Added PermissionsPanel for DebugKit plugin

Author: rochamarcelo

composer.json

@@ -67,8 +67,8 @@
             "@stan",
             "@psalm"
          ],
-        "cs-check": "phpcs -n -p --standard=vendor/cakephp/cakephp-codesniffer/CakePHP ./src ./tests",
-        "cs-fix": "phpcbf --standard=vendor/cakephp/cakephp-codesniffer/CakePHP ./src ./tests",
+        "cs-check": "phpcs -n -p --standard=vendor/cakephp/cakephp-codesniffer/CakePHP ./src ./tests ./templates",
+        "cs-fix": "phpcbf --standard=vendor/cakephp/cakephp-codesniffer/CakePHP ./src ./tests ./templates",
         "test": "phpunit --stderr",
         "stan": "phpstan analyse src/",
         "psalm": "php vendor/psalm/phar/psalm.phar --show-info=false src/ ",

src/Panel/PermissionsPanel.php

@@ -0,0 +1,86 @@
+<?php
+declare(strict_types=1);
+
+namespace CakeDC\Auth\Panel;
+
+use Cake\Event\EventInterface;
+use CakeDC\Auth\Policy\Result\RbacResult;
+use CakeDC\Auth\Policy\Result\SuperuserResult;
+use DebugKit\DebugPanel;
+
+class PermissionsPanel extends DebugPanel
+{
+    /**
+     * @inheritDoc
+     */
+    public string $plugin = 'CakeDC/Auth';
+
+    /**
+     * @inheritDoc
+     */
+    public function initialize(): void
+    {
+        $this->_data = ['results' => []];
+    }
+
+    /**
+     * Get the events this panels supports.
+     *
+     * @return array<string, mixed>
+     */
+    public function implementedEvents(): array
+    {
+        return [
+            'Controller.shutdown' => 'shutdown',
+            'CakeDC/Auth.DebugKit.Permission.afterResult' => 'afterResult',
+        ];
+    }
+
+    /**
+     * @param \Cake\Event\EventInterface $event
+     * @return void
+     */
+    public function afterResult(EventInterface $event): void
+    {
+        $subject = $event->getSubject();
+        if ($subject instanceof RbacResult) {
+            $this->parseRbacResult($subject);
+
+            return;
+        }
+        if ($subject instanceof SuperuserResult) {
+            $this->parseSuperuserResult($subject);
+        }
+    }
+
+    /**
+     * @param \CakeDC\Auth\Policy\Result\RbacResult $subject
+     * @return void
+     */
+    protected function parseRbacResult(RbacResult $subject): void
+    {
+        $this->_data['results'][] = [
+            'status' => $subject->getStatus(),
+            'reason' => $subject->getReason(),
+            'logReason' => $subject->getPermissionMatchResult()->getLogReason(),
+            'resource' => $subject->getPermissionMatchResult()->getResource(),
+            'permission' => $subject->getPermissionMatchResult()->getPermission(),
+            'type' => 'Rbac',
+        ];
+    }
+
+    /**
+     * @param \CakeDC\Auth\Policy\Result\SuperuserResult $subject
+     * @return void
+     */
+    protected function parseSuperuserResult(SuperuserResult $subject): void
+    {
+        $this->_data['results'][] = [
+            'status' => $subject->getStatus(),
+            'reason' => $subject->getReason(),
+            'resource' => $subject->getResource(),
+            'permission' => null,
+            'type' => 'Superuser',
+        ];
+    }
+}

src/Rbac/Rbac.php

@@ -292,6 +292,7 @@ protected function addExtraResourceKeys(ServerRequestInterface $request, array $
             'query' => $request->getQueryParams(),
             'pass' => $request->getAttribute('params')['pass'] ?? [],
         ];
+
         return $reserved;
     }
 }

templates/element/permissions_panel.php

@@ -0,0 +1,155 @@
+<?php
+/**
+ * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
+ * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ * @link          https://cakephp.org CakePHP(tm) Project
+ * @since         DebugKit 0.1
+ * @license       https://www.opensource.org/licenses/mit-license.php MIT License
+ */
+/**
+ * @var \DebugKit\View\AjaxView $this
+ * @var array $results
+ */
+
+use Cake\Core\Configure;
+use Cake\Error\Debugger;
+use function Cake\Core\h;
+$resourceText = function ($resource) {
+    if (!$resource) {
+        return '';
+    }
+    try {
+        $url = [
+            ...$resource,
+            ...$resource['pass'] ?? [],
+            '?' => $resource['query'] ?? [],
+        ];
+        $url['_ext'] = $url['extension'];
+        unset($url['pass'], $url['role'], $url['query']);
+        $url = $this->Url->build($url);
+        $html = sprintf('<p style="margin-top: 5px;">Url: <a href="%s" target="_blank">%s</a></p>', $url, $url);
+    } catch (Throwable) {
+        $html = '<p style="margin-top: 5px;">Can\' create url</p>';
+    }
+
+    $html = $this->Toolbar->dumpNode(Debugger::exportVarAsNodes($resource)) . $html;
+
+    return $html;
+}
+?>
+<style>
+    .permission-panel .permission-failed {
+        background: #ffead5;
+    }
+    .permission-panel .is-active {
+        background-color: var(--routes-btn-active-bg);
+        color: var(--routes-btn-active-text);
+        border-color: var(--routes-btn-active-border);
+        box-shadow: 0 2px 0 var(--routes-btn-active-border);
+    }
+</style>
+<div class="permission-panel">
+    <?php
+    $msg = 'This table shows all permissions results from CollectionPolicy (CakeDC/Auth plugin)';
+    printf('<p class="c-flash c-flash--info">%s</p>', $msg);
+    ?>
+    <?php if (!Configure::read('CakeDC/Auth.DebugKit.PermissionPanel.enabled')) :?>
+        <p class="c-flash c-flash--info">Permissions are not being collected, please update the config:
+        <br /><br />
+        <code>Configure::write('CakeDC/Auth.DebugKit.PermissionPanel.enabled', true);</code>
+        </p>
+    <?php endif;?>
+    <section>
+        <button type="button" data-name="all" class="permission-btn-filter o-button is-active" onclick="PermissionPanel.displayAll()">
+            All
+        </button>
+        <button type="button" data-name="only-allowed" class="permission-btn-filter o-button" onclick="PermissionPanel.displayOnlyAllowed()">
+            Only Allowed
+        </button>
+        <button type="button" data-name="only-not-allowed" class="permission-btn-filter o-button" onclick="PermissionPanel.displayOnlyNotAllowed()">
+            Only Not Allowed
+        </button>
+        <h4>Total shown: <span id="totalShownNumber"><?= count($results)?></span></h4>
+        <table>
+            <thead>
+            <tr>
+                <th>Type</th>
+                <th>Allowed</th>
+                <th>Resource</th>
+                <th>Permission</th>
+                <th>Reason</th>
+            </tr>
+            </thead>
+            <tbody id="permissionResultsData">
+            <?php foreach ($results as $resultItem) : ?>
+                <tr data-allowed="<?= (int)$resultItem['status']?>" class="<?= $resultItem['status'] ? '' : 'permission-failed'?>">
+                    <td><?= h($resultItem['type']) ?></td>
+                    <td><?= $resultItem['status'] ? 'Yes' : 'No' ?></td>
+                    <td><?= $resourceText($resultItem['resource']) ?></td>
+                    <td><?= $this->Toolbar->dumpNode(Debugger::exportVarAsNodes($resultItem['permission'])) ?></td>
+                    <td>
+                        <?php if (!$resultItem['status']) :?>
+                            <p><?= h($resultItem['reason']) ?></p>
+                        <?php endif;?>
+                        <?php if (!$resultItem['status'] && isset($resultItem['logReason'])) :?>
+                            Log Reason: <?= h($resultItem['logReason']) ?>
+                        <?php endif;?>
+                    </td>
+                </tr>
+            <?php endforeach; ?>
+            </tbody>
+        </table>
+    </section>
+</div>
+<script>
+    var PermissionPanel = (function() {
+        function updateSelectedFilter (selectedName) {
+            document.querySelectorAll(".permission-panel .permission-btn-filter").forEach(function(item) {
+                item.classList.remove('is-active');
+                if (item.dataset.name === selectedName) {
+                    item.classList.add('is-active');
+                }
+            });
+        }
+        function displayHideItems (check) {
+            var totalShown = 0;
+            document.querySelectorAll("#permissionResultsData > tr").forEach(function (item) {
+                if (typeof item.dataset === 'undefined') {
+                    return;
+                }
+                let allowed = item.dataset.allowed || '0';
+                let show = check(allowed);
+                if (show) {
+                    totalShown++;
+                }
+                item.style.display = show ? 'table-row' : 'none';
+            });
+            document.getElementById('totalShownNumber').innerText = '' + totalShown;
+        }
+        return {
+            displayAll: function() {
+                displayHideItems(function() {
+                    return true;
+                })
+                updateSelectedFilter('all');
+            },
+            displayOnlyAllowed() {
+                displayHideItems(function(allowed) {
+                    return allowed === '1';
+                })
+                updateSelectedFilter('only-allowed');
+            },
+            displayOnlyNotAllowed() {
+                displayHideItems(function(allowed) {
+                    return allowed === '0';
+                })
+                updateSelectedFilter('only-not-allowed');
+            }
+        };
+    })();
+</script>

tests/TestCase/Rbac/RbacTest.php

@@ -1210,7 +1210,7 @@ public function testBadPermission($permissions, $user, $requestParams, $expected
         $rbac
             ->expects($this->once())
             ->method('log')
-            ->with($this->callback(function($message) use ($expectedMsg) {
+            ->with($this->callback(function ($message) use ($expectedMsg) {
                 $this->assertStringStartsWith($expectedMsg, $message);
 
                 return true;