Fix up authorization plugin support

dereuromark · dereuromark · commit 7ae8707cb04b · 2025-02-24T21:29:46.000+01:00
diff --git a/config/auth_acl.default.ini b/config/auth_acl.default.ini
@@ -1,15 +1,13 @@
 ; If you use plugins like dereuromark/cakephp-databaselog
-[DatabaseLog.admin/DatabaseLog]
+[DatabaseLog.Admin/DatabaseLog]
 * = admin
-[DatabaseLog.admin/Logs]
+[DatabaseLog.Admin/Logs]
 * = admin
 
 ; If you use dereuromark/cakephp-queue
-[Queue.admin/Queue]
+[Queue.Admin/Queue]
 * = admin
-[Queue.admin/QueuedJobs]
+[Queue.Admin/QueuedJobs]
 * = admin
-[Queue.admin/QueueProcesses]
+[Queue.Admin/QueueProcesses]
 * = admin
-
-; ...
diff --git a/config/auth_allow.default.ini b/config/auth_allow.default.ini
@@ -8,6 +8,7 @@ Users = login,logout
 DebugKit.Dashboard = *
 DebugKit.Requests = *
 DebugKit.Panels = *
+DebugKit.Toolbar = *
 
 ; If you use cakedc/mixer as require-dev
 CakeDC/Mixer.Mixer
diff --git a/docs/AuthorizationPlugin.md b/docs/AuthorizationPlugin.md
@@ -26,7 +26,7 @@ $middlewareQueue->add(new AuthorizationMiddleware($this, [
 ]));
 $middlewareQueue->add(new RequestAuthorizationMiddleware([
     'unauthorizedHandler' => [
-        'className' => 'TinyAuth.Redirect',
+        'className' => 'TinyAuth.ForbiddenRedirect',
         'url' => '...',
         'unauthorizedMessage' => '...',
     ],
diff --git a/src/Auth/AclAdapter/AclAdapterInterface.php b/src/Auth/AclAdapter/AclAdapterInterface.php
@@ -8,7 +8,7 @@ interface AclAdapterInterface {
 	 * Generates and returns a TinyAuth access control list.
 	 *
 	 * @param array $availableRoles A list of available user roles.
-	 * @param array $config Current TinyAuth configuration values.
+	 * @param array<string, mixed> $config Current TinyAuth configuration values.
 	 *
 	 * @return array
 	 */
diff --git a/src/Auth/AclTrait.php b/src/Auth/AclTrait.php
@@ -83,8 +83,8 @@ protected function _loadAclAdapter($adapter) {
 	 *
 	 * Allows single or multi role based authorization
 	 *
-	 * @param array $user User data
-	 * @param array $params Request params
+	 * @param array<string, mixed> $user User data
+	 * @param array<string, mixed> $params Request params
 	 * @throws \Cake\Core\Exception\CakeException
 	 * @return bool Success
 	 */
@@ -110,7 +110,7 @@ protected function _checkUser(array $user, array $params) {
 			}
 		}
 
-		// Give any logged in user access to ALL actions when `allowLoggedIn` is
+		// Give any logged-in user access to ALL actions when `allowLoggedIn` is
 		// enabled except when the `protectedPrefix` is being used.
 		if ($this->getConfig('allowLoggedIn')) {
 			if (empty($params['prefix'])) {
@@ -516,7 +516,7 @@ protected function _getRolesFromDb(string $rolesTableKey): array {
 	 * @throws \Cake\Core\Exception\CakeException
 	 * @return array<string, int|string> List with all role ids belonging to the user
 	 */
-	protected function _getUserRoles($user) {
+	protected function _getUserRoles(array $user) {
 		// Single-role from session
 		if (!$this->getConfig('multiRole')) {
 			$roleColumn = $this->getConfig('roleColumn');
@@ -531,7 +531,9 @@ protected function _getUserRoles($user) {
 				return [];
 			}
 
-			return $this->_mapped([$user[$this->getConfig('roleColumn')]]);
+			$role = $user[$this->getConfig('roleColumn')];
+
+			return $this->_mapped([$role]);
 		}
 
 		// Multi-role from session
diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php
@@ -31,7 +31,7 @@ class TinyAuthorize extends BaseAuthorize {
 
 	/**
 	 * @param \Cake\Controller\ComponentRegistry $registry
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 * @throws \Cake\Core\Exception\CakeException
 	 */
 	public function __construct(ComponentRegistry $registry, array $config = []) {
diff --git a/src/Controller/Component/AuthComponent.php b/src/Controller/Component/AuthComponent.php
@@ -20,7 +20,7 @@ class AuthComponent extends LegacyAuthComponent {
 
 	/**
 	 * @param \Cake\Controller\ComponentRegistry $registry
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 * @throws \RuntimeException
 	 */
 	public function __construct(ComponentRegistry $registry, array $config = []) {
@@ -39,7 +39,7 @@ public function __construct(ComponentRegistry $registry, array $config = []) {
 	}
 
 	/**
-	 * @param array $config The config data.
+	 * @param array<string, mixed> $config The config data.
 	 * @return void
 	 */
 	public function initialize(array $config): void {
diff --git a/src/Controller/Component/AuthUserComponent.php b/src/Controller/Component/AuthUserComponent.php
@@ -21,7 +21,7 @@ class AuthUserComponent extends Component {
 
 	/**
 	 * @param \Cake\Controller\ComponentRegistry $registry
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 */
 	public function __construct(ComponentRegistry $registry, array $config = []) {
 		$config += Config::all();
diff --git a/src/Controller/Component/AuthenticationComponent.php b/src/Controller/Component/AuthenticationComponent.php
@@ -24,7 +24,7 @@ class AuthenticationComponent extends CakeAuthenticationComponent {
 
 	/**
 	 * @param \Cake\Controller\ComponentRegistry $registry
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 * @throws \RuntimeException
 	 */
 	public function __construct(ComponentRegistry $registry, array $config = []) {
diff --git a/src/Controller/Component/AuthorizationComponent.php b/src/Controller/Component/AuthorizationComponent.php
@@ -29,7 +29,7 @@ class AuthorizationComponent extends CakeAuthorizationComponent {
 
 	/**
 	 * @param \Cake\Controller\ComponentRegistry $registry
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 * @throws \RuntimeException
 	 */
 	public function __construct(ComponentRegistry $registry, array $config = []) {
diff --git a/src/Middleware/RequestAuthorizationMiddleware.php b/src/Middleware/RequestAuthorizationMiddleware.php
@@ -29,7 +29,7 @@ class RequestAuthorizationMiddleware extends PluginRequestAuthorizationMiddlewar
 	use AllowTrait;
 
 	/**
-	 * @param array $config Configuration options
+	 * @param array<string, mixed> $config Configuration options
 	 */
 	public function __construct(array $config = []) {
 		$config += Config::all();
diff --git a/src/Middleware/UnauthorizedHandler/ForbiddenRedirectHandler.php b/src/Middleware/UnauthorizedHandler/ForbiddenRedirectHandler.php
@@ -5,15 +5,14 @@
 
 use Authorization\Exception\Exception;
 use Authorization\Exception\ForbiddenException;
-use Authorization\Exception\MissingIdentityException;
-use Authorization\Middleware\UnauthorizedHandler\RedirectHandler as CakeRedirectHandler;
+use Authorization\Middleware\UnauthorizedHandler\RedirectHandler;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
 /**
  * This handler will redirect the response if one of configured exception classes is encountered.
  */
-class RedirectHandler extends CakeRedirectHandler {
+class ForbiddenRedirectHandler extends RedirectHandler {
 
 	/**
 	 * Default config:
@@ -27,11 +26,10 @@ class RedirectHandler extends CakeRedirectHandler {
 	 */
 	protected array $defaultOptions = [
 		'exceptions' => [
-			MissingIdentityException::class,
 			ForbiddenException::class,
 		],
-		'url' => '/login',
-		'queryParam' => 'redirect',
+		'url' => '/',
+		'queryParam' => null,
 		'statusCode' => 302,
 		'unauthorizedMessage' => null,
 	];
diff --git a/src/Policy/RequestPolicy.php b/src/Policy/RequestPolicy.php
@@ -21,13 +21,13 @@ class RequestPolicy implements RequestPolicyInterface {
 	use InstanceConfigTrait;
 
 	/**
-	 * @var array
+	 * @var array<string, mixed>
 	 */
 	protected array $_defaultConfig = [
 	];
 
 	/**
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 */
 	public function __construct(array $config = []) {
 		$config += Config::all();
diff --git a/src/Utility/Cache.php b/src/Utility/Cache.php
@@ -98,7 +98,7 @@ public static function key(string $type): string {
 	}
 
 	/**
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 * @throws \Cake\Core\Exception\CakeException
 	 * @return void
 	 */
diff --git a/src/Utility/TinyAuth.php b/src/Utility/TinyAuth.php
@@ -19,7 +19,7 @@ class TinyAuth {
 	];
 
 	/**
-	 * @param array $config
+	 * @param array<string, mixed> $config
 	 */
 	public function __construct(array $config = []) {
 		$config += Config::all();
diff --git a/src/View/Helper/AuthUserHelper.php b/src/View/Helper/AuthUserHelper.php
@@ -29,7 +29,7 @@ class AuthUserHelper extends Helper {
 
 	/**
 	 * @param \Cake\View\View $View The View this helper is being attached to.
-	 * @param array $config Configuration settings for the helper.
+	 * @param array<string, mixed> $config Configuration settings for the helper.
 	 */
 	public function __construct(View $View, array $config = []) {
 		$config += Config::all();

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ interface AclAdapterInterface {`
`8`	`8`	`* Generates and returns a TinyAuth access control list.`
`9`	`9`	`*`
`10`	`10`	`* @param array $availableRoles A list of available user roles.`
`11`		`- * @param array $config Current TinyAuth configuration values.`
	`11`	`+ * @param array<string, mixed> $config Current TinyAuth configuration values.`
`12`	`12`	`*`
`13`	`13`	`* @return array`
`14`	`14`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -83,8 +83,8 @@ protected function _loadAclAdapter($adapter) {`
`83`	`83`	`*`
`84`	`84`	`* Allows single or multi role based authorization`
`85`	`85`	`*`
`86`		`- * @param array $user User data`
`87`		`- * @param array $params Request params`
	`86`	`+ * @param array<string, mixed> $user User data`
	`87`	`+ * @param array<string, mixed> $params Request params`
`88`	`88`	`* @throws \Cake\Core\Exception\CakeException`
`89`	`89`	`* @return bool Success`
`90`	`90`	`*/`
`@@ -110,7 +110,7 @@ protected function _checkUser(array $user, array $params) {`
`110`	`110`	`}`
`111`	`111`	`}`
`112`	`112`
`113`		- // Give any logged in user access to ALL actions when `allowLoggedIn` is
	`113`	+ // Give any logged-in user access to ALL actions when `allowLoggedIn` is
`114`	`114`	// enabled except when the `protectedPrefix` is being used.
`115`	`115`	`if ($this->getConfig('allowLoggedIn')) {`
`116`	`116`	`if (empty($params['prefix'])) {`
`@@ -516,7 +516,7 @@ protected function _getRolesFromDb(string $rolesTableKey): array {`
`516`	`516`	`* @throws \Cake\Core\Exception\CakeException`
`517`	`517`	`* @return array<string, int\|string> List with all role ids belonging to the user`
`518`	`518`	`*/`
`519`		`- protected function _getUserRoles($user) {`
	`519`	`+ protected function _getUserRoles(array $user) {`
`520`	`520`	`// Single-role from session`
`521`	`521`	`if (!$this->getConfig('multiRole')) {`
`522`	`522`	`$roleColumn = $this->getConfig('roleColumn');`
`@@ -531,7 +531,9 @@ protected function _getUserRoles($user) {`
`531`	`531`	`return [];`
`532`	`532`	`}`
`533`	`533`
`534`		`- return $this->_mapped([$user[$this->getConfig('roleColumn')]]);`
	`534`	`+ $role = $user[$this->getConfig('roleColumn')];`
	`535`	`+`
	`536`	`+ return $this->_mapped([$role]);`
`535`	`537`	`}`
`536`	`538`
`537`	`539`	`// Multi-role from session`