X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthorization.pod;h=d340d20027002fa6bb06f4e8f29b576cc2e86f2c;hb=89d3dae9792c2edcea631295e9abc467db845b7c;hp=867c26ec5afa0f0a660a436ba37588a2503a7978;hpb=533fee734b6738d009dd5405dda9501e430a4e9f;p=catagits%2FCatalyst-Manual.git diff --git a/lib/Catalyst/Manual/Tutorial/Authorization.pod b/lib/Catalyst/Manual/Tutorial/Authorization.pod index 867c26e..d340d20 100644 --- a/lib/Catalyst/Manual/Tutorial/Authorization.pod +++ b/lib/Catalyst/Manual/Tutorial/Authorization.pod @@ -311,7 +311,7 @@ C<__PACKAGE__-Esetup> statement: "/books/form_create_do", [qw/admin/], ); - __PACKAGE__->deny_access_unless( + __PACKAGE__->allow_access_if( "/books/delete", [qw/user admin/], ); @@ -320,9 +320,10 @@ Each of the three statements above comprises an ACL plugin "rule". The first two rules only allow admin-level users to create new books using the form (both the form itself and the data submission logic are protected). The third statement allows both users and admins to delete -books. The C action will continue to be protected by -the "manually configured" authorization created earlier in this part of -the tutorial. +books; letting users delete but not create book entries may sound odd in +the "real world", but this is just an example. The C +action will continue to be protected by the "manually configured" +authorization created earlier in this part of the tutorial. The ACL plugin permits you to apply allow/deny logic in a variety of ways. The following provides a basic overview of the capabilities: @@ -412,7 +413,7 @@ is inside an C statement that only displays the list to admin-level users.) If you log in as C you should be able to view the C form and add a new book. -When you are done, use one of the 'Logout' links (or go to the +Use one of the 'Logout' links (or go to the L URL directly) when you are done.