user_model => 'MyApp::User',
role_relation => 'roles',
role_field => 'rolename',
+ check_roles => 'check_roles',
+ check_roles_any => 'check_roles_any',
}
}
}
role_field => 'rolename',
ignore_fields_in_find => [ 'remote_name' ],
use_userdata_from_session => 1,
+ check_roles => 'check_roles',
+ check_roles_any => 'check_roles_any',
}
}
}
that if use_userdata_from_session is enabled, this config parameter
is not used at all.
+=item check_roles
+
+If this option of set, checking the user has all the roles will be delegated to the
+specified method on the user row. This allows for you to override the role
+check, if you want to check virtual roles, or make super roles etc.
+
+You should set the value to the name of the method on the user row to call
+
+ __PACKAGE__->config('Plugin::Authentication' => {
+ realms => {
+ members => {
+ store => {
+ check_roles => 'custom_check_roles',
+ check_roles_any => 'custom_check_roles_any',
+ }
+ }
+ }
+ });
+
+
+\@roles, and \@wanted_roles will be passed, where \@roles is the list of user roles
+and \@wanted_roles is the list of wanted roles.
+
+Should return true if user has the role.
+
+You will have to check the whole set yourself, eg this is the default behaviour
+when not setting 'check_roles'
+
+ use Set::Object;
+
+ sub custom_check_roles {
+ my ( $self, $roles, $wanted_roles ) = @_;
+
+ my $have = Set::Object->new(@$roles);
+ my $need = Set::Object->new(@$wanted_roles);
+
+ if ( $have->superset($need) ) {
+ return 1;
+ }
+ }
+
+=item check_roles_any
+
+Same as check_roles, except it's for checking that the user has at least one of
+the roles
+
+This is the default when check_roles_any is not set
+
+ use Set::Object;
+
+ sub custom_check_roles_any {
+ my ( $self, $roles, $wanted_roles ) = @_;
+
+ my $have = Set::Object->new(@$roles);
+ my $need = Set::Object->new(@$wanted_roles);
+
+ if ( $have->intersection($need)->size > 0 ) {
+ return 1;
+ }
+ }
+
=back
=head1 USAGE