Home · Authors · Recent · News · Mirrors · FAQ · Feedback

in  
Al Newkirk > SweetPea-Application-0.025 > SweetPea::Application::Rbac

Download:
SweetPea-Application-0.025.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.001   Source  

NAME ^

SweetPea::Application::Rbac - Role-Based Access Control for SweetPea-Application.

SYNOPSIS ^

    # Based on a common example
    permissions.yml
    ---
    roles:
      administrator:
        permissions:
          manage accounts:
            operations:
              create account
              update account
              delete account
      manager:
        permissions:
          manager accounts:
            operations:
              create account
      guests:
        permissions:
    
    ... from inside SweetPea::Application or a Controller;
    
    # verify user access
    $s->rbac->authorize($login, $password);
    
    # change user
    $s->rbac->subject($user_id);
    
    # verify target user has permission to perform "create account" operation
    $s->rbac->subject($user_id)->can('/manage accounts/create account');
    
    # change user to default set by authenticate method
    $s->rbac->subject;
    
    # verify has the following role
    $s->rbac->role('administrator');
    $s->rbac->role('guests');
    
    $s->rbac->can('/manage accounts/delete account');

METHODS ^

new

    The new method instantiates a new SweetPea::Application::Rbac object
    which uses Yaml (via SweetPea::Application::Config) to provide methods
    for retrieving authenticating and verifying system access permissions.
    
    $s->plug( 'rbac', sub { return SweetPea::Application::Rbac->new($s); });

authorize

    The authorize method check whether the login and password passed to it
    belong to an active system user, if not report the error.
    
    $s->rbac->authorize($login, $password);

authorized

    The authorized method check whether a user has been authenticated.
    
    if $s->rbac->authorized;

unauthorize

    The unauthorize method revokes the currently authenticated users
    authentication status. (Kinda like a logout function)

override

    The override method re-authenticates as another system user while retaining
    the originally logged in user's credentials. Thie method is useful for
    applications that need to provide a means to temporarily switch accounts.
    
    $s->rbac->override($login, $password);
    
    # change back to the original user
    $s->rbac->override;

subject

    The subject method specifies the user account permissions will be validated
    against using the user id pass to it, if called with no parameters the
    authenticated user's account will be used.
    
    $s->rbac->subject($user_id);
    $s->rbac->subject;

role

    The role method verifies whether the subject (target user) has the role
    specified.
    
    if $s->rbac->role('administrator');

can

    The "can" method verifies whether the subject (target user) has a specific
    permission or has permission to perform a specific action.
    
    # check if subject (target user) has permission generally
    if $s->rbac->can('/manage accounts');
    
    # check if subject (target user) has permission to perform a specific operation
    if $s->rbac->can('/manage accounts/create account');

AUTHOR ^

Al Newkirk, <al.newkirk at awnstudio.com>

syntax highlighting:
92183 Uploads, 27788 Distributions 121220 Modules, 10737 Uploaders
hosted by YellowBot
do. tag. write. share.