Ignore authorization plugin only if set in config

Author: Erwane

docs/en/index.rst

@@ -44,12 +44,14 @@ Configuration
     // Allow e.g. http://foo.bar.dev or http://my-shop.local domains locally
     Configure::write('DebugKit.safeTld', ['dev', 'local', 'example']);
 
-* ``DebugKit.forceEnable`` - Force DebugKit to display. Careful with this, it is usually 
+* ``DebugKit.forceEnable`` - Force DebugKit to display. Careful with this, it is usually
   safer to simply whitelist your local TLDs. Example usage::
 
     // Before loading DebugKit
     Configure::write('DebugKit.forceEnable', true);
 
+* ``DebugKit.ignoreAuthorization`` - Set to true to ignore Cake Authorization plugin for DebugKit requests. Disabled by default.
+
 Database Configuration
 ----------------------
 
@@ -77,7 +79,7 @@ connection in your **config/app.php** file. For example::
         //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
     ],
 
-You can safely remove the **tmp/debug_kit.sqlite** file at any point. 
+You can safely remove the **tmp/debug_kit.sqlite** file at any point.
 DebugKit will regenerate it when necessary.
 
 Toolbar Usage

docs/fr/index.rst

@@ -30,6 +30,11 @@ Ensuite, vous devez activer le plugin en exécutant la ligne suivante::
 
     bin/cake plugin load DebugKit
 
+Configuration
+=============
+
+* ``DebugKit.ignoreAuthorization`` - Définie à true pour ignorer le plugin Cake Authorization uniquement pour les requêtes DebugKit. Par défaut à false.
+
 Stockage de DebugKit
 ====================
 

src/Controller/DebugKitController.php

@@ -15,6 +15,7 @@
 use Cake\Controller\Controller;
 use Cake\Core\Configure;
 use Cake\Event\Event;
+use Cake\Log\Log;
 use Cake\Http\Exception\NotFoundException;
 
 /**
@@ -31,15 +32,23 @@ class DebugKitController extends Controller
      */
     public function beforeFilter(Event $event)
     {
-        // TODO add config override.
         if (!Configure::read('debug')) {
             throw new NotFoundException('Not available without debug mode on.');
         }
 
-        // Skip authorization for DebuKit requests
+        // If CakePHP Authorization\Authorization plugin is enabled,
+        // ignore it, only if `DebugKit.ignoreAuthorization` is set to true
         $authorizationService = $this->getRequest()->getAttribute('authorization');
         if ($authorizationService instanceof \Authorization\AuthorizationService) {
-            $authorizationService->skipAuthorization();
+            if (Configure::read('DebugKit.ignoreAuthorization')) {
+                $authorizationService->skipAuthorization();
+            } else {
+                Log::info(
+                    "Cake Authorization plugin is enabled. If you would like " .
+                    "to force DebugKit to ignore it, set `DebugKit.ignoreAuthorization` " .
+                    " Configure option to true."
+                );
+            }
         }
     }
 }

tests/TestCase/Controller/DebugKitControllerTest.php

@@ -47,12 +47,12 @@ public function testDebugDisabled()
     }
 
     /**
-     * tests authorization is checked to avoid
-     * AuthorizationRequiredException throwned
+     * Build controller with AuthorizationService
+     * in request attribute
      *
-     * @return void
+     * @return DebugKit\Controller\DebugKitController
      */
-    public function testSkipAuthorization()
+    private function _buildController()
     {
         $request = new ServerRequest(['url' => '/debug-kit/']);
 
@@ -61,9 +61,35 @@ public function testSkipAuthorization()
 
         $request = $request->withAttribute('authorization', $authorization);
 
-        $controller = new DebugKitController($request, new Response());
+        return new DebugKitController($request, new Response());
+    }
+
+    /**
+     * tests authorization is enabled but not ignored
+     *
+     * @return void
+     */
+    public function testDontIgnoreAuthorization()
+    {
+        $controller = $this->_buildController();
         $event = new Event('testing');
+        $controller->beforeFilter($event);
 
+        $this->assertFalse($controller->getRequest()->getAttribute('authorization')->authorizationChecked());
+    }
+
+    /**
+     * tests authorization is checked to avoid
+     * AuthorizationRequiredException throwned
+     *
+     * @return void
+     */
+    public function testIgnoreAuthorization()
+    {
+        Configure::write('DebugKit.ignoreAuthorization', true);
+
+        $controller = $this->_buildController();
+        $event = new Event('testing');
         $controller->beforeFilter($event);
 
         $this->assertTrue($controller->getRequest()->getAttribute('authorization')->authorizationChecked());