FR: visualization of policies

[PaulHendriks]

With CakePHP2 we used ACL; it was very straightforward to show which role/user is authorized to do 'something'. Now (CakePHP4) we use policies, which have no such visual aspect.

During CakeFest we got a glimpse at the statemachine. A feature that impressed me was the visualization of the UML. Wouldn't it be a great feature to have a visualization component in the authorization plugin?

[dereuromark]

That sure sounds nice. But do you also have some concrete ideas how that would look like?

For me and row base ACL the priority is always a nice GUI and backend, where you can easily select and adjust rules. This by design can already solve this issue in a way, as it provides a good mix of visual result on the rules as well as guidance how to modify. Not sure if you then also need additional vis. tooling.

[PaulHendriks]

We no longer use ACL. We had a simple web interface, in which we could set restrictions on roles/controllers.

If OrmResolver is used, it'd be nice to visualize all classes. Plotted with all rules that apply the class. Request Authorization would need a separate visualization.

Not sure how to visualize the business logic within a Policy. If present, use DocBlock, typehinted parameters and result. Maybe use testcases to generate UML? Maybe that's iffy.. maybe it's two birds one stone?

[dereuromark]

Are you interested in trying this out as a PR?

For tinyauth I added a DebugKit toolbar for it, btw. It shows if the current request is protected or public and what roles have access to it if not public etc. Something similar could also be useful in general for auth plugins maybe.

[PaulHendriks]

I'd be interested to test the PR, if that's what you mean?

The debugkit toolbar addition sounds very convenient indeed.

[github-actions[bot]]

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days