=head1 Basics
These recipes cover some basic stuff that is worth knowing for
-catalyst developers.
+Catalyst developers.
=head2 Delivering a Custom Error Page
package MyApp::Controller::Foo;
use Moose;
use namespace::autoclean;
- BEGIN { extends 'Catalyst::Controller';
+ BEGIN { extends 'Catalyst::Controller' };
## Write data into the session
sub add_item : Local {
=head1 Skipping your VCS's directories
-Catalyst uses Module::Pluggable to load Models, Views and Controllers.
+Catalyst uses Module::Pluggable to load Models, Views, and Controllers.
Module::Pluggable will scan through all directories and load modules
it finds. Sometimes you might want to skip some of these directories,
for example when your version control system makes a subdirectory with
source control systems. Here is the configuration you need to add
their directories to the list to skip.
-You can make catalyst skip these directories using the Catalyst config:
+You can make Catalyst skip these directories using the Catalyst config:
# Configure the application
__PACKAGE__->config(
=head1 Users and Access Control
-Most multiuser, and some single user web applications require that
+Most multiuser, and some single-user web applications require that
users identify themselves, and the application is often required to
define those roles. The recipes below describe some ways of doing
this.
}
}
-=head2 FIXME
-
-To restrict access to any action, you can use the C<check_user_roles> method:
-
- sub restricted : Local {
- my ( $self, $c ) = @_;
-
- $c->detach("unauthorized")
- unless $c->check_user_roles( "admin" );
-
- # do something restricted here
- }
-
-You can also use the C<assert_user_roles> method. This just gives an
-error if the current user does not have one of the required roles:
-
- sub also_restricted : Global {
- my ( $self, $c ) = @_;
- $c->assert_user_roles( qw/ user admin / );
- }
-
=head2 Authentication/Authorization
This is done in several steps:
=item Authorization
Making sure the user only accesses functions you want them to
-access. This is done by checking the verified users data against your
+access. This is done by checking the verified user's data against your
internal list of groups, or allowed persons for the current page.
=back
A Storage backend contains the actual data representing the users. It
is queried by the credential verifiers. Updating the store is not done
-within this system, you will need to do it yourself.
+within this system; you will need to do it yourself.
Examples:
- DBIC - Storage using a database.
+ DBIC - Storage using a database via DBIx::Class.
Minimal - Storage using a simple hash (for testing).
=head3 User objects
A User object is created by either the storage backend or the
-credential verifier, and filled with the retrieved user information.
+credential verifier, and is filled with the retrieved user information.
Examples:
=head3 ACL authorization
ACL stands for Access Control List. The ACL plugin allows you to
-regulate access on a path by path basis, by listing which users, or
+regulate access on a path-by-path basis, by listing which users, or
roles, have access to which paths.
=head3 Roles authorization
=head3 Checking roles
-Role checking is done by using the C<< $c->check_user_roles >> method,
-this will check using the currently logged in user (via C<< $c->user
+Role checking is done by using the C<< $c->check_user_roles >> method.
+This will check using the currently logged-in user (via C<< $c->user
>>). You pass it the name of a role to check, and it returns true if
the user is a member.
=head3 EXAMPLE
- package MyApp;
- use Moose;
- use namespace::autoclean;
- extends qw/Catalyst/;
- use Catalyst qw/Authentication
- Authorization::Roles/;
-
- __PACKAGE__->config(
- 'Plugin::Authentication' => {
- default => {
- credential => {
- class => 'Htpasswd',
- # FIXME
- },
- store => {
- class => 'Null',
- },
- },
- },
- );
-
- sub login : Local {
+ package MyApp;
+ use Moose;
+ use namespace::autoclean;
+ extends qw/Catalyst/;
+ use Catalyst qw/
+ Authentication
+ Authorization::Roles
+ /;
+
+ __PACKAGE__->config(
+ authentication => {
+ default_realm => 'test',
+ realms => {
+ test => {
+ credential => {
+ class => 'Password',
+ password_field => 'password',
+ password_type => 'self_check',
+ },
+ store => {
+ class => 'Htpasswd',
+ file => 'htpasswd',
+ },
+ },
+ },
+ },
+ );
+
+ package MyApp::Controller::Root;
+ use Moose;
+ use namespace::autoclean;
+
+ BEGIN { extends 'Catalyst::Controller' }
+
+ __PACKAGE__->config(namespace => '');
+
+ sub login : Local {
my ($self, $c) = @_;
if ( my $user = $c->req->param("user")
=head3 Using authentication in a testing environment
-Ideally, to write tests for authentication/authorization code one
-would first set up a test database with known data, then use
+Ideally, to write tests for authentication/authorization code one would
+first set up a test database with known data, then use
L<Test::WWW::Mechanize::Catalyst> to simulate a user logging
-in. Unfortunately the former can be rather awkward, which is why it's
-a good thing that the authentication framework is so flexible.
+in. Unfortunately this can be rather awkward, which is why it's a good
+thing that the authentication framework is so flexible.
Instead of using a test database, one can simply change the
authentication store to something a bit easier to deal with in a
modifying one's database, which can be problematic if one forgets to
use the testing instead of production database.
-e.g.,
-
- # FIXME - Out of date
- use Catalyst::Plugin::Authentication::Store::Minimal::Backend;
-
- # Sets up the user `test_user' with password `test_pass'
- MyApp->default_auth_store(
- Catalyst::Plugin::Authentication::Store::Minimal::Backend->new({
- test_user => { password => 'test_pass' },
- })
- );
-
-Now, your test code can call C<$c->login('test_user', 'test_pass')> and
-successfully login, without messing with the database at all.
+Alternatively, if you want to authenticate real users, but not have to
+worry about their passwords, you can use
+L<Catalyst::Authentication::Credential::Testing> to force all users to
+authenticate with a global password.
=head3 More information
-L<http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication> has a longer explanation.
+L<Catalyst::Plugin::Authentication> has a longer explanation.
=head2 Authorization
=head3 Introduction
Authorization is the step that comes after
-authentication. Authentication establishes that the user agent is
-really representing the user we think it's representing, and then
-authorization determines what this user is allowed to do.
+authentication. Authentication establishes that the user agent is really
+representing the user we think it's representing, and then authorization
+determines what this user is allowed to do.
=head3 Role Based Access Control
Under role based access control each user is allowed to perform any
number of roles. For example, at a zoo no one but specially trained
-personnel can enter the moose cage (Mynd you, møøse bites kan be
+personnel can enter the moose cage (Mynd you, møøse bites kan be
pretty nasti!). For example:
package Zoo::Controller::MooseCage;
the moose, which is a very dangerous thing. We need to restrict this
action, so that only a qualified moose feeder can perform that action.
-The Authorization::Roles plugin let's us perform role based access
+The Authorization::Roles plugin lets us perform role based access
control checks. Let's load it:
use parent qw/Catalyst/;
Checking for roles all the time can be tedious and error prone.
-The Authorization::ACL plugin let's us declare where we'd like checks
+The Authorization::ACL plugin lets us declare where we'd like checks
to be done automatically for us.
For example, we may want to completely block out anyone who isn't a
clean up in your C<end> private action instead.
Also, it's important to note that if you restrict access to "/" then
-C<end>, C<default>, etc will also be restricted.
+C<end>, C<default>, etc. will also be restricted.
MyApp->acl_allow_root_internals;
write a simple component in Catalyst that slurps in an outside Model:
package MyApp::Model::DB;
+
use base qw/Catalyst::Model::DBIC::Schema/;
+
__PACKAGE__->config(
schema_class => 'Some::DBIC::Schema',
connect_info => ['dbi:SQLite:foo.db', '', '', {AutoCommit=>1}];
);
+
1;
and that's it! Now C<Some::DBIC::Schema> is part of your
=head2 Create accessors to preload static data once per server instance
When you have data that you want to load just once from the model at
-server load instead of for each request, use mk_group_accessors to
+startup, instead of for each request, use mk_group_accessors to
create accessors and tie them to resultsets in your package that
-inherits from DBIx::Class::Schema
+inherits from DBIx::Class::Schema:
package My::Schema;
use base qw/DBIx::Class::Schema/;
and now in the controller, you can now access any of these without a
per-request fetch:
- $c->stash->{something} = $c->model('My::Schema')->schema->ACCESSORNAMEn;
+ $c->stash->{something} = $c->model('My::Schema')->schema->ACCESSORNAME;
=head2 XMLRPC
-Unlike SOAP, XMLRPC is a very simple (and imo elegant) web-services
+Unlike SOAP, XMLRPC is a very simple (and elegant) web-services
protocol, exchanging small XML messages like these:
Request:
=head1 Views
Views pertain to the display of your application. As with models,
-catalyst is uncommonly flexible. The recipes below are just a start.
+Catalyst is uncommonly flexible. The recipes below are just a start.
=head2 Catalyst::View::TT
=head1 AUTHORS
-Sebastian Riedel C<sri@oook.de>
-
-Danijel Milicevic C<me@danijel.de>
-
-Viljo Marrandi C<vilts@yahoo.com>
-
-Marcus Ramberg C<mramberg@cpan.org>
-
-Jesse Sheidlower C<jester@panix.com>
-
-Andy Grundman C<andy@hybridized.org>
-
-Chisel Wright C<pause@herlpacker.co.uk>
-
-Will Hawes C<info@whawes.co.uk>
-
-Gavin Henry C<ghenry@perl.me.uk>
-
-Kieren Diment C<kd@totaldatasolution.com>
+Catalyst Contributors, see Catalyst.pm
=head1 COPYRIGHT
-This document is free, you can redistribute it and/or modify it
-under the same terms as Perl itself.
+This library is free software. You can redistribute it and/or modify it under
+the same terms as Perl itself.
+=cut