authorization icon indicating copy to clipboard operation
authorization copied to clipboard
verified publisher icon cakephp

Allow for AuthorizationComponent::can to not set $authorizationChecked

Open lilHermit opened this issue 5 years ago • 2 comments

I use AuthorizationComponent::can to check if a particular menu item should be shown (menu array is set as viewVar), this then breaks the requireAuthorizationCheck security feature. It would be good if we can pass an option to can that stops $authorizationChecked being set to true. Alternatively add another method AuthorizationComponent::check which does this, although this might be confusing.

Example

if ($this->Authorization->can(new AdminUser(), 'index')) {
    $sideBar[99] = [
        'text' => 'System',
        'icon' => 'fa-dashboard',
        'subItems' => [
            [
                'text' => 'Admin Users',
                'url' => ['controller' => 'AdminUsers', 'action' => 'index'],
            ]
        ]
    ];
}

After doing this if I miss adding a can / canResult to an action no exception is thrown and the action is open

lilHermit avatar Sep 26 '20 15:09 lilHermit

I'm happy to create a PR however I need some steer how the best approach. Do we want a separate method like check or pass an options array into can and canResult

lilHermit avatar Sep 28 '20 10:09 lilHermit

I think additional methods are preferable. Options arrays are hard to typehint/check, and the can() method already has optional parameters making adding more slightly more clunky than a separate method.

markstory avatar Sep 29 '20 02:09 markstory

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days

github-actions[bot] avatar Dec 24 '22 00:12 github-actions[bot]