package ACLTestApp;
use strict;
use warnings;
no warnings 'uninitialized';
use Catalyst qw/
Session
Session::Store::Dummy
Session::State::Cookie
Authentication
Authentication::Store::Minimal
Authentication::Credential::Password
Authorization::Roles
Authorization::ACL
/;
use Catalyst::Plugin::Authorization::ACL::Engine qw/$DENIED $ALLOWED/;
__PACKAGE__->config(
authentication => {
users => {
foo => {
password => "bar",
os => "windows",
},
gorch => {
password => "moose",
roles => [qw/child/],
os => "linux",
},
quxx => {
password => "ding",
roles => [qw/zoo_worker moose_trainer/],
os => "osx",
},
},
},
acl => {
deny => ["/restricted"],
}
);
__PACKAGE__->setup;
__PACKAGE__->allow_access_if("/", sub { 1 }); # just to test that / can be applied to
__PACKAGE__->deny_access_unless_any("/lioncage", [qw/zoo_worker lion_tamer/]);
# this now in config
# __PACKAGE__->deny_access_unless("/restricted", sub { 0 }); # no one can access
__PACKAGE__->deny_access_unless("/zoo", sub {
my ( $c, $action ) = @_;
$c->user;
}); # only people who have bought a ticket can enter
__PACKAGE__->deny_access_unless("/zoo/rabbit", ["child"]); # the petting zoo is for children
__PACKAGE__->deny_access_unless("/zoo/moose", [qw/moose_trainer/]);
__PACKAGE__->acl_add_rule("/zoo/penguins/tux", sub {
my ( $c, $action ) = @_;
my $user = $c->user;
die ( ( $user && $user->os eq "linux" ) ?
$Catalyst::Plugin::Authorization::ACL::Engine::ALLOWED :
$Catalyst::Plugin::Authorization::ACL::Engine::DENIED );
});
__PACKAGE__->allow_access_if("/zoo/penguins/madagascar", sub {
my ( $c, $action ) = @_;
my $user = $c->user;
$user && $user->os ne "windows";
});
__PACKAGE__