NAME
Catalyst::Plugin::Authorization::Roles - Role based authorization for
Catalyst based on Catalyst::Plugin::Authentication.
SYNOPSIS
use Catalyst qw/
Authentication
Authentication::Store::ThatSupportsRoles
Authorization::Roles
/;
sub delete : Local {
my ( $self, $c ) = @_;
$c->assert_user_roles( qw/admin/ ); # only admins can delete
$c->model("Foo")->delete_it();
}
DESCRIPTION
Role based authentication is very simple: every user has a list of
roles, which that user is allowed to assume.
Whenever an area that is restricted for e.g. admins, or members, or any
other role is accessed a check is made to see whether or not the user
has all the required roles.
In this plugin the user objects being checked have the "roles" method
invoked. This method is supposed to return a list of the roles the user
is allowed to assume. The roles may be any item that can be compared
using Set::Object.
For example, if you have a CRUD application, for every mutating action
you probably want to check that the user is allowed to edit. To do this,
create an editor role, and add that role to every user who is allowed to
edit.
sub edit : Local {
my ( $self, $c ) = @_;
$c->assert_user_roles( qw/editor/ );
$c->model("TheModel")->make_changes();
}
METHODS
assert_user_roles [ $user ], @roles
Cheks that the user (as supplied by the first argument, or, if
omitted, "<$c-"user>>) has the specified roles.
If for any reason ("<$c-"user>> is not defined, the user is missing
a role, etc) the check fails, an error is thrown.
check_user_roles [ $user ], @roles
Takes the same args as "assert_user_roles", and performs the same
check, but instead of throwing errors returns a boolean value.
SEE ALSO
Catalyst::Plugin::Authentication
AUTHOR
Yuval Kogman, "nothingmuch@woobling.org"
COPYRIGHT & LICNESE
Copyright (c) 2005 the aforementioned authors. All rights
reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.