view release on metacpan or  search on metacpan

README  view on Meta::CPAN

        will throw an error.

    Predicate Code Reference / Method Name
        The code reference or method is invoked with the context and the
        action objects. The boolean return value will determine the behavior
        of the rule.

            __PACKAGE__->allow_access_if( "/gorch", sub { ... } );
            __PACKAGE__->deny_access_unless( "/moose", "method_name" );

        When specifying a method name the rule engine ensures that it can be
        invoked using "can" in UNIVERSAL.

    Constant
        You can use "undef", 0 and '' to use as a constant false predicate,
        or 1 to use as a constant true predicate.

  Flexible Rules
    These rules are the most annoying to write but provide the most
    flexibility.

    All access control is performed using exceptions -
    $Catalyst::Plugin::Authorization::ACL::Engine::DENIED, and
    $Catalyst::Plugin::Authorization::ACL::Engine::ALLOWED (these can be
    imported from the engine module).

    If no rule decides to explicitly allow or deny access, access will be
    permitted.

    Here is a rule that will always break out of rule processing by either
    explicitly allowing or denying access based on how much mojo the current
    user has:

        __PACKAGE__->acl_add_rule(
            "/foo",
            sub {
                my ( $c, $action ) = @_;

                if ( $c->user->mojo > 50 ) {
                    die $ALLOWED;
                } else {
                    die $DENIED;
                }
            }
        );

HANDLING DENIAL
    There are two plugin methods that can be called when a rule makes a
    decision about an action:

    acl_access_allowed
        A no-op

    acl_access_denied
        Looks for a private action named "access_denied" from the denied
        action's controller and outwards (much like "auto"), and if none is
        found throws an access denied exception.

    forcibly_allow_access
        Within an "access_denied" action this will immediately cause the
        blocked action to be executed anyway.

    This means that you have several alternatives:

  Provide an "access_denied" action
        package MyApp::Controller::Foo;

        sub access_denied : Private {
            my ( $self, $c, $action ) = @_;

            ...
            $c->forcibly_allow_access
                if $you->mean_it eq "really";
        }

    If you call "forcibly_allow_access" then the blocked action will be
    immediately unblocked. Otherwise the execution of the action will cease,
    and return to it's caller or end.

  Cleanup in "end"
        sub end : Private {
            my ( $self, $c ) = @_;

            if ( $c->error and $c->error->[-1] eq "access denied" ) {
                $c->error(0); # clear the error

                # access denied
            } else {
                # normal end
            }
        }

  Override the plugin event handler methods
        package MyApp;

        sub acl_access_allowed {
            my ( $c, $class, $action ) = @_;
            ...
        }

        sub acl_access_denied {
            my ( $c, $class, $action, $err ) = @_;
            ...
        }

    $class is the controller class the $action object was going to be
    executed in, and $err is the exception cought during rule evaluation, if
    any (access is denied if a rule raises an exception).

SEE ALSO
    Catalyst::Plugin::Authentication,
    Catalyst::Plugin::Authorization::Roles,
    <http://catalyst.perl.org/calendar/2005/24>

AUTHOR
    Yuval Kogman <nothingmuch@woobling.org>

CONTRIBUTORS
    castaway: Jess Robinson

    caelum: Rafael Kitover <rkitover@cpan.org>

COPYRIGHT & LICENSE
    Copyright (c) 2005 - 2009 the Catalyst::Plugin::Authorization::ACL
    "AUTHOR" and "CONTRIBUTORS" as listed above.

    This library is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.