-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added disabledActions
feature to SecurityComponent
#750
Conversation
Sounds like a reasonable idea, let's hear what the other have to say about this |
$this->Controller->request->data = array('data'); | ||
$this->Controller->Security->disabledActions = 'index'; | ||
$this->Controller->Security->blackHoleCallback = null; | ||
$this->Controller->Security->startup($this->Controller); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A test with no assertions and no annotations looks like a mistake, perhaps add a comment, or assertion ensuring this isn't a mistake.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea was that if it throws an exception it was blackholed (which it shouldn't be since its disabled for the current) action and that would cause the test to fail otherwise it passes. Is a try/catch block preferred with an assertion at the end to test that exception wasn't thrown, a comment, or $this->fail('Action was blackholed when it should not have been');
inside of the catch block?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could just $this->assertNull()
the return of startup()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, done.
I like the ability to declaratively disable the checks. |
I don't like the property name. Just by name my first impression would be it is used to disallow/block actions when in fact it does the opposite. It would be better to rename it to |
Admad: that sounds reasonable. I had the same first impression with |
I don't know what you guys are talking about. For consistency's sake, I think |
|
I think this looks good to merge in, are there any other changes that need to be made @lorenzo? |
Seems good to me, I'll merge it in |
Added `disabledActions` feature to SecurityComponent
Disables security checks if action is defined in
disabledActions
For the lazy ones :]