Controller actions without resource

Question

Controller actions without resource

Closed this issue 10 years ago · 7 comments

Hi,

I'm using your package and it's really amazing.
I'm just wondering how can I use the package in cases where I don't have Resources available.

Example: I have a AuthController to resolve the login/logout process. I also have a ProfileController, which handles user profile. The fact is that this controllers are not associated with a resource, ProfileController is not linked to a Profile model, and I don't have a profiles table in my database. The ProfileController handles User model and users table and so on.

So, how can I use the package with this type of controller? If I put the method $this->loadAndAuthorizeResource(); in my BaseController I get erros when going into this "resourceless controllers".

Thanks for your help.

Answer 1 · 2014-06-18T08:58:35.000Z

Hi Maximiliano,

I think you'll find the answer in this Wiki doc page: Authorizing controller actions - Custom Class

Feel free to reopen this issue if it doesn't work.

Cheers,
Tortue Torche

Answer 2 · 2014-06-18T12:09:45.000Z

Ok Tortue, thanks for your help.

I already read about the Custom Classes but, even with it it's mandatory to have a real Resource attached. I'm looking for a solution to only validate a Controller Action, without having a Model related to that.

If I do that $this->loadAndAuthorizeResource('xpto', ['parent' => false]); the Authority Controller will look for Xpto Model, but sometimes, I will not have a model, sometimes is just a Controller to handle other stuff but that needs access protection.

Answer 3 · 2014-06-18T12:19:57.000Z

Maybe you can thrown manually, in your controller actions, an exception if you want more custom behavior, like this:

throw new Efficiently\AuthorityController\Exceptions\AccessDenied("Not authorized!", 'read', 'Article');

Here the wiki page Exception Handling

Answer 4 · 2014-06-18T12:26:44.000Z

I'm looking for a solution to only validate a Controller Action, without having a Model related to that.

This package is a port of CanCan 1.6 gem and this feature isn't available in it. So there is no magic features for your request. Maybe you can use a dummy (tableless) Model ?

Answer 5 · 2014-06-18T12:48:43.000Z

Thanks for your help Tortue, I think that the best solution for now it's to point to a different model and add some custom rules.
It's not a thing that happens all the time but, force me to add loadAndAuthorizeResource to every controller, so I can't have it in my BaseController.

Answer 6 · 2014-06-19T11:04:46.000Z

By the way, you can have a loadAndAuthorizeResource() method in your BaseController even if some of your controllers don't have resource. Here a sample:

class BaseController extends Controller
{
    use Efficiently\AuthorityController\ControllerAdditions;

    public function __construct()
    {
        $this->setupAuthorizations();
    }

    protected function setupAuthorizations()
    {
       $this->loadAndAuthorizeResource();
    }
    //...
}

class ProfileController extends BaseController
{
    protected function setupAuthorizations()
    {
        // Do nothing !
    }
    //...
}

Answer 7 · 2014-06-19T14:17:30.000Z

Good idea Tortue!!!

Thanks for your help!
Em 19/06/2014 08:04, "Tortue Torche" notifications@github.com escreveu:

By the way, you can have a loadAndAuthorizeResource() method in your
BaseController even if some of your controllers don't have resource. Here a
sample:

class BaseController extends Controller{
use Efficiently\AuthorityController\ControllerAdditions;
public function __construct()
{
    $this->setupAuthorizations();
}

protected function setupAuthorizations()
{
   $this->loadAndAuthorizeResource();
}
//...}
class ProfileController extends BaseController{
protected function setupAuthorizations()
{
// Do nothing !
}
//...}

—
Reply to this email directly or view it on GitHub
#9 (comment)
.

Essa mensagem foi inspecionada por filtros de segurança do Google e é
segura para recebimento.