To adjust ORM queries one has to use the ->applyScope() method of the AuthorizationComponent.
But in certain scenarios it would be helpfull to pass down arguments to the ->applyScope() method because the query needs to be adjusted according to
- the current logged in user AND
- the state of a specific service object or maybe request parameters.
The proposed solution would look like that:
public function index(MyService $myService)
{
$this->Authorization->skipAuthorization();
$query = $this->Products->find();
$query = $this->Authorization->applyScope($query, 'index', $myService);
$products = $this->paginate($query);
$this->set(compact('products'));
}
And in the ProductsTablePolicy.php it would look like this:
class ProductsTablePolicy
{
public function scopeIndex(IdentityInterface $user, Query $query, $myService)
{
return $query->where(['Products.price >' => 0]);
}
}
This would be of course a BC break because we would have to adjust at least the IdentityInterface::applyScope as well as the AuthorizationServiceInterface::applyScope
What do you think?
To adjust ORM queries one has to use the
->applyScope()method of the AuthorizationComponent.But in certain scenarios it would be helpfull to pass down arguments to the
->applyScope()method because the query needs to be adjusted according toThe proposed solution would look like that:
And in the
ProductsTablePolicy.phpit would look like this:This would be of course a BC break because we would have to adjust at least the
IdentityInterface::applyScopeas well as theAuthorizationServiceInterface::applyScopeWhat do you think?