Apache-iNcom
9 results

 view release on metacpan or  search on metacpan

lib/Apache/iNcom/UserDBAuthz.pm  view on Meta::CPAN 

		if ( @$e > 3 ) {
		    $r->warn( "syntax of ACL is perm or perm on target in " .
			      $req->{requirement}
			    );
		    next REQUIRES;
		}
		# Allow noise word between perm and target
		# Ex: perm on target
		my $target = @$e == 3 ? $e->[2] : $e->[1];

		next if $userdb->allowed( $user, $target, $e->[0] );

		next REQUIRES;
	    }
	}

	# All were match success
	return OK;
    }

    $r->log_reason( "Not authorized", $r->filename );
    return Apache::iNcom::return_error( $r, FORBIDDEN );
}

1;

__END__

=pod

=head1 NAME

Apache::iNcom::UserDBAuthz - mod_perl authorization handler that use
the UserDB.

=head1 SYNOPSIS

    PerlRequire	Apache::iNcom:UserDBAuthz

    AuthType Basic
    AuthName "iNcom Users"

    PerlAuthenHandler	Apache::iNcom::UserDBAuthen
    PerlAuthzHandler	Apache::iNcom::UserDBAuthz

    require valid-user

    require user foo

    require group bar

    require user foo and write

    require group baz; exec on test

    require valid-user, admin code

=head1 DESCRIPTION

This module integrates the DBIx::UserDB module used by the
Apache::iNcom framework with the apache authorization phase.

This module will set the authorization on the authenticated user by
checking the DBIx::UserDB ACL.

=head1 CONFIGURATION

The DBIx::UserDB used is configured via the normal Apache::iNcom
directives.

=head1 REQUIREMENTS DIRECTIVES

This module will let the user if ANY C<require> directives match. This
means that different C<require> ar ORed together.

In a C<require> directive, different clause can be ANDed together by
separating them by C<and>, comma (,) or semi-colon (;).

Here are the different expression that are understood by the module.

=over

=item valid-user

This requirements will pass everytime the user was authenticated
successfully.

=item user <username>

This requirement will succeed if the user's username is identical.

=item group <groupname>

This requirement will suceed if the user is a member of that group.

=item <privilege>

This requirement will succeed if the user has the specified privilege
on the current URL. The C<INCOM_URL_PREFIX> is stripped from the URL.
The privilege is checked by using the C<allowed> method of the UserDB.

=item <privilege> [on] <target>

This requirement will succeed if the user has the specified privilege
on the specified target. The privilege is checked by using the
C<allowed> method of the UserDB.

=back

=head1 AUTHOR

Copyright (c) 1999 Francis J. Lacoste and iNsu Innovations Inc.
All rights reserved.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

=head1 SEE ALSO



( run in 1.317 second using v1.01-cache-2.11-cpan-df04353d9ac )