The deny_by_default TRUE setting should not block apigility admin

[weierophinney]

array(
    'zf-mvc-auth' => array(
        'deny_by_default' => true
    ),
)

If deny_by_default is set to TRUE, the application home route, Apigility admin, documentation route and the swagger documentation routes are also blocked. Is this really desirable?

If yes, what is an easy way to figure out what all the apigility admin controllers are?

---

Originally posted by @pietervogelaar at zfcampus/zf-mvc-auth#43

[weierophinney]

If anyone is looking for the same, I had to add the following to the configuration to make the Apigility Admin work with deny_by_default TRUE.

'zf-mvc-auth' => array(
        'authentication' => array(),
        'authorization' => array(
            'deny_by_default' => true,
            'Application\\Controller\\Index' => array(
                'actions' => array(
                    'index' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\OAuth2\\Controller\\Auth' => array(
                'actions' => array(
                    'token' => array(
                        'GET'    => false,
                        'POST'   => true,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\App' => array(
                'actions' => array(
                    'app' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\Authentication' => array(
                'actions' => array(
                    'authentication' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Authorization' => array(
                'actions' => array(
                    'authorization' => array(
                        'default' => true,
                    )
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\CacheEnabled' => array(
                'actions' => array(
                    'cacheEnabled' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Config' => array(
                'actions' => array(
                    'process' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\ContentNegotiation' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Dashboard' => array(
                'actions' => array(
                    'dashboard' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\DbAdapter' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Documentation' => array(
                'actions' => array(
                    'index' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Filters' => array(
                'actions' => array(
                    'filters' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\FsPermissions' => array(
                'actions' => array(
                    'fsPermissions' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Hydrators' => array(
                'actions' => array(
                    'hydrators' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\InputFilter' => array(
                'actions' => array(
                    'index' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Module' => array(
                'actions' => array(
                    'list' => array(
                        'default' => true,
                    ),
                ),
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\RestService' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\RpcService' => array(
                'collection' => array(
                    'default' => true,
                ),
                'entity' => array(
                    'default' => true,
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\SettingsDashboard' => array(
                'actions' => array(
                    'settingsDashboard' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Source' => array(
                'actions' => array(
                    'source' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Validators' => array(
                'actions' => array(
                    'validators' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Admin\\Controller\\Versioning' => array(
                'actions' => array(
                    'defaultVersion' => array(
                        'default' => true,
                    ),
                    'versioning' => array(
                        'default' => true,
                    ),
                ),
            ),
            'ZF\\Apigility\\Documentation\\Controller' => array(
                'actions' => array(
                    'show' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
            'ZF\\Apigility\\Documentation\\Swagger\\SwaggerUi' => array(
                'actions' => array(
                    'list' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                    'show' => array(
                        'GET'    => true,
                        'POST'   => false,
                        'PATCH'  => false,
                        'PUT'    => false,
                        'DELETE' => false,
                    ),
                ),
            ),
        ),
    ),

---

Originally posted by @pietervogelaar at zfcampus/zf-mvc-auth#43 (comment)

[weierophinney]

I think MVC-Auth users need to decide whether this default behavior is acceptable and the work around documented.

OR

it's not acceptable and strategizing something else.

Personally I'm rather stuck debugging all these true, false flags.. to the point where I'm locked out of my Apigility service completely.

---

Originally posted by @EMCP at zfcampus/zf-mvc-auth#43 (comment)

[weierophinney]

@pietervogelaar where do you put this array?

---

Originally posted by @EMCP at zfcampus/zf-mvc-auth#43 (comment)

[weierophinney]

I know it's a little bit late, but I think I have a better solution than add all of the zf-apigility-admin's controllers to the config file.
The ideia is to attach a listener to the \ZF\MvcAuth\MvcAuthEvent::EVENT_AUTHORIZATION event in order to allow any request from the zf-apigility-admin.
Here is the listener class itself.
Maybe we could turn this into a pull-request. What you guys say?

use Zend\EventManager\AbstractListenerAggregate;
use Zend\EventManager\EventManagerInterface;
use ZF\MvcAuth\MvcAuthEvent;

/**
 * This listener makes the zf-mvc-auth module allow all requests from zf-apigility-admin-ui when the 'deny_by_default'
 * flag is true.
 */
class AllowAllApigilityRequests extends AbstractListenerAggregate
{
    public function __invoke(MvcAuthEvent $authEvent)
    {
        $mvcEvent   = $authEvent->getMvcEvent();
        $routeMatch = $mvcEvent->getRouteMatch();

        if (!$routeMatch) {
            return;
        }

        if (strpos((string)$routeMatch->getMatchedRouteName(), 'zf-apigility') === 0) {
            /** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */
            $authorization = $authEvent->getAuthorizationService();
            $authorization->allow($authorization->getRoles());
        }
    }

    /**
     * Attach one or more listeners
     *
     * Implementors may add an optional $priority argument; the EventManager
     * implementation will pass this to the aggregate.
     *
     * @param EventManagerInterface $events
     *
     * @return void
     */
    public function attach(EventManagerInterface $events)
    {
        $this->listeners[] = $events->attach(MvcAuthEvent::EVENT_AUTHORIZATION, $this, 2);
    }
}

---

Originally posted by @stavarengo at zfcampus/zf-mvc-auth#43 (comment)