Added disabledActions feature to SecurityComponent
#750
Conversation
|
Sounds like a reasonable idea, let's hear what the other have to say about this |
| $this->Controller->request->data = array('data'); | ||
| $this->Controller->Security->disabledActions = 'index'; | ||
| $this->Controller->Security->blackHoleCallback = null; | ||
| $this->Controller->Security->startup($this->Controller); |
There was a problem hiding this comment.
A test with no assertions and no annotations looks like a mistake, perhaps add a comment, or assertion ensuring this isn't a mistake.
There was a problem hiding this comment.
The idea was that if it throws an exception it was blackholed (which it shouldn't be since its disabled for the current) action and that would cause the test to fail otherwise it passes. Is a try/catch block preferred with an assertion at the end to test that exception wasn't thrown, a comment, or $this->fail('Action was blackholed when it should not have been'); inside of the catch block?
There was a problem hiding this comment.
You could just $this->assertNull() the return of startup().
|
I like the ability to declaratively disable the checks. |
|
I don't like the property name. Just by name my first impression would be it is used to disallow/block actions when in fact it does the opposite. It would be better to rename it to |
|
Admad: that sounds reasonable. I had the same first impression with |
|
I don't know what you guys are talking about. For consistency's sake, I think |
|
|
|
I think this looks good to merge in, are there any other changes that need to be made @lorenzo? |
|
Seems good to me, I'll merge it in |
Added `disabledActions` feature to SecurityComponent
Disables security checks if action is defined in
disabledActionsFor the lazy ones :]