Skip to content
This repository has been archived by the owner on Jan 21, 2020. It is now read-only.

The deny_by_default TRUE setting should not block apigility admin #43

Open
pietervogelaar opened this issue Oct 13, 2014 · 5 comments
Open

The deny_by_default TRUE setting should not block apigility admin #43

pietervogelaar opened this issue Oct 13, 2014 · 5 comments

Comments

@pietervogelaar
Copy link 

array(
    'zf-mvc-auth' => array(
        'deny_by_default' => true
    ),
)

If deny_by_default is set to TRUE, the application home route, Apigility admin, documentation route and the swagger documentation routes are also blocked. Is this really desirable?

If yes, what is an easy way to figure out what all the apigility admin controllers are?
@pietervogelaar
Copy link
Author

If anyone is looking for the same, I had to add the following to the configuration to make the Apigility Admin work with deny_by_default TRUE.

'zf-mvc-auth' => array(
        'authentication' => array(),
        'authorization' => array(
            'deny_by_default' => true,
            'Application\\Controller\\Index' => array(
                'actions' => array(
                    'index' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\OAuth2\\Controller\\Auth' => array(
                'actions' => array(
                    'token' => array(
                        'GET'    => false,
                        'POST'   => true,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\App' => array(
                'actions' => array(
                    'app' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\Authentication' => array(
                'actions' => array(
                    'authentication' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Authorization' => array(
                'actions' => array(
                    'authorization' => array(
                        'default' => true,
                    )
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\CacheEnabled' => array(
                'actions' => array(
                    'cacheEnabled' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Config' => array(
                'actions' => array(
                    'process' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\ContentNegotiation' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Dashboard' => array(
                'actions' => array(
                    'dashboard' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\DbAdapter' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Documentation' => array(
                'actions' => array(
                    'index' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Filters' => array(
                'actions' => array(
                    'filters' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\FsPermissions' => array(
                'actions' => array(
                    'fsPermissions' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Hydrators' => array(
                'actions' => array(
                    'hydrators' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\InputFilter' => array(
                'actions' => array(
                    'index' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Module' => array(
                'actions' => array(
                    'list' => array(
                        'default' => true,
                    ),
                ),
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\RestService' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\RpcService' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\SettingsDashboard' => array(
                'actions' => array(
                    'settingsDashboard' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Source' => array(
                'actions' => array(
                    'source' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Validators' => array(
                'actions' => array(
                    'validators' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Versioning' => array(
                'actions' => array(
                    'defaultVersion' => array(
                        'default' => true,
                    ),
                    'versioning' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Documentation\\Controller' => array(
                'actions' => array(
                    'show' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\Apigility\\Documentation\\Swagger\\SwaggerUi' => array(
                'actions' => array(
                    'list' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                    'show' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
        ),
    ),

@EMCP
Copy link

EMCP commented Dec 9, 2014

I think MVC-Auth users need to decide whether this default behavior is acceptable and the work around documented.

OR

it's not acceptable and strategizing something else.

Personally I'm rather stuck debugging all these true, false flags.. to the point where I'm locked out of my Apigility service completely.

@EMCP
Copy link

EMCP commented Dec 9, 2014

@pietervogelaar where do you put this array?

@stavarengo
Copy link

I know it's a little bit late, but I think I have a better solution than add all of the zf-apigility-admin's controllers to the config file.
The ideia is to attach a listener to the \ZF\MvcAuth\MvcAuthEvent::EVENT_AUTHORIZATION event in order to allow any request from the zf-apigility-admin.
Here is the listener class itself.
Maybe we could turn this into a pull-request. What you guys say?

use Zend\EventManager\AbstractListenerAggregate;
use Zend\EventManager\EventManagerInterface;
use ZF\MvcAuth\MvcAuthEvent;

/**
 * This listener makes the zf-mvc-auth module allow all requests from zf-apigility-admin-ui when the 'deny_by_default'
 * flag is true.
 */
class AllowAllApigilityRequests extends AbstractListenerAggregate
{
    public function __invoke(MvcAuthEvent $authEvent)
    {
        $mvcEvent   = $authEvent->getMvcEvent();
        $routeMatch = $mvcEvent->getRouteMatch();

        if (!$routeMatch) {
            return;
        }

        if (strpos((string)$routeMatch->getMatchedRouteName(), 'zf-apigility') === 0) {
            /** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */
            $authorization = $authEvent->getAuthorizationService();
            $authorization->allow($authorization->getRoles());
        }
    }

    /**
     * Attach one or more listeners
     *
     * Implementors may add an optional $priority argument; the EventManager
     * implementation will pass this to the aggregate.
     *
     * @param EventManagerInterface $events
     *
     * @return void
     */
    public function attach(EventManagerInterface $events)
    {
        $this->listeners[] = $events->attach(MvcAuthEvent::EVENT_AUTHORIZATION, $this, 2);
    }
}

@weierophinney weierophinney mentioned this issue Dec 31, 2019
Open
@weierophinney
Copy link
Member

This repository has been closed and moved to laminas-api-tools/api-tools-mvc-auth; a new issue has been opened at laminas-api-tools/api-tools-mvc-auth#22.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@weierophinney @stavarengo @pietervogelaar @EMCP