X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthorization.pod;h=818a8f2ae022d86fd294131e2fa388ccf099257e;hb=b0eca006a93b36b6b1a7c83f2ff5508ce618f3e2;hp=b4d73414d904404bb3d9aa16bb74e962cf8e963f;hpb=4feda61c517ea54dad037929f731f5db35fe9617;p=catagits%2FCatalyst-Manual.git
diff --git a/lib/Catalyst/Manual/Tutorial/Authorization.pod b/lib/Catalyst/Manual/Tutorial/Authorization.pod
index b4d7341..818a8f2 100644
--- a/lib/Catalyst/Manual/Tutorial/Authorization.pod
+++ b/lib/Catalyst/Manual/Tutorial/Authorization.pod
@@ -89,7 +89,7 @@ Edit C and add C to the list:
Session
Session::Store::FastMmap
Session::State::Cookie
- /;
+ /);
B As discussed in MoreCatalystBasics, different versions of
C have used a variety of methods to load the plugins.
@@ -162,13 +162,13 @@ lines to the bottom of the file:
[% # Use $c->check_user_roles() to check authz -%]
[% IF c.check_user_roles('user') %]
[% # Give normal users a link for 'logout' %]
- Logout
+ User Logout
[% END %]
[% # Can also use $c->user->check_roles() to check authz -%]
[% IF c.check_user_roles('admin') %]
[% # Give admin users a link for 'create' %]
- Create
+ Admin Create
[% END %]
@@ -195,7 +195,7 @@ updating C to match the following code:
=cut
- sub url_create : Local {
+ sub url_create :Chained('base') :PathPart('url_create') :Args(3) {
# In addition to self & context, get the title, rating & author_id args
# from the URL. Note that Catalyst automatically puts extra information
# after the "// to match the following code:
# Set the TT template to use
$c->stash->{template} = 'books/create_done.tt2';
} else {
- # Provide very simple feedback to the user
+ # Provide very simple feedback to the user.
$c->response->body('Unauthorized!');
}
}
@@ -244,12 +244,12 @@ way to demonstrate that TT templates will not be used if the response
body has already been set. In reality you would probably want to use a
technique that maintains the visual continuity of your template layout
(for example, using the "status" or "error" message feature added in
-Part 3).
+Part 3 or C to an action that shows an "unauthorized" page).
B: If you want to keep your existing C method, you can
create a new copy and comment out the original by making it look like a
-Pod comment. For example, put something like C<=begin> before C and C<=end> after the closing C<}>.
+Pod comment. For example, put something like C<=begin> before
+C and C<=end> after the closing C<}>.
=head2 Try Out Authentication And Authorization
@@ -261,10 +261,10 @@ running) and restart it:
Now trying going to L and you should
be taken to the login page (you might have to C or
-C your browser and/or click the "Logout" link on the book
+C your browser and/or click the "User Logout" link on the book
list page). Try logging in with both C and C (both
use a password of C) and notice how the roles information
-updates at the bottom of the "Book List" page. Also try the C
+updates at the bottom of the "Book List" page. Also try the "User Logout"
link on the book list page.
Now the "url_create" URL will work if you are already logged in as user
@@ -273,7 +273,7 @@ C. Try:
http://localhost:3000/books/url_create/test/1/6
-while logged in as each user. Use one of the 'Logout' links (or go to
+while logged in as each user. Use one of the "logout" links (or go to
L in your browser directly) when you are
done.
@@ -311,7 +311,7 @@ C<__PACKAGE__-Esetup> statement:
"/books/form_create_do",
[qw/admin/],
);
- __PACKAGE__->deny_access_unless(
+ __PACKAGE__->allow_access_if(
"/books/delete",
[qw/user admin/],
);
@@ -320,9 +320,10 @@ Each of the three statements above comprises an ACL plugin "rule". The
first two rules only allow admin-level users to create new books using
the form (both the form itself and the data submission logic are
protected). The third statement allows both users and admins to delete
-books. The C action will continue to be protected by
-the "manually configured" authorization created earlier in this part of
-the tutorial.
+books; letting users delete but not create book entries may sound odd in
+the "real world", but this is just an example. The C
+action will continue to be protected by the "manually configured"
+authorization created earlier in this part of the tutorial.
The ACL plugin permits you to apply allow/deny logic in a variety of
ways. The following provides a basic overview of the capabilities:
@@ -407,7 +408,7 @@ Then run the Catalyst development server script:
Log in as C. Once at the book list, click the "Create" link
to try the C action. You should receive a red
"Unauthorized!" error message at the top of the list. (Note that in
-the example code the "Create" link code in C
+the example code the "Admin Create" link code in C
is inside an C statement that only displays the list to
admin-level users.) If you log in as C you should be able to
view the C form and add a new book.