Allow for AuthorizationComponent::can to not set $authorizationChecked
I use AuthorizationComponent::can to check if a particular menu item should be shown (menu array is set as viewVar), this then breaks the requireAuthorizationCheck security feature. It would be good if we can pass an option to can that stops $authorizationChecked being set to true. Alternatively add another method AuthorizationComponent::check which does this, although this might be confusing.
Example
if ($this->Authorization->can(new AdminUser(), 'index')) {
$sideBar[99] = [
'text' => 'System',
'icon' => 'fa-dashboard',
'subItems' => [
[
'text' => 'Admin Users',
'url' => ['controller' => 'AdminUsers', 'action' => 'index'],
]
]
];
}
After doing this if I miss adding a can / canResult to an action no exception is thrown and the action is open
I'm happy to create a PR however I need some steer how the best approach. Do we want a separate method like check or pass an options array into can and canResult
I think additional methods are preferable. Options arrays are hard to typehint/check, and the can() method already has optional parameters making adding more slightly more clunky than a separate method.
This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days