Chris Winters > SPOPS > SPOPS::Security::DBI

Download:
SPOPS-0.87.tar.gz

Annotate this POD

CPAN RT

New  1
Open  0
View/Report Bugs
Source  

NAME ^

SPOPS::Security::DBI - Implement a security object and basic operations for DBI datasources

SYNOPSIS ^

 # Define your implementation and create the class

 my %config = (
   'security' => {
      class          => 'My::Security',
      isa            => [ 'SPOPS::Secure::DBI', 'SPOPS::DBI' ],
      rules_from     => [ 'SPOPS::Tool::DBI::DiscoverField' ],
      field_discover => 'yes',
      field          => [],
      id_field       => 'sid',
      increment_field => 1,
      sequence_name  => 'sp_security_seq',
      no_insert      => [ qw/ sid / ],
      skip_undef     => [ qw/ object_id scope_id / ],
      no_update      => [ qw/ sid object_id class scope scope_id / ],
      base_table     => 'spops_security',
      sql_defaults   => [ qw/ object_id scope_id / ],
   },
 );

 SPOPS::Initialize->process({ config => \%config });

 # Create a security object with security level WRITE for user $user
 # on object $obj

 my $sec = My::Security->new();
 $sec->{class}          = ref $obj;
 $sec->{object_id}      = $obj->id;
 $sec->{scope}          = SEC_SCOPE_USER;
 $sec->{scope_id}       = $user->id;
 $sec->{security_level} = SEC_LEVEL_WRITE;
 $sec->save;

 # Clone that object and change its scope to GROUP and level to READ

 my $secg = $sec->clone({ scope          => SEC_SCOPE_GROUP,
                          scope_id       => $group->id,
                          security_level => SEC_LEVEL_READ });
 $secg->save;

 # Find security settings for a particular object ($spops) and user

 my $settings = My::Security->fetch_by_object(
                                        $spops,
                                        { user => [ $user ] } );
 foreach my $scope ( keys %{ $settings } ) {
   print "Security for scope $scope: $settings{ $scope }\n";
 }

 # See if there are any security objects protecting a particular SPOPS
 # object ($spops) related to a particular user (this isn't used as
 # often as 'fetch_by_object')

 use SPOPS::Secure qw( SEC_SCOPE_USER );

 my $sec_obj = My::Security->fetch_match( $spops,
                                          { scope    => SEC_SCOPE_USER,
                                            scope_id => $user->id } );

DESCRIPTION ^

This class implements the methods necessary to create a DBI datastore for security objects. See SPOPS::Manual::Security for a definition of the interface in broader terms.

Each security setting to an object is itself an object. In this manner we can use the SPOPS framework to create/edit/remove security settings. (Note that if you modify this class to use 'SPOPS::Secure' in its @ISA, you will probably collapse the Earth -- or at least your system -- in a self-referential object definition cycle. Do not do that.)

METHODS ^

fetch_by_object( $obj, [ { user => \@, group => \@ } ] )

Returns a hashref with security information for a particular object. The keys of the hashref are SEC_SCOPE_WORLD, SEC_SCOPE_USER, and SEC_SCOPE_GROUP as exported by SPOPS::Secure.

You can restrict the security returned for USER and/or GROUP by passing an arrayref of objects or ID values under the 'user' or 'group' keys.

Examples:

 my \%info = $sec->fetch_by_object( $obj );

Returns all security information for $obj.

 my \%info = $sec->fetch_by_object( $obj, { user  => 2,
                                            group => [ 817, 901, 716 ] } );

Returns $obj security information for WORLD, USER 2 and GROUPs 817, 901, 716.

 my $current_user = My::Object->global_user_current;
 my \%info = $sec->fetch_by_object( undef, { class     => 'My::Object',
                                             object_id => 'dandelion',
                                             user      => $user,
                                             group     => $user->group } );

Returns security information for the object of class My::Object with the ID dandelion for the current user and the user's groups.

fetch_match( $obj, { scope => SCOPE, scope_id => $ } )

Returns a security object matching the $obj for the scope and scope_id passed in, undef if none found.

Examples:

 my $sec_class = 'My::Security';

 # Returns security object matching $obj with a scope of WORLD

 my $secw = $sec_class->fetch_match( $obj,
                                     { scope => SEC_SCOPE_WORLD } );

 # Returns security object matching $obj with a scope of GROUP
 # matching the ID from $group
 my $secg = $sec_class->fetch_match( $obj,
                                     { scope    => SEC_SCOPE_GROUP,
                                       scope_id => $group->id } );

 # Returns security object matching $obj with a scope of USER
 # matching the ID from $user
 my $secg = $sec_class->fetch_match( $obj, scope => SEC_SCOPE_USER,
                                     scope_id => $user->id );

TO DO ^

Nothing known.

BUGS ^

None known.

COPYRIGHT ^

Copyright (c) 2001-2004 intes.net, inc.. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHORS ^

Chris Winters <chris@cwinters.com>

syntax highlighting: