package EditControlRule;
use Apache2::SiteControl::Rule;
@ISA = qw(Apache2::SiteControl::Rule);
# This rule is going to be used in a system that automatically grants
# permission for everything (via the GrantAllRule). So this rule will
# only worry about what to deny, and the grants method can return whatever.
# Note that writing a deny-based system is inherently more dangerous and
# buggy because of the lack of type-safety. Typos in the HTML components can
# cause a rule to fail to deny an invalid request, which is typically less
# desirable than failing to grant a request. The former is a security hole that
# might get missed; the latter is a bug that gets quickly reported.
sub grants($$$$)
{
return 0;
}
sub denies($$$$)
{
my ($this, $user, $action, $resource) = @_;
return 1 if($action eq "edit" && $user->getUsername ne "admin");
return 0;
}
1;