X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthorization.pod;h=d340d20027002fa6bb06f4e8f29b576cc2e86f2c;hb=89d3dae9792c2edcea631295e9abc467db845b7c;hp=cdd98075d63ce71f22505c3968144887f587aca5;hpb=82ab4bbf7fc1c88e5c23821a9cc304c69d0aaf09;p=catagits%2FCatalyst-Manual.git diff --git a/lib/Catalyst/Manual/Tutorial/Authorization.pod b/lib/Catalyst/Manual/Tutorial/Authorization.pod index cdd9807..d340d20 100644 --- a/lib/Catalyst/Manual/Tutorial/Authorization.pod +++ b/lib/Catalyst/Manual/Tutorial/Authorization.pod @@ -91,6 +91,10 @@ Edit C and add C to the list: Session::State::Cookie /; +B As discussed in MoreCatalystBasics, different versions of +C have used a variety of methods to load the plugins. +You can put the plugins in the C statement if you prefer. + =head2 Add Config Information for Authorization @@ -307,7 +311,7 @@ C<__PACKAGE__-Esetup> statement: "/books/form_create_do", [qw/admin/], ); - __PACKAGE__->deny_access_unless( + __PACKAGE__->allow_access_if( "/books/delete", [qw/user admin/], ); @@ -316,9 +320,10 @@ Each of the three statements above comprises an ACL plugin "rule". The first two rules only allow admin-level users to create new books using the form (both the form itself and the data submission logic are protected). The third statement allows both users and admins to delete -books. The C action will continue to be protected by -the "manually configured" authorization created earlier in this part of -the tutorial. +books; letting users delete but not create book entries may sound odd in +the "real world", but this is just an example. The C +action will continue to be protected by the "manually configured" +authorization created earlier in this part of the tutorial. The ACL plugin permits you to apply allow/deny logic in a variety of ways. The following provides a basic overview of the capabilities: @@ -408,7 +413,7 @@ is inside an C statement that only displays the list to admin-level users.) If you log in as C you should be able to view the C form and add a new book. -When you are done, use one of the 'Logout' links (or go to the +Use one of the 'Logout' links (or go to the L URL directly) when you are done.