I’m familiar with entity policy (canAdd, canEdit) but I’m not sure how to apply canView in a (possibly) non standard case where my data isn’t an entity (or rather, has been transformed after retrieval).
I have a scenario where the user requests
/report/{code}/{date}
the logic is:
$result = $this→Reports→find()→where(
[‘report.code‘ => $code, ‘report.date’ => $date]
)→all();
if(empty($result) {
return $this→generateBlankTemplate();
// a custom array of preset defined values.
}
return $result;
Now I could do
if($user→code === $code) { // the user is able to continue
in my controller – but that doesn’t seem to make use of the policy logic very well
Because my template code doesn’t use an entity, I’m not sure what to pass in to
$this->Authorization->authorize other than creating a blank entity?
$this->Authorization->authorize($result[‘code’]); // won’t work