NAME

Apache2::AuthzCaps - mod_perl2 capability authorization

SYNOPSIS

  use Apache2::AuthzCaps qw/setcap hascaps/;
  $Apache2::AuthzCaps::rootdir = "/path/to/user/directory"
  setcap marius => deleteusers => 1; # Grant marius the deleteusers capability
  setcap marius => createusers => 0;
  hascaps marius => qw/deleteusers/; # returns 1, since marius can delete users
  hascaps marius => qw/deleteusers createusers/; # returns 0, since marius can delete users but cannot create users

  # In Apache2 config
  <Location /protected>
    # Insert authentication here
    PerlAuthzHandler Apache2::AuthzCaps
    PerlSetVar AuthzCapsRootdir /path/to/user/directory
    Require cap staff important
    Require cap admin
  </Location>
  # This will:
  # 1) Let important staff members access /protected
  # 2) Let admins access /protected
  # 3) Not let anyone else (such as an important non-staff member or an non-important staff member) access /protected

DESCRIPTION

Apache2::AuthzCaps is a perl module which provides simple Apache2 capability-based authorization. It contains a PerlAuthzHandler and some utility functions.

The user data is stored in YAML files in a user-set directory. Set this directory using:

  $Apache2::AuthzCaps::rootdir = "/path/to/directory"; # From perl
  PerlSetVar AuthzCapsRootdir /path/to/directory # From Apache2 config

FUNCTIONS

setcap($username, $capability, $value)

If $value is true, grants $username the $capability capability. Otherwise denies $username that capability.

hascaps($username, $cap, ...)

Returns true if and only of $username has ALL of the listed capabilities. Dies if $username does not exist.

handler

The PerlAuthzHandler for use in apache2.

AUTHOR

Marius Gavrilescu, <marius@ieval.ro>

COPYRIGHT AND LICENSE

Copyright (C) 2013 by Marius Gavrilescu

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.14.2 or, at your option, any later version of Perl 5 you may have available.