How to debug user Permissions

+
0
-

I am getting the following error:
Nette\Application\ForbiddenRequestException #403

OK, so the user (admin) does not have permission to access the resource, but I am unsure why.
How can I see all the permissions for a user? (in this case admin)?

The error says:

22: $user = $this->getUser();
23: $content = ‘this is the default content’;
24: $this->template->content = $content;
25: }
26:
27: protected function startup(): void
28: {
29: parent::startup();
30:
31: if (!$this->getUser()->isAllowed(‘backend’)) {
32: throw new Nette\Application\ForbiddenRequestException;
33: }
34: }
35:
36: }

<?php

declare(strict_types=1);

namespace App\AdminModule\Presenters;

use Nette;
use App\Model;
use Nette\Application\Helpers;

final class DefaultPresenter extends Nette\Application\UI\Presenter
{
        ### public function __construct(Nette\Database\Context $database)
        public function __construct()
        {
                ### $this->database = $database;
                $path = __DIR__.'/../../layouts/@default.latte';
                parent::setLayout( $path );
        }

        public function renderDefault() {
                $user = $this->getUser();
                $content = 'this is the default content';
                $this->template->content = $content;
        }

        protected function startup(): void
        {
                parent::startup();

                if (!$this->getUser()->isAllowed('backend')) {
                        throw new Nette\Application\ForbiddenRequestException;
                }
        }

}
?>
CZechBoY
Member | 3608
+
0
-

You can dump what you send to allow/deny methods on Permission object. Probably in some PermissionFactory.

+
0
-

CZechBoY wrote:

You can dump what you send to allow/deny methods on Permission object. Probably in some PermissionFactory.

OK, so this seems to satisfy the access when I specify the permission.
Is this the correct method of access?

<?php

       protected function startup(): void
        {
                parent::startup();

                if (!$this->getUser()->isAllowed('backend', 'read')) {
                        throw new Nette\Application\ForbiddenRequestException;
                }
        }
?>
CZechBoY
Member | 3608
+
0
-

This restricts access to resource backend and action read. If it is ok for you, depends on you ;-)

I usually use 1 presenter = 1 resource, 1 presenter action = 1 auth action cardinality. Also I use next resources/actions that are not real presenters/actions.

+
0
-

CZechBoY wrote:

This restricts access to resource backend and action read. If it is ok for you, depends on you ;-)

I usually use 1 presenter = 1 resource, 1 presenter action = 1 auth action cardinality. Also I use next resources/actions that are not real presenters/actions.

So, for example, if you had a BlogPresenter, this would be one resource. (blog) and each action would be one permission (read). And you would check this in each action? (blog, read)?

Just trying to get this right.
Thanks

CZechBoY
Member | 3608
+
+1
-

Yes, like that.