Followed the Cake 5 CMS Tutorial through. Everything worked fine, until authorization, when I got this error when trying to edit or delete (they work with skipAuthorization):
Identity is not authorized to perform edit on App\Model\Entity\Article.
Authorization\Exception\ForbiddenException
Could this be caused by using Auto-Tables?
Some of the Table objects in your application were created by instantiating “Cake\ORM\Table” instead of any other specific subclass.
you can check your policy code for that, cakephp 5 will automatically add the authorization in your controller you need to bake the policy to modify it
<?php
namespace App\Policy;
use App\Model\Entity\Article;
use Authorization\IdentityInterface;
class ArticlePolicy
{
public function canEdit(IdentityInterface $user, Article $article)
{
// logged in users can edit their own articles.
return $this->isAuthor($user, $article);
}
}
this will be the code that run in you edit function
Thanks. I followed the tutorial and ArticlePolicy.php is already in place. I used bake to create the skeleton file, then filled it in from the tutorial, which includes what you mentioned.
Thanks. Yes, that was it. I thought I had created the articles I was trying to edit with the user I’d created, but I guess they were all done before installing authentication and authorization.
But why is it going to the error message and not to login?
If you want to add a flash message and redirect to the home page, for example, instead of generating an error page, I believe you’re looking for the unauthorized handler.
Yes. Thanks. What I expected from the CMS tutorial was a complete, if barebones, app. Unless I missed something, triggering a raw error page makes this incomplete. This is important to me because it’s my own (perhaps peculiar) way of learning to use frameworks, by starting with a complete basic app.
Yes, unauthorized handler. A flash message is now working for unauthorized edits and deletes.
My only point is, the CMS tutorial would have felt more complete with that information included directly in the Authorization section.
Thanks for your patience. I’ve noticed in recent months, maybe the last couple of years, my increasing, perhaps “unreasonable”, impatience with all manner of software instructions and advisories. The layers of detail to navigate seem to have increased past some tipping point for me, while the end results seem to stay about the same. Frustrating.