Dancer-Plugin-Auth-RBAC
view release on metacpan or search on metacpan
lib/Dancer/Plugin/Auth/RBAC.pm view on Meta::CPAN
if ( session('user')->{id} ) {
return true;
}
}
return false;
};
sub new {
my $class = shift;
my @credentials = @_;
my $credentialsClass =
__PACKAGE__ . "::Credentials::" . $settings->{credentials}->{class};
{
no warnings 'redefine';
$credentialsClass =~ s/::/\//g;
require "$credentialsClass.pm";
$credentialsClass =~ s/\//::/g;
}
my $self = {};
bless $self, $class;
# return $credentialsClass->new
# unless scalar @credentials;
my $user = session('user');
if ($user) {
# reset authentication errors
$user->{error} = [];
}
else {
# initialize user session object
$user = {
id => undef,
name => undef,
login => undef,
roles => [],
error => []
};
}
session 'user' => $user;
#return $credentialsClass->new->authorize($settings->{credentials}->{options}, @credentials)
#? $self : undef;
$credentialsClass->new->authorize($settings->{credentials}->{options}, @credentials);
return $self;
}
sub asa {
my $self = shift;
my $permissionsClass =
__PACKAGE__ . "::Permissions::" . $settings->{permissions}->{class};
{
no warnings 'redefine';
$permissionsClass =~ s/::/\//g;
lib/Dancer/Plugin/Auth/RBAC.pm view on Meta::CPAN
L<Dancer::Plugin::Auth::RBAC::Permissions::Config>. This framework also ship
with L<Dancer::Plugin::Auth::RBAC::Credentials::SQLite>,
L<Dancer::Plugin::Auth::RBAC::Credentials::MySQL>,
L<Dancer::Plugin::Auth::RBAC::Credentials::PostrgeSQL> which are arguably
easier to setup and utilize.
=head1 CONFIGURATION
plugins:
Auth::RBAC:
credentials:
class: Config
options:
accounts:
user01:
password: foobar
roles:
- guest
- user
user02:
password: barbaz
lib/Dancer/Plugin/Auth/RBAC/Credentials.pm view on Meta::CPAN
use Dancer qw/:syntax/;
sub new {
my $class = shift;
my $self = {};
bless $self, $class;
return $self;
}
sub credentials {
my $self = shift;
if (@_) {
return session 'user' => @_;
}
else {
return session('user');
}
}
sub errors {
lib/Dancer/Plugin/Auth/RBAC/Credentials.pm view on Meta::CPAN
my ($self, $options, @arguments) = @_;
my ($login, $password) = @arguments;
...
}
1;
=head1 DESCRIPTION
The Dancer::Plugin::Auth::RBAC::Credentials class should be used as a base class in
your custom credentials/authorization classes. When used as a base class, this
class provides instantiation and simple error handling for your authorization classes.
=head1 AUTHOR
Al Newkirk <awncorp@cpan.org>
=head1 COPYRIGHT AND LICENSE
This software is copyright (c) 2010 by awncorp.
lib/Dancer/Plugin/Auth/RBAC/Credentials/Config.pm view on Meta::CPAN
sub authorize {
my ($self, $options, @arguments) = @_;
my ($login, $password) = @arguments;
my $settings = $Dancer::Plugin::Auth::RBAC::settings;
if ($login) {
# authorize a new account using supplied credentials
my $accounts = $options->{accounts};
unless ($password) {
$self->errors('login and password are required');
return 0;
}
if (defined $accounts->{$login}) {
lib/Dancer/Plugin/Auth/RBAC/Credentials/Config.pm view on Meta::CPAN
if ($accounts->{$login}->{password} =~ /^$password$/) {
my $session_data = {
id => $login,
name => $accounts->{$login}->{name} || ucfirst($login),
login => $login,
roles => [@{$accounts->{$login}->{roles}}],
error => []
};
return $self->credentials($session_data);
}
else {
$self->errors('login and/or password is invalid');
return 0;
}
}
else {
$self->errors('attempting to access as inaccessible account');
lib/Dancer/Plugin/Auth/RBAC/Credentials/Config.pm view on Meta::CPAN
else {
$self->errors('login and/or password is invalid');
return 0;
}
}
else {
# check if current user session is authorized
my $user = $self->credentials;
if (($user->{id} || $user->{login}) && !@{$user->{error}}) {
return $user;
}
else {
$self->errors('you are not authorized', 'your session may have ended');
return 0;
}
lib/Dancer/Plugin/Auth/RBAC/Credentials/Config.pm view on Meta::CPAN
=head2 authorize
The authorize method (found in every authentication class) validates a user against
the defined datastore using the supplied arguments and configuration file options.
=head1 CONFIGURATION
plugins:
Auth::RBAC:
credentials:
class: Config
options:
accounts:
user01:
name: Joe Schmoe
password: foobar
roles:
- guest
- user
user02:
lib/Dancer/Plugin/Auth/RBAC/Credentials/MySQL.pm view on Meta::CPAN
sub authorize {
my ($self, $options, @arguments) = @_;
my ($login, $password) = @arguments;
my $settings = $Dancer::Plugin::Auth::RBAC::settings;
if ($login) {
# authorize a new account using supplied credentials
unless ($password) {
$self->errors('login and password are required');
return 0;
}
my $sth = database($options->{handle})->prepare(
'SELECT * FROM `users` WHERE login = ? AND password = ?',
); $sth->execute($login, $password) if $sth;
lib/Dancer/Plugin/Auth/RBAC/Credentials/MySQL.pm view on Meta::CPAN
my $session_data = {
id => $accounts->{id},
name => $accounts->{name},
login => $accounts->{login},
roles => [
map { $_ =~ s/^\s+|\s+$//; $_ }
split /\,/, $accounts->{roles}
],
error => []
};
return $self->credentials($session_data);
}
else {
$self->errors('login and/or password is invalid');
return 0;
}
}
else {
# check if current user session is authorized
my $user = $self->credentials;
if (($user->{id} || $user->{login}) && !@{$user->{error}}) {
return $user;
}
else {
$self->errors('you are not authorized', 'your session may have ended');
return 0;
}
lib/Dancer/Plugin/Auth/RBAC/Credentials/MySQL.pm view on Meta::CPAN
=head1 CONFIGURATION
plugins:
Database:
driver: 'mysql'
database: 'test'
username: 'root'
password: '****'
Auth::RBAC:
credentials:
class: MySQL
Sometime you might define multiple connections for the Database plugin, make
sure you tell the Auth::RBAC plugin about it... e.g.
plugins:
Database:
foo:
driver: 'sqlite'
database: 'example1.db'
bar:
driver: 'mysql'
database: 'test'
username: 'root'
password: '****'
Auth::RBAC:
credentials:
class: MySQL
options:
handle: bar
Please see L<Dancer::Plugin::Database> for a list of all available connection
options and arguments.
=head1 DATABASE SETUP
# users table (feel free to add more columns as you see fit)
lib/Dancer/Plugin/Auth/RBAC/Credentials/PostgreSQL.pm view on Meta::CPAN
sub authorize {
my ($self, $options, @arguments) = @_;
my ($login, $password) = @arguments;
my $settings = $Dancer::Plugin::Auth::RBAC::settings;
if ($login) {
# authorize a new account using supplied credentials
unless ($password) {
$self->errors('login and password are required');
return 0;
}
my $sth = database($options->{handle})->prepare(
'SELECT * FROM users WHERE login = ? AND password = ?',
); $sth->execute($login, $password) if $sth;
lib/Dancer/Plugin/Auth/RBAC/Credentials/PostgreSQL.pm view on Meta::CPAN
my $session_data = {
id => $accounts->{id},
name => $accounts->{name},
login => $accounts->{login},
roles => [
map { $_ =~ s/^\s+|\s+$//; $_ }
split /\,/, $accounts->{roles}
],
error => []
};
return $self->credentials($session_data);
}
else {
$self->errors('login and/or password is invalid');
return 0;
}
}
else {
# check if current user session is authorized
my $user = $self->credentials;
if (($user->{id} || $user->{login}) && !@{$user->{error}}) {
return $user;
}
else {
$self->errors('you are not authorized', 'your session may have ended');
return 0;
}
lib/Dancer/Plugin/Auth/RBAC/Credentials/PostgreSQL.pm view on Meta::CPAN
=head1 CONFIGURATION
plugins:
Database:
driver: 'Pg'
database: 'test'
username: 'root'
password: '****'
Auth::RBAC:
credentials:
class: PostgreSQL
Sometime you might define multiple connections for the Database plugin, make
sure you tell the Auth::RBAC plugin about it... e.g.
plugins:
Database:
foo:
driver: 'sqlite'
database: 'example1.db'
bar:
driver: 'Pg'
database: 'test'
username: 'root'
password: '****'
Auth::RBAC:
credentials:
class: PostgreSQL
options:
handle: bar
Please see L<Dancer::Plugin::Database> for a list of all available connection
options and arguments.
=head1 DATABASE SETUP
# users table (feel free to add more columns as you see fit)
lib/Dancer/Plugin/Auth/RBAC/Credentials/SQLite.pm view on Meta::CPAN
sub authorize {
my ($self, $options, @arguments) = @_;
my ($login, $password) = @arguments;
my $settings = $Dancer::Plugin::Auth::RBAC::settings;
if ($login) {
# authorize a new account using supplied credentials
unless ($password) {
$self->errors('login and password are required');
return 0;
}
my $dbh = database($options->{handle});
my $sth = $dbh->prepare(
'SELECT * FROM users WHERE login = ? AND password = ?',
); $sth->execute($login, $password) if $sth;
lib/Dancer/Plugin/Auth/RBAC/Credentials/SQLite.pm view on Meta::CPAN
my $session_data = {
id => $accounts->{id},
name => $accounts->{name},
login => $accounts->{login},
roles => [
map { $_ =~ s/^\s+|\s+$//; $_ }
split /\,/, $accounts->{roles}
],
error => []
};
return $self->credentials($session_data);
}
else {
$self->errors('login and/or password is invalid');
return 0;
}
}
else {
# check if current user session is authorized
my $user = $self->credentials;
if (($user->{id} || $user->{login}) && !@{$user->{error}}) {
return $user;
}
else {
$self->errors('you are not authorized', 'your session may have ended');
return 0;
}
lib/Dancer/Plugin/Auth/RBAC/Credentials/SQLite.pm view on Meta::CPAN
The authorize method (found in every authentication class) validates a user against
the defined datastore using the supplied arguments and configuration file options.
=head1 CONFIGURATION
plugins:
Database:
driver: 'sqlite'
database: 'example.db'
Auth::RBAC:
credentials:
class: SQLite
Sometime you might define multiple connections for the Database plugin, make
sure you tell the Auth::RBAC plugin about it... e.g.
plugins:
Database:
foo:
driver: 'sqlite'
database: 'example1.db'
bar:
driver: 'sqlite'
database: 'example2.db'
Auth::RBAC:
credentials:
class: SQLite
options:
handle: foo
Please see L<Dancer::Plugin::Database> for a list of all available connection
options and arguments.
=head1 DATABASE SETUP
# users table (feel free to add more columns as you see fit)
lib/Dancer/Plugin/Auth/RBAC/Permissions.pm view on Meta::CPAN
use Dancer qw/:syntax/;
sub new {
my $class = shift;
my $self = {};
bless $self, $class;
return $self;
}
sub credentials {
my $self = shift;
if (@_) {
return session 'user' => @_;
}
else {
return session('user');
}
}
sub permissions {
lib/Dancer/Plugin/Auth/RBAC/Permissions/Config.pm view on Meta::CPAN
}
use strict;
use warnings;
use base qw/Dancer::Plugin::Auth::RBAC::Permissions/;
sub subject_asa {
my ($self, $options, @arguments) = @_;
my $role = shift @arguments;
my $user = $self->credentials;
my $settings = $class::settings;
if ($role) {
if (grep { /$role/ } @{$user->{roles}}) {
return 1;
}
}
return 0;
}
sub subject_can {
my ($self, $options, @arguments) = @_;
my ($operation, $action) = @arguments;
my $settings = $class::settings;
my $user = $self->credentials;
my $roles = $options->{control};
foreach my $role ( @{$user->{roles}} ) {
if (defined $roles->{$role}->{permissions}) {
my $permissions = $roles->{$role}->{permissions};
if (defined $permissions->{$operation}) {
if ($action) {
t/002_isa.t view on Meta::CPAN
use_ok 'Dancer::Plugin::Auth::RBAC';
}
my $dir = tempdir(CLEANUP => 1);
set appdir => $dir;
my @settings = <DATA>;
set session => "YAML";
set plugins => from_yaml("@settings");
diag 'login and roles tested, no credentials supplied';
my $auth = auth;
ok 'Dancer::Plugin::Auth::RBAC' eq ref $auth, 'instance initiated';
ok $auth->errors, 'has errors, login failed';
ok !$auth->asa('guest'), 'is not a guest';
ok !$auth->asa('user'), 'is not a user';
ok !$auth->asa('admin'), 'is not a admin';
$auth->revoke;
diag 'login and roles tested, fake credentials supplied';
$auth = auth;
ok 'Dancer::Plugin::Auth::RBAC' eq ref $auth, 'instance initiated';
ok $auth->errors, 'has errors, login failed';
ok !$auth->asa('guest'), 'is not a guest';
ok !$auth->asa('user'), 'is not a user';
ok !$auth->asa('admin'), 'is not a admin';
$auth->revoke;
diag 'login and roles tested, real credentials supplied (user)';
$auth = auth('user01', 'foobar');
ok 'Dancer::Plugin::Auth::RBAC' eq ref $auth, 'instance initiated';
ok !$auth->errors, 'login successful, no errors';
ok $auth->asa('guest'), 'is a guest';
ok $auth->asa('user'), 'is a user';
ok !$auth->asa('admin'), 'is not a admin';
$auth->revoke;
diag 'login and roles tested, real credentials supplied (admin)';
$auth = auth('user02', 'barbaz');
ok 'Dancer::Plugin::Auth::RBAC' eq ref $auth, 'instance initiated';
ok !$auth->errors, 'login successful, no errors';
ok !$auth->asa('guest'), 'is not a guest';
ok !$auth->asa('user'), 'is not a user';
ok $auth->asa('admin'), 'is a admin';
$auth->revoke;
__END__
Auth::RBAC:
credentials:
class: Config
options:
accounts:
user01:
password: foobar
roles:
- guest
- user
user02:
password: barbaz
t/003_can.t view on Meta::CPAN
ok !$auth->errors, 'login successful, no errors';
ok $auth->can("manage accounts"), 'user01 can manage accounts';
ok $auth->can("manage accounts", "view"), 'user01 can manage accounts and view';
ok $auth->can("manage accounts", "create"), 'user01 can manage accounts and create';
ok $auth->can("manage accounts", "update"), 'user01 can manage accounts and update';
ok $auth->can("manage accounts", "delete"), 'user01 can manage accounts and delete';
$auth->revoke;
__END__
Auth::RBAC:
credentials:
class: Config
options:
accounts:
user01:
password: foobar
roles:
- guest
- user
user02:
password: barbaz
( run in 0.291 second using v1.01-cache-2.11-cpan-4d50c553e7e )