✨ disable authorizations globaly

Author: GautierDele

config/rest.php

@@ -25,4 +25,18 @@
             'authorized_to_force_delete' => 'authorized_to_force_delete',
         ]
     ],
+
+    /*
+|--------------------------------------------------------------------------
+| Rest Authorizations
+|--------------------------------------------------------------------------
+|
+| This is the feature that automatically binds to policies to validate incoming requests.
+| Laravel Rest Api will validate each models searched / mutated / deleted to avoid leaks in your API.
+|
+*/
+
+    'authorizations' => [
+        'enabled' => true
+    ],
 ];

src/Http/Resource.php

@@ -73,6 +73,6 @@ public function isAutomaticGatingEnabled() : bool {
     }
 
     public function isAuthorizingEnabled() : bool {
-        return true;
+        return config('rest.authorizations.enabled');
     }
 }

tests/Feature/Controllers/AutomaticGatingTest.php

@@ -71,6 +71,30 @@ public function test_searching_automatic_gated_resource(): void
         );
     }
 
+    public function test_searching_automatic_gated_resource_with_global_config_disabled(): void
+    {
+        $model = ModelFactory::new()
+            ->create();
+
+        Gate::policy(Model::class, GreenPolicy::class);
+
+        config(['rest.automatic_gates.enabled' => false]);
+
+        $response = $this->post(
+            '/api/automatic-gating/search',
+            [
+
+            ],
+            ['Accept' => 'application/json']
+        );
+
+        $this->assertResourcePaginated(
+            $response,
+            [$model],
+            new AutomaticGatingResource
+        );
+    }
+
     public function test_searching_automatic_gated_resource_with_create_policy(): void
     {
         $model = ModelFactory::new()

tests/Feature/Controllers/NoAuthorizationTest.php

@@ -36,6 +36,30 @@
 
 class NoAuthorizationTest extends TestCase
 {
+    public function test_searching_with_global_authorization_disabled(): void
+    {
+        $model = ModelFactory::new()
+            ->create();
+
+        Gate::policy(Model::class, RedPolicy::class);
+
+        config(['rest.authorizations.enabled' => false]);
+
+        $response = $this->post(
+            '/api/models/search',
+            [
+
+            ],
+            ['Accept' => 'application/json']
+        );
+
+        $this->assertResourcePaginated(
+            $response,
+            [$model],
+            new ModelResource
+        );
+    }
+
     public function test_searching_with_no_authorizations(): void
     {
         $model = ModelFactory::new()