Merge pull request #737 from cakephp/port-734

DebugKitController beforeFilter check if debug is enabled

Author: markstory

composer.json

@@ -32,6 +32,7 @@
     },
     "require-dev": {
         "cakephp/cakephp-codesniffer": "^4.0",
+        "cakephp/authorization": "^2.0",
         "phpunit/phpunit": "^8.0"
     },
     "autoload": {

docs/en/index.rst

@@ -44,12 +44,14 @@ Configuration
     // Allow e.g. http://foo.bar.dev or http://my-shop.local domains locally
     Configure::write('DebugKit.safeTld', ['dev', 'local', 'example']);
 
-* ``DebugKit.forceEnable`` - Force DebugKit to display. Careful with this, it is usually 
+* ``DebugKit.forceEnable`` - Force DebugKit to display. Careful with this, it is usually
   safer to simply whitelist your local TLDs. Example usage::
 
     // Before loading DebugKit
     Configure::write('DebugKit.forceEnable', true);
 
+* ``DebugKit.ignoreAuthorization`` - Set to true to ignore Cake Authorization plugin for DebugKit requests. Disabled by default.
+
 Database Configuration
 ----------------------
 
@@ -77,7 +79,7 @@ connection in the ``Datasources`` variable in your **config/app.php** file. For
         //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
     ],
 
-You can safely remove the **tmp/debug_kit.sqlite** file at any point. 
+You can safely remove the **tmp/debug_kit.sqlite** file at any point.
 DebugKit will regenerate it when necessary.
 
 Toolbar Usage

docs/fr/index.rst

@@ -30,6 +30,11 @@ Ensuite, vous devez activer le plugin en exécutant la ligne suivante::
 
     bin/cake plugin load DebugKit
 
+Configuration
+=============
+
+* ``DebugKit.ignoreAuthorization`` - Définie à true pour ignorer le plugin Cake Authorization uniquement pour les requêtes DebugKit. Par défaut à false.
+
 Stockage de DebugKit
 ====================
 

src/Controller/ComposerController.php

@@ -15,10 +15,6 @@
  */
 namespace DebugKit\Controller;
 
-use Cake\Controller\Controller;
-use Cake\Core\Configure;
-use Cake\Event\EventInterface;
-use Cake\Http\Exception\NotFoundException;
 use Cake\View\JsonView;
 use Composer\Console\Application;
 use Symfony\Component\Console\Input\ArrayInput;
@@ -27,7 +23,7 @@
 /**
  * Provides utility features need by the toolbar.
  */
-class ComposerController extends Controller
+class ComposerController extends DebugKitController
 {
     /**
      * {@inheritDoc}
@@ -39,20 +35,6 @@ public function initialize(): void
         $this->viewBuilder()->setClassName(JsonView::class);
     }
 
-    /**
-     * Before filter handler.
-     *
-     * @param \Cake\Event\EventInterface $event The event.
-     * @return void
-     * @throws \Cake\Http\Exception\NotFoundException
-     */
-    public function beforeFilter(EventInterface $event)
-    {
-        if (!Configure::read('debug')) {
-            throw new NotFoundException();
-        }
-    }
-
     /**
      * Check outdated composer dependencies
      *

src/Controller/DashboardController.php

@@ -14,31 +14,24 @@
  */
 namespace DebugKit\Controller;
 
-use Cake\Controller\Controller;
-use Cake\Core\Configure;
 use Cake\Event\EventInterface;
-use Cake\Http\Exception\NotFoundException;
 
 /**
  * Dashboard and common DebugKit backend.
  *
  * @property \DebugKit\Model\Table\RequestsTable $Requests
  */
-class DashboardController extends Controller
+class DashboardController extends DebugKitController
 {
     /**
      * Before filter handler.
      *
      * @param \Cake\Event\EventInterface $event The event.
      * @return void
-     * @throws \Cake\Http\Exception\NotFoundException
      */
     public function beforeFilter(EventInterface $event)
     {
-        // TODO add config override.
-        if (!Configure::read('debug')) {
-            throw new NotFoundException('Not available without debug mode on.');
-        }
+        parent::beforeFilter($event);
 
         $this->viewBuilder()->setLayout('dashboard');
     }

src/Controller/DebugKitController.php

@@ -0,0 +1,56 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link          http://cakephp.org CakePHP(tm) Project
+ * @license       http://www.opensource.org/licenses/mit-license.php MIT License
+ */
+namespace DebugKit\Controller;
+
+use Cake\Controller\Controller;
+use Cake\Core\Configure;
+use Cake\Event\EventInterface;
+use Cake\Http\Exception\NotFoundException;
+use Cake\Log\Log;
+
+/**
+ * DebugKit Controller.
+ */
+class DebugKitController extends Controller
+{
+    /**
+     * Before filter handler.
+     *
+     * @param \Cake\Event\EventInterface $event The event.
+     * @return void
+     * @throws \Cake\Http\Exception\NotFoundException
+     */
+    public function beforeFilter(EventInterface $event)
+    {
+        if (!Configure::read('debug')) {
+            throw new NotFoundException('Not available without debug mode on.');
+        }
+
+        // If CakePHP Authorization\Authorization plugin is enabled,
+        // ignore it, only if `DebugKit.ignoreAuthorization` is set to true
+        $authorizationService = $this->getRequest()->getAttribute('authorization');
+        if ($authorizationService instanceof \Authorization\AuthorizationService) {
+            if (Configure::read('DebugKit.ignoreAuthorization')) {
+                $authorizationService->skipAuthorization();
+            } else {
+                Log::info(
+                    "Cake Authorization plugin is enabled. If you would like " .
+                    "to force DebugKit to ignore it, set `DebugKit.ignoreAuthorization` " .
+                    " Configure option to true."
+                );
+            }
+        }
+    }
+}

src/Controller/MailPreviewController.php

@@ -15,9 +15,7 @@
  */
 namespace DebugKit\Controller;
 
-use Cake\Controller\Controller;
 use Cake\Core\App;
-use Cake\Core\Configure;
 use Cake\Core\Plugin as CorePlugin;
 use Cake\Event\EventInterface;
 use Cake\Http\Exception\NotFoundException;
@@ -32,22 +30,8 @@
  *
  * @property \DebugKit\Model\Table\PanelsTable $Panels
  */
-class MailPreviewController extends Controller
+class MailPreviewController extends DebugKitController
 {
-    /**
-     * Before filter callback.
-     *
-     * @param \Cake\Event\EventInterface $event The beforeFilter event.
-     * @return void
-     * @throws \Cake\Http\Exception\NotFoundException
-     */
-    public function beforeFilter(EventInterface $event)
-    {
-        if (!Configure::read('debug')) {
-            throw new NotFoundException();
-        }
-    }
-
     /**
      * Before render handler.
      *

src/Controller/PanelsController.php

@@ -14,8 +14,6 @@
  */
 namespace DebugKit\Controller;
 
-use Cake\Controller\Controller;
-use Cake\Core\Configure;
 use Cake\Event\EventInterface;
 use Cake\Http\Exception\NotFoundException;
 
@@ -24,7 +22,7 @@
  *
  * @property \DebugKit\Model\Table\PanelsTable $Panels
  */
-class PanelsController extends Controller
+class PanelsController extends DebugKitController
 {
     /**
      * Initialize controller
@@ -36,21 +34,6 @@ public function initialize(): void
         $this->loadComponent('RequestHandler');
     }
 
-    /**
-     * Before filter handler.
-     *
-     * @param \Cake\Event\EventInterface $event The event.
-     * @return void
-     * @throws \Cake\Http\Exception\NotFoundException
-     */
-    public function beforeFilter(EventInterface $event)
-    {
-        // TODO add config override.
-        if (!Configure::read('debug')) {
-            throw new NotFoundException();
-        }
-    }
-
     /**
      * Before render handler.
      *

src/Controller/RequestsController.php

@@ -14,31 +14,24 @@
  */
 namespace DebugKit\Controller;
 
-use Cake\Controller\Controller;
-use Cake\Core\Configure;
 use Cake\Event\EventInterface;
-use Cake\Http\Exception\NotFoundException;
 
 /**
  * Provides access to panel data.
  *
  * @property \DebugKit\Model\Table\RequestsTable $Requests
  */
-class RequestsController extends Controller
+class RequestsController extends DebugKitController
 {
     /**
      * Before filter handler.
      *
      * @param \Cake\Event\EventInterface $event The event.
      * @return void
-     * @throws \Cake\Http\Exception\NotFoundException
      */
     public function beforeFilter(EventInterface $event)
     {
-        // TODO add config override
-        if (!Configure::read('debug')) {
-            throw new NotFoundException();
-        }
+        parent::beforeFilter($event);
 
         $this->response = $this->response->withHeader('Content-Security-Policy', '');
     }

src/Controller/ToolbarController.php

@@ -15,15 +15,12 @@
 namespace DebugKit\Controller;
 
 use Cake\Cache\Cache;
-use Cake\Controller\Controller;
-use Cake\Core\Configure;
-use Cake\Event\EventInterface;
 use Cake\Http\Exception\NotFoundException;
 
 /**
  * Provides utility features need by the toolbar.
  */
-class ToolbarController extends Controller
+class ToolbarController extends DebugKitController
 {
     /**
      * View class
@@ -42,21 +39,6 @@ public function initialize(): void
         $this->loadComponent('RequestHandler');
     }
 
-    /**
-     * Before filter handler.
-     *
-     * @param \Cake\Event\EventInterface $event The event.
-     * @return void
-     * @throws \Cake\Http\Exception\NotFoundException
-     */
-    public function beforeFilter(EventInterface $event)
-    {
-        // TODO add config override.
-        if (!Configure::read('debug')) {
-            throw new NotFoundException();
-        }
-    }
-
     /**
      * Clear a named cache.
      *