search

ZF-Commons / zfc-rbac

Role-based access control module to provide additional features on top of Zend\Permissions\Rbac
BSD 3-Clause "New" or "Revised" License
181 stars 111 forks source link

Apigility and ZfcRbac #276

Open chateaux opened 9 years ago

chateaux commented 9 years ago

Hi -

Quick question, I noticed I was getting some forbidden errors when using the Apigility admin gui and the Modules were not being created as anticipated: http://stackoverflow.com/questions/27365197/zf2-apigility-not-creating-new-api

Turns out the ZfcRbac was causing the problem.

I have included the following in my array:

            //API
            'status.rest.status'        => ['guest'],
            'zf-apigility/ui'              => ['guest'],
            'apigility/ui'                 => ['guest'],
            'zf-apigility/admin'         => ['guest'],

Is there a blanket method to give a third party module full access rights? Or do I need to find out every route that ApiGility uses and include them?

bakura10 commented 9 years ago

Ha...

I suppose you are using a guard? I don't know how Apigility works, but isn't there a base root that you could authorize? (like "zf-apigility")?

Also, you could set the policy to "ALLOW" (see here: https://github.com/ZF-Commons/zfc-rbac/blob/master/config/zfc_rbac.global.php.dist#L63) during development, so that if no role is defined for a given route, then it fallback to the protection policy.

chateaux commented 9 years ago

You are 100% right.

What I did to resolve this was to create an autoload file: mydev.local.php and to include the following in it:

<?php return [ 'zfc_rbac' => [ 'protection_policy' => \ZfcRbac\Guard\GuardInterface::POLICY_ALLOW ]

Problem solved. thanks! ];