package Apache2::SiteControl::GrantAllRule;
use 5.008;
use strict;
use warnings;
use Carp;
use Carp::Assert;
use Apache2::SiteControl::Rule;
use base qw(Apache2::SiteControl::Rule);
sub new {
my $proto = shift;
my $class = ref($proto) || $proto;
my $this = { };
bless ($this, $class);
return $this;
}
sub grants($$$$)
{
my $this = shift;
my $user = shift;
my $action = shift;
my $resource = shift;
return "Default is to allow";
}
sub denies($$$$)
{
my $this = shift;
my $user = shift;
my $action = shift;
my $resource = shift;
return 0;
}
1;
__END__
=head1 NAME
Apache2::SiteControl::GrantAllRule - A rule that grants permission to do everything.
=head1 SYNOPSIS
In your instance of a ManagerFactory:
=over 4
use Apache2::SiteControl::GrantAllRule;
...
sub getPermissionManager
{
...
$manager->addRule(new Apache2::SiteControl::GrantAllRule);
...
return $manager;
}
=back
=head1 DESCRIPTION
Apache2::SiteControl::GrantAllRule is a pre-built rule that grants access for
all permission requests. This rule can be used to help implement a system that
has a default policy of allowing access, and to which you add rules that deny
access for specific cases.
Note that the loose type checking of Perl makes this inherently dangerous,
since a typo is likely to fail to deny access. It is recommended that you
take the opposite approach with your rules, since a typo will err on the
side of denying access. The former is a security hole, the latter is a bug
that people will complain about (so you can fix it).
=head1 SEE ALSO
Apache2::SiteControl::ManagerFactory, Apache::SiteControl::PermissionManager,
Apache2::SiteControl::Rule
=head1 AUTHOR
This module was written by Tony Kay, E<lt>tkay@uoregon.eduE<gt>.
=head1 COPYRIGHT AND LICENSE
=cut