I have several prefixes in play in an existing CakePHP app. I also have a bit of primary navigation in the layout that points to shared methods. I know I can explicitly set each prefix to false to avoid linking with the prefix, but is there a shortcut path that simply tells Cake to no use any prefixes no matter which one's context may currently exist?
For example, I'm on a page where a realtor can register (/realtor/users/register). I have a similar prefix for inspectors and contractors because the registration process is slightly different. Since I'm not authenticated, there's a Login link in the primary nav, but the login action is shared by all user types and should be accessed without any prefix.
<?php echo $this->Html->link( 'Login', array( 'controller' => 'users', 'action' => 'login', 'realtor' => false, 'inspector' => false, 'contractor' => false ) ) ?>
I'd like to be able to, in the link, just turn off all prefixing rather than turning off each possible prefix independently. Possible?
I know it's been 2 years since the question above was answered, though I think I found an even less intrusive way to accomplish what you want.
Set the prefix name dynamically by taking the current prefix value from $this->params and set it to false, like so
$this->Html->link('hello', array($this->params['prefix']=>false, 'controller'=>'posts','action'=>'index'));
The value of $this->params['prefix'] will be the one and relevant at that moment to set to false.
cheers
If loosing the routing capabilities is not a problem for you, you could pass a string instead of an array to the link() method:
<?php
echo $this->Html->link('Login', '/users/login');
?>
EDIT
To keep routing mechanism, here is a little Helper that would do the trick:
class MyHtmlHelper extends HtmlHelper
{
public function link($title, $url = null, $options = array(), $confirmMessage = false)
{
$prefixes = Router::prefixes();
foreach($prefixes as $prefix)
{
$url[$prefix] = false;
}
return parent::link($title, $url, $options, $confirmMessage);
}
}
Off course you could change the method name if you want to keep the standard link() method. I tested this with Cake2, but this should work with Cake1.3
Related
I have a website that has users and entries, both of which are stored in a database. Every entry has its own page, using its slug, and every user has a public profile, using its username. Their respective URLs might look something like this:
Entry: https://example.com/hello-world
User: https://example.com/test-user
Refactoring said website with CakePHP 3.4 (the original being built with “vanilla” PHP), I implemented the following routes:
$routes->connect('/:slug',
['controller' => 'Entries', 'action' => 'view'],
['pass' => ['slug']]
);
$routes->connect('/:username',
['controller' => 'Users', 'action' => 'view'],
['pass' => ['username']]
);
The entry pages work like a charm — no problem there — but when I try to access a user profile, Cake throws a RecordNotFoundException. This makes sense, since it’s looking for an entry that does no exist.
I was hoping switching from firstOrFail to find in the EntriesController would allow the application to continue with the next route in line (because no exception would be thrown), but the result is actually worse: It tries to render the entry view without an object, causing PHP notices on an otherwise empty layout.
I have read the CakePHP documentation (“Book”), but could not find a solution to this (I would assume rather generic) problem. I have also tried many other (often less obvious) route setups, but no luck there either.
Now my mind keeps going to something like a EntryOrUserController, but I doubt that would be the best solution, or even a good one. Frankly, I think it’s silly. I guess I am really hoping for some controller or middleware function that does exactly what I want out of the box, but any elegant solution would do.
P.S. I do realize that the default CakePHP/MVC way of going about this would be to have URLs a bit more like this:
Entry: https://example.com/entries/hello-world
User: https://example.com/users/test-user
…but that is not an option in this case, so thanks but no. ☺
Thanks to ndm for pointing me in the right direction. After some tinkering I have a solution that works nicely. Posting it here because it might be of use to others. There are three steps.
1. Create custom routing class
/src/Routing/Route/SlugRoute.php:
namespace App\Routing\Route;
use Cake\Routing\Route\Route;
use Cake\ORM\Locator\LocatorAwareTrait;
class SlugRoute extends Route
{
use LocatorAwareTrait;
public function parse($url, $method = '')
{
$params = parent::parse($url, $method);
if (!$params ||
!isset($this->options['model']) ||
!isset($this->options['pass'][0])
) {
return false;
}
$count = $this
->tableLocator()
->get($this->options['model'])
->find()
->where([
$this->options['pass'][0] => $params['pass'][0]
])
->count();
if ($count !== 1) {
return false;
}
return $params;
}
}
2. Apply new routing class to relevant routes
$routes->connect('/:slug',
['controller' => 'Entries', 'action' => 'view'],
['pass' => ['slug', 'name'], 'routeClass' => 'SlugRoute', 'model' => 'Entries']
);
$routes->connect('/:username',
['controller' => 'Users', 'action' => 'view'],
['pass' => ['username'], 'routeClass' => 'SlugRoute', 'model' => 'Users']
);
3. Consider a few things
I’m also telling the routes which models to use. It would probably be nice if the routing class figures this out by itself.
The routing class assumes we want to do a lookup on the first value of the pass array. That’s fine in this case (with only slug and username being passed), but it’s not very transparent and easily broken.
I am using CakePHP in my project and I am looking for a proper way to check advanced user rights in my views.
I have several pages in which the contents depend of your rights (you can view some blocks or not, edit some infos or not, etc...)
I searched and the only way I found is to implement an Auth Helper, but I thought the best way to to that is to implement methods in my "UserController" (such as canPerformAction($action, $controller = 'default_controller')), am I wrong ? And if I'm right, how to call that methods properly ?
Thanks.
EDIT : More precisions
For example I have an action "editEventProducts" that a user can perform only if he's the event owner and if the event status is <= 2.
I check that in my controller "isAuthorized" function, works like a charm.
But I have a page called "eventDetails", form which you can perfom several actions such as this one, and I want to show the edit button, only if you can do it.
If fact what I need is the output of the "isAuthorized" function for each action that you can call, but can I properly get it from a view ?
Solution
I implemented a Auth helper who does several check such as this one, which is finally a whitelist check, depending of the status of my event, hope it will help, the code :
App::uses('AppHelper', 'View/Helper');
class AuthHelper extends AppHelper {
var $helpers = array('Session');
private $_whitelist = array(
'controller1' => array(
'events' => array(
'action1' => array(1 => true, 2 => true),
'action2' => array(1 => true, 2 => true),
'action3' => array(3 => true),
'action4' => array(6 => true)
)
),
'user' => array(
'controller1' => array(
'action1' => array(1 => true, 2 => true),
'action2' => array(1 => true, 2 => true)
)
)
);
public function canPerformAction ($action, $event_infos, $controller = 'events') {
return isset($this->_whitelist[$this->Session->read('Auth.User.role')][$controller][$action][$event_infos['Event']['state_id']]);
}
}
It sounds to me like you just want to render some parts of a view based on the permissions of the user. Well, in this case I think a helper is the right choice. The user should already have all the permissions he has loaded - except they're very fine grained and you got thousands of permissions.
Check this AuthHelper, it allows you to check if the user is logged in, for a role or a set of roles in a field. Alternatively implement your own solution to match whatever your permission system is.
Note that the helper relies on passing the user data to the view in a view variable. It can be also configured to read the data from the auth part of the session directly.
Here is the example taken from it's documentation:
if ($this->Auth->isLoggedIn()) {
echo __('Hello %s!', $this->Auth->user('username'));
}
if ($this->Auth->isMe($record['Record']['user_id']) {
// or your edit button here
echo '<h2>' . __('Your records') . '</h2>';
}
if ($this->Auth->hasRole('admin') {
echo $this->Html->link(__('delete'), array('action' => 'delete'));
}
What you need is called authorization, and is the process of granting/denying actions usually built on top of an authentication step, which maps HTTP requests to logical users.
The authorization scheme can be implemented in a number of ways, for example with simple role-based rules, where users are grouped exactly for the purpose of assigning rights, or with more complex ACL (access control lists). Both can be adopted at the same time for different parts of the system, depending on your needs.
Whatever scheme you pick, you absolutely need to query it at the beginning of your controllers actions (if applicable, you may and up with a standardized authorization filter in your AppController), because the HTTP request doesn't need to come from a previously sent HTTP page, but could be a (possibly) malicious, hand-craften one. Also, you'll likely need to adjust the UI after the user rights. Maybe you'll better start with a bunch of if statements, and then after some days of work you'll be able to identify your needs and build your libraries/helpers/blocks/whatever to avoid code duplication and easing reading the templates.
If you have predefined user permissions (like 'admin', 'moderator', 'editor', 'publisher'...) you can just read the user role and current action in the controller function isAuthorized and set it to true or false.
If you want custom permissions per user, you can store those values in the database, read them in the isAuthorized function and make your logic to determine if you should allow him or not.
My solution to this was a separate table user_permissions that was something like this:
user_id | action
where action would be `controller/action' or 'view/block' or whatever you want to save there.
I would read all values for current user in the controller and if the current controller/action was found in the array, i'd set isAuthorized to true. You can apply your logic to the blocks also.
You can call function of controller from view using
requestAction(string $url, array $options)
Or you can create your custom Helper which will do this for you!
I am writing some simple redirects in CakePHP 2.4.2 and came across one that stumped me a bit.
How can I redirect to another view with the same passedArgs? It seems like it should be simple, but I must be overlooking something. I tried this:
$this->redirect(array_merge(array('action' => 'index',$this->params['named'])));
The debug output seems correct:
array(
'action' => 'index',
(int) 0 => array(
'this' => 'url',
'and' => 'stuff'
)
)
My desired outcome is that
view/this:url/and:stuff
redirects to
index/this:url/and:stuff
but now it just sends me to
index/
Not sure what I am missing here, perhaps I have deeper configuration issues - although it's not a terribly complicated app.
For passed params (numeric keys) use array_merge.
But since you use named params, which have a string based key, you can leverage PHP basics:
$this->redirect(array('action' => 'index') + $this->request->params['named']));
This adds all array values from the named params except for action, which is already in use here (and hence should not be overwritten anyway). So the priority is clear, as well.
Cake expects a flat array of parameters, so you need to use array_merge to add in extra arrays to it on the sides. Try this:
$this->redirect(array_merge(array('action' => 'index'), $this->params['named']));
... or using your original variable $passedArgs:
$this->redirect(array_merge(array('action' => 'index'), $this->passedArgs));
Maybe better solution will be used persist attribute in Router::connect()?
First part of this question will look trivial, but the point is in second part.
So, let's say that I have next few links on my app:
http://myapp.com/cars-audi
http://myapp.com/cars-opel
http://myapp.com/cars-fiat
http://myapp.com/cars-vw
In these cases, model car is used. So, in this case, I want to escape using slash in URL.
Then I will have more pages, and URLs, where roads will be involved, like:
http://myapp.com/roads/germany
http://myapp.com/roads/austria
http://myapp.com/roads/hungary
http://myapp.com/roads/poland
So, if it starts with cars-, in that case model cars should be used, and if it starts with roads/, model roads will be in the game.
Is it possible to do with some regular expressions in routes.php, or is it better to load (use) one same model in both cases, and to work with them like that?
Also, is it possible to help parsing URL using .htaccess file?
This is a simple case of routing a URL to a controller action, it doesn't involve models at all.
Router::connect('/:carlink',
array('controller' => 'cars', 'action' => 'view'),
array('carlink' => 'cars-\w+', 'pass' => array('carlink')));
This route says any URL that matches /:carlink should be routed to the given controller and action. In the last part you're clarifying what :carlink can be with the regular expression cars-\w+ ("cars-" followed by any word). You also pass that value to your called action.
class CarsController extends AppController {
public function view($car) {
if (!preg_match('/cars-(\w+)/', $car, $matches)) {
// action was accessed with invalid URL, bail out
$this->cakeError('error404');
}
// use $matches[1], which will be 'audi', for example
…
}
}
Your road URLs would be routed to the RoadsController as usual like this:
Router::connect('/roads/*', array('controller' => 'roads', 'action' => 'view'));
Okay, this will require some setup:
I'm working on a method of using nice post title "slugs" in the URL's of my cakePHP powered blog.
For example: /blog/post-title-here instead of /blog/view_post/123.
Since I'm obviously not going to write a new method for every post, I'm trying to be slick and use CakePHP callbacks to emulate the behavior of PHP 5's __call() magic method. For those who do not know, CakePHP's dispatcher checks to see if a method exists and throws a cakePHP error before __call() can be invoked in the controller.
What I've done so far:
In the interest of full disclosure ('cause I have no Idea why I'm having a problem) I've got two routes:
Router::connect('/blog/:action/*', array('controller' => 'blog_posts'));
Router::connect('/blog/*', array('controller' => 'blog_posts'));
These set up an alias for the BlogPostsController so that my url doesn't look like /blog_posts/action
Then in the BlogPostsController:
public function beforeFilter() {
parent::beforeFilter();
if (!in_array($this->params['action'], $this->methods)) {
$this->setAction('single_post', $this->params['action']);
}
}
public function single_post($slug = NULL) {
$post = $this->BlogPost->get_post_by_slug($slug);
$this->set('post', $post);
//$this->render('single_post');
}
The beforeFilter catches actions that do not exist and passes them to my single_post method. single_post grabs the data from the model, and sets a variable $post for the view.
There's also an index method that displays the 10 most recent posts.
Here's the confounding part:
You'll notice that there is a $this->render method that is commented-out above.
When I do not call $this->render('single_post'), the view renders once, but the $post variable is not set.
When I do call $this->render('single_post'), The view renders with the $post variable set, and then renders again with it not set. So in effect I get two full layouts, one after the other, in the same document. One with the content, and one without.
I've tried using a method named single_post and a method named __single_post and both have the same problem. I would prefer the end result to be a method named __single_post so that it cannot be accessed directly with the url /blog/single_post.
Also
I've not yet coded error handling for when the post does not exist (so that when people type random things in the url they don't get the single_post view). I plan on doing that after I figure out this problem.
This doesn't explicitly answer your question, but I'd just forego the whole complexity by solving the problem using only routes:
// Whitelist other public actions in BlogPostsController first,
// so they're not caught by the catch-all slug rule.
// This whitelists BlogPostsController::other() and ::actions(), so
// the URLs /blog/other/foo and /blog/actions/bar still work.
Router::connect('/blog/:action/*',
array('controller' => 'blog_posts'),
array('action' => 'other|actions'));
// Connect all URLs not matching the above, like /blog/my-frist-post,
// to BlogPostsController::single_post($slug). Optionally use RegEx to
// filter slug format.
Router::connect('/blog/:slug',
array('controller' => 'blog_posts', 'action' => 'single_post'),
array('pass' => array('slug') /*, 'slug' => 'regex for slug' */));
Note that the above routes depend on a bug fix only recently, as of the time of this writing, incorporated into Cake (see http://cakephp.lighthouseapp.com/projects/42648/tickets/1197-routing-error-when-using-regex-on-action). See the edit history of this post for a more compatible solution.
As for the single_post method being accessible directly: I won't. Since the /blog/:slug route catches all URLs that start with /blog/, it'll catch /blog/single_post and invoke BlogPostsController::single_post('single_post'). You will then try to find a post with the slug "single_post", which probably won't exist. In that case, you can throw a 404 error:
function single_post($slug) {
$post = $this->BlogPost->get_post_by_slug($slug);
if (!$post) {
$this->cakeError('error404');
}
// business as usual here
}
Error handling: done.