=item 9
-L<Appendicies|Catalyst::Manual::Tutorial::Appendicies>
+L<Appendices|Catalyst::Manual::Tutorial::Appendices>
=back
half looks at manually configured authorization. The second half looks
at how the ACL authorization plugin can simplify your code.
-B<TIP>: Note that all of the code for this part of the tutorial can be
-pulled from the Catalyst Subversion repository in one step with the
-following command:
-
- svn checkout http://dev.catalyst.perl.org/repos/Catalyst/trunk/examples/Tutorial@###
- IMPORTANT: Does not work yet. Will be completed for final version.
-
-
+You can checkout the source code for this example from the catalyst
+subversion repository as per the instructions in
+L<Catalyst::Manual::Tutorial::Intro>
=head1 BASIC AUTHORIZATION
In this section you learn how to manually configure authorization.
-
-=head2 Update Plugins to Include Support Authorization
+=head2 Update Plugins to Include Support for Authorization
Edit C<lib/MyApp.pm> and add C<Authorization::Roles> to the list:
ConfigLoader
Static::Simple
- Dumper
StackTrace
- DefaultEnd
Authentication
Authentication::Store::DBIC
=head2 Add Config Information for Authorization
-Edit C<myapp.yml> and update it to match (everything from the "authorization:" line down is new):
+Edit C<myapp.yml> and update it to match (everything from the
+"authorization:" line down is new):
---
name: MyApp
# This is the model object created by Catalyst::Model::DBIC from your
# schema (you created 'MyAppDB::User' but as the Catalyst startup
# debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
- # NOTE: Omit 'MyAppDB::Model' to avoid a component lookup issue in Catalyst 5.66
+ # NOTE: Omit 'MyApp::Model' here just as you would when using
+ # '$c->model("MyAppDB::User)'
user_class: MyAppDB::User
# This is the name of the field in your 'users' table that contains the user's name
user_field: username
# This is the model object created by Catalyst::Model::DBIC from your
# schema (you created 'MyAppDB::Role' but as the Catalyst startup
# debug messages show, it was loaded as 'MyApp::Model::MyAppDB::Role').
- # NOTE: Omit 'MyAppDB::Model' to avoid a component lookup issue in Catalyst 5.66
+ # NOTE: Omit 'MyApp::Model' here just as you would when using
+ # '$c->model("MyAppDB::User)'
role_class: MyAppDB::Role
# The name of the field in the 'roles' table that contains the role name
role_field: role
- # The name of the accessor used to map a user to a role
- # See the has_many() in MyAppDB/User.pm
+ # The name of the accessor used to map a role to the users who have this role
+ # See the has_many() in MyAppDB/Role.pm
role_rel: map_user_role
# The name of the field in the user_role table that references the user
user_role_user_field: user_id
[% END %]
</p>
-This code displays a different combination of links depending on the roles assigned to the user..
-
+This code displays a different combination of links depending on the
+roles assigned to the user.
=head2 Limit C<Books::add> to C<admin> Users
to the user's browser; it provides no real enforcement (if users know or
guess the appropriate URLs, they are still perfectly free to hit any
action within your application). We need to enhance the controller
-logic to wrap restricted actions with role validation logic.
+logic to wrap restricted actions with role-validation logic.
For example, we might want to restrict the "formless create" action to
admin-level users by editing C<lib/MyApp/Controller/Books.pm> and
=head2 url_create
- Create a book with the supplied title, and rating
+ Create a book with the supplied title and rating,
with manual authorization
=cut
}
-To add authorization, we simply write the main code of this method in an
+To add authorization, we simply wrap the main code of this method in an
C<if> statement that calls C<check_user_roles>. If the user does not
have the appropriate permissions, they receive an "Unauthorized!"
message. Note that we intentionally chose to display the message this
Pod comment. For example, put something like C<=begin> before C<sub add
: Local {> and C<=end> after the closing C<}>.
-
=head2 Try Out Authentication And Authorization
-Press C<Ctrl-C> to kill the previous server instance (if it's still running) and restart it:
+Press C<Ctrl-C> to kill the previous server instance (if it's still
+running) and restart it:
$ script/myapp_server.pl
Now trying going to L<http://localhost:3000/books/list> and you should
be taken to the login page (you might have to C<Shift+Reload> your
-browser). Try logging in with both C<test01> and C<test02> (both use a
-password of C<mypass>) and notice how the roles information updates at
-the bottom of the "Book List" page. Also try the C<Logout> link on the
+browser and/or click the "Logout" link on the book list page). Try
+logging in with both C<test01> and C<test02> (both use a password
+of C<mypass>) and notice how the roles information updates at the
+bottom of the "Book List" page. Also try the C<Logout> link on the
book list page.
Now the "url_create" URL will work if you are already logged in as user
done.
-
=head1 ENABLE ACL-BASED AUTHORIZATION
This section takes a brief look at how the
L<Catalyst::Plugin::Authorization::ACL|Catalyst::Plugin::Authorization::ACL>
-can automate much of the work required to perform role-based
+plugin can automate much of the work required to perform role-based
authorization in a Catalyst application.
-
=head2 Add the C<Catalyst::Plugin::Authorization::ACL> Plugin
Open C<lib/MyApp.pm> in your editor and add the following plugin to the
Note that the remaining C<use Catalyst> plugins from earlier sections
are not shown here, but they should still be included.
-
=head2 Add ACL Rules to the Application Class
Open C<lib/MyApp.pm> in your editor and add the following B<BELOW> the
Each of the three statements above comprises an ACL plugin "rule". The
first two rules only allow admin-level users to create new books using
the form (both the form itself and the data submission logic are
-protected). The third statement allows both users and admin to delete
+protected). The third statement allows both users and admins to delete
books. The C</books/url_create> action will continue to be protected by
the "manually configured" authorization created earlier in this part of
the tutorial.
=back
-
=head2 Add a Method to Handle Access Violations
By default,
# Set the error message
$c->stash->{error_msg} = 'Unauthorized!';
-
+
# Display the list
$c->forward('list');
}
-
Then run the Catalyst development server script:
$ script/myapp_server.pl
L<http://localhost:3000/logout> URL directly) when you are done.
-
=head1 AUTHOR
Kennedy Clark, C<hkclark@gmail.com>
-Please report any errors, issues or suggestions to the author.
-
-Copyright 2006, Kennedy Clark, under Creative Commons License (L<http://creativecommons.org/licenses/by-nc-sa/2.5/>).
+Please report any errors, issues or suggestions to the author. The
+most recent version of the Catalyst Tutorial can be found at
+L<http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Runtime/lib/Catalyst/Manual/Tutorial/>.
-Version: .94
+Copyright 2006, Kennedy Clark, under Creative Commons License
+(L<http://creativecommons.org/licenses/by-nc-sa/2.5/>).
projects / catagits/Catalyst-Runtime.git / blobdiff