Im using the Authenticate and Authorize plugins however im having issues using permissions on my controller.
Im looking at having a management dashboard that will not have its own model but instead call other models when i need them. I cant work out how to use a Policy to set permissions on each function. For example i would like every user level except for “user” to access “index” but only “root” user to be able to access “siteSettings”.
Thank you for your help in advance
I would think that the map resolver would be just the thing for this. Map from your controller class to a policy class for that controller.
This is what i thought however I’m getting lost trying to get it to work.
Share the code you’ve tried and explain what’s not working about it.
I have attached the files below
The error is:
Policy for App\Controller\ManageController has not been defined.
You are mapping ServerRequest::class to RequestPolicy::class, but there’s nothing there about the ManageController.
How do I map my ManageController to my ManagePolicy?
if i add
Resource class App\ManageController does not exist.
This is just a namespace issue, maybe do a little reading on that topic. Either
use the full namespaced path to ManageController at the top of your file, or else provide the path here.
namespaces are an element of PHP that i dont understand yet, please could you explain further.
So i think ive cracked it, on the “Application.php” file i have to add a “use” for my policy and Controller? is this the case? since i feel that this will make my Application.php very large having these at the top.
You can either have a single line for each one at the top of the file, or you can use the fully qualified class name every time you reference them. Most people opt for the former. Not at all uncommon for a central thing like the Application class to have 20 or more uses at the top; my project has over 40 there.
Definitely recommend finding a good tutorial or discussion of the topic of PHP namespaces in general; the time you spend reading and assimilating that info will be paid back very quickly and save you tons of frustration.