989 opened this issue 5 years ago • 6 comments

I am using Authorization plugin and created Policies and these policies working good in the controller like can index/add/edit/delete but i have issue in the view index.php there i need to hide add button using can() method like below


if($this->request->getAttribute('identity')->can('add')){
         echo $this->Html->link("<i class=\"fa fa-plus\"></i> " . __('New User'), ["action" => "add"], ["escape" => false]);
  }

There we need second parameter newEmptyEntity object but i am in index function so i don't want to add newEmptyEntity object. when i used above script for hide add button then this error will be appear

(Error: Too few arguments to function Authorization\IdentityDecorator::can(), 1 passed in index.php on line 21 and exactly 2 expected.)

My policy method is this one:

public function canAdd(IdentityInterface $user)
    {
        if($user->is_supper_admin){
            return true;
        }
        return false;
    }

In this case i don't need second parameter so please resolve this issue

image

Thanks

hanumanyadav1989 avatar Jun 24 '20 14:06 hanumanyadav1989

If you have no resource how would the policy resolvers know which resource you want to check the add permission of?

markstory avatar Jun 24 '20 21:06 markstory

But some time we don't need availability to resources like below:

When we are going to add() method and we want to set permission for this like only supper admin can able to add records in this case in add() method we have newEmptyEntity object resource so don't have any issue in this scenario.

But in the layout sidebar and index page we have "Add new user" button so we want to set permission also for this button means this button should be hide no need to display to another role users. so please let me know what we need to do in this case.

hanumanyadav1989 avatar Jun 25 '20 08:06 hanumanyadav1989

You could pass an new entity into 'create' permission checks. Or make the create permission use the Table object as a resource.

markstory avatar Jun 26 '20 20:06 markstory

The possible ways to create/obtain a resource for this to work aside, is there a reason why mapping/resolving class names isn't supported? ie so that one could do something like $user->can('create', Article::class)?

ndm2 avatar Jul 06 '20 15:07 ndm2

... is there a reason why mapping/resolving class names isn't supported? ie so that one could do something like $user->can('create', Article::class)?

The only limitation thus far has been a lack of imagination and use cases by previous contributors :smile: The OrmResolver could handle this scenario in addition to handling table/entity instances, it just needs doing :smile:

markstory avatar Jul 07 '20 01:07 markstory

Weeeelllllll.... maybe I'll find a few minutes of spare time to give it a try :)

ndm2 avatar Jul 07 '20 08:07 ndm2

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days

github-actions[bot] avatar Dec 24 '22 00:12 github-actions[bot]

Looks like I did, in fact, not find those few minutes of spare time 😰

ndm2 avatar Dec 24 '22 01:12 ndm2

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days

github-actions[bot] avatar Apr 25 '23 00:04 github-actions[bot]

Should we handle this the same as we did in https://github.com/cakephp/authorization/pull/226?

LordSimal avatar Apr 25 '23 07:04 LordSimal

@LordSimal That could work well.

markstory avatar May 01 '23 01:05 markstory

This will be possible in the next major version.

LordSimal avatar May 09 '23 19:05 LordSimal