DebugKit.ignoreAuthorization doesn't work with RequestAuthorization

[mmahgoub]

• enhancement
• feature-discussion (RFC)
• bug

What you did

I've set up a Request Policy as an Authorization Service but the newly added DebugKit.ignoreAuthorization doesn't seem to override the Request Authorization.

What happened

DebugKit toolbar threw a ForbiddenException.

What you expected to happen

DebugKit should bypass Request Authorization logic

This could easily be solved by adding a rule to canAccess function in the RequestPolicy class like so:

class RequestPolicy implements RequestPolicyInterface {

       public function canAccess($identity, ServerRequest $request) {
            if ($request->getParam('plugin') === 'DebugKit') {
                 return true;
            }
        }

}

but this will render DebugKit.ignoreAuthorization useless anyway!

[markstory]

If you are using Request base policies you have to handle skipping authorization yourself right now, as the ignore options have not been implemented for request policies yet.

[mmahgoub]

I would love to help fix this issue!

[markstory]

@mmahgoub That would be great!

[dereuromark]

ping @mmahgoub

[github-actions]

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days