Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The deny_by_default TRUE setting should not block apigility admin #22

Open
weierophinney opened this issue Dec 31, 2019 · 4 comments
Open

The deny_by_default TRUE setting should not block apigility admin #22

weierophinney opened this issue Dec 31, 2019 · 4 comments

Comments

@weierophinney
Copy link
Contributor 

array(
    'zf-mvc-auth' => array(
        'deny_by_default' => true
    ),
)

If deny_by_default is set to TRUE, the application home route, Apigility admin, documentation route and the swagger documentation routes are also blocked. Is this really desirable?

If yes, what is an easy way to figure out what all the apigility admin controllers are?

Originally posted by @pietervogelaar at zfcampus/zf-mvc-auth#43
@weierophinney
Copy link
Contributor Author

If anyone is looking for the same, I had to add the following to the configuration to make the Apigility Admin work with deny_by_default TRUE.

'zf-mvc-auth' => array(
        'authentication' => array(),
        'authorization' => array(
            'deny_by_default' => true,
            'Application\\Controller\\Index' => array(
                'actions' => array(
                    'index' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\OAuth2\\Controller\\Auth' => array(
                'actions' => array(
                    'token' => array(
                        'GET'    => false,
                        'POST'   => true,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\App' => array(
                'actions' => array(
                    'app' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\Authentication' => array(
                'actions' => array(
                    'authentication' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Authorization' => array(
                'actions' => array(
                    'authorization' => array(
                        'default' => true,
                    )
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\CacheEnabled' => array(
                'actions' => array(
                    'cacheEnabled' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Config' => array(
                'actions' => array(
                    'process' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\ContentNegotiation' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Dashboard' => array(
                'actions' => array(
                    'dashboard' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\DbAdapter' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Documentation' => array(
                'actions' => array(
                    'index' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Filters' => array(
                'actions' => array(
                    'filters' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\FsPermissions' => array(
                'actions' => array(
                    'fsPermissions' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Hydrators' => array(
                'actions' => array(
                    'hydrators' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\InputFilter' => array(
                'actions' => array(
                    'index' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Module' => array(
                'actions' => array(
                    'list' => array(
                        'default' => true,
                    ),
                ),
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\RestService' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\RpcService' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\SettingsDashboard' => array(
                'actions' => array(
                    'settingsDashboard' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Source' => array(
                'actions' => array(
                    'source' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Validators' => array(
                'actions' => array(
                    'validators' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Versioning' => array(
                'actions' => array(
                    'defaultVersion' => array(
                        'default' => true,
                    ),
                    'versioning' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Documentation\\Controller' => array(
                'actions' => array(
                    'show' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\Apigility\\Documentation\\Swagger\\SwaggerUi' => array(
                'actions' => array(
                    'list' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                    'show' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
        ),
    ),

Originally posted by @pietervogelaar at zfcampus/zf-mvc-auth#43 (comment)

@weierophinney
Copy link
Contributor Author

I think MVC-Auth users need to decide whether this default behavior is acceptable and the work around documented.

OR

it's not acceptable and strategizing something else.

Personally I'm rather stuck debugging all these true, false flags.. to the point where I'm locked out of my Apigility service completely.

Originally posted by @EMCP at zfcampus/zf-mvc-auth#43 (comment)

@weierophinney
Copy link
Contributor Author

@pietervogelaar where do you put this array?

Originally posted by @EMCP at zfcampus/zf-mvc-auth#43 (comment)

@weierophinney
Copy link
Contributor Author

I know it's a little bit late, but I think I have a better solution than add all of the zf-apigility-admin's controllers to the config file.
The ideia is to attach a listener to the \ZF\MvcAuth\MvcAuthEvent::EVENT_AUTHORIZATION event in order to allow any request from the zf-apigility-admin.
Here is the listener class itself.
Maybe we could turn this into a pull-request. What you guys say?

use Zend\EventManager\AbstractListenerAggregate;
use Zend\EventManager\EventManagerInterface;
use ZF\MvcAuth\MvcAuthEvent;

/**
 * This listener makes the zf-mvc-auth module allow all requests from zf-apigility-admin-ui when the 'deny_by_default'
 * flag is true.
 */
class AllowAllApigilityRequests extends AbstractListenerAggregate
{
    public function __invoke(MvcAuthEvent $authEvent)
    {
        $mvcEvent   = $authEvent->getMvcEvent();
        $routeMatch = $mvcEvent->getRouteMatch();

        if (!$routeMatch) {
            return;
        }

        if (strpos((string)$routeMatch->getMatchedRouteName(), 'zf-apigility') === 0) {
            /** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */
            $authorization = $authEvent->getAuthorizationService();
            $authorization->allow($authorization->getRoles());
        }
    }

    /**
     * Attach one or more listeners
     *
     * Implementors may add an optional $priority argument; the EventManager
     * implementation will pass this to the aggregate.
     *
     * @param EventManagerInterface $events
     *
     * @return void
     */
    public function attach(EventManagerInterface $events)
    {
        $this->listeners[] = $events->attach(MvcAuthEvent::EVENT_AUTHORIZATION, $this, 2);
    }
}

Originally posted by @stavarengo at zfcampus/zf-mvc-auth#43 (comment)

@weierophinney weierophinney mentioned this issue Dec 31, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@weierophinney