debug_kit icon indicating copy to clipboard operation
debug_kit copied to clipboard
verified publisher icon cakephp

DebugKit.ignoreAuthorization doesn't work with RequestAuthorization

Open mmahgoub opened this issue 6 years ago • 4 comments

  • [x] enhancement
  • [ ] feature-discussion (RFC)
  • [ ] bug

What you did

I've set up a Request Policy as an Authorization Service but the newly added DebugKit.ignoreAuthorization doesn't seem to override the Request Authorization.

What happened

DebugKit toolbar threw a ForbiddenException.

What you expected to happen

DebugKit should bypass Request Authorization logic

This could easily be solved by adding a rule to canAccess function in the RequestPolicy class like so:

class RequestPolicy implements RequestPolicyInterface {

       public function canAccess($identity, ServerRequest $request) {
            if ($request->getParam('plugin') === 'DebugKit') {
                 return true;
            }
        }

}

but this will render DebugKit.ignoreAuthorization useless anyway!

mmahgoub avatar Feb 12 '20 17:02 mmahgoub

If you are using Request base policies you have to handle skipping authorization yourself right now, as the ignore options have not been implemented for request policies yet.

markstory avatar Feb 12 '20 22:02 markstory

I would love to help fix this issue!

mmahgoub avatar Feb 13 '20 13:02 mmahgoub

@mmahgoub That would be great!

markstory avatar Feb 13 '20 14:02 markstory

ping @mmahgoub

dereuromark avatar Mar 14 '24 08:03 dereuromark