=head1 NAME
-Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Part 5: Authorization
+Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Part 6: Authorization
=head1 OVERVIEW
-This is B<Part 5 of 9> for the Catalyst tutorial.
+This is B<Part 6 of 10> for the Catalyst tutorial.
L<Tutorial Overview|Catalyst::Manual::Tutorial>
=item 3
-L<Basic CRUD|Catalyst::Manual::Tutorial_BasicCRUD>
+L<More Catalyst Basics|Catalyst::Manual::Tutorial::MoreCatalystBasics>
=item 4
-L<Authentication|Catalyst::Manual::Tutorial::Authentication>
+L<Basic CRUD|Catalyst::Manual::Tutorial::BasicCRUD>
=item 5
-B<Authorization>
+L<Authentication|Catalyst::Manual::Tutorial::Authentication>
=item 6
-L<Debugging|Catalyst::Manual::Tutorial::Debugging>
+B<Authorization>
=item 7
-L<Testing|Catalyst::Manual::Tutorial::Testing>
+L<Debugging|Catalyst::Manual::Tutorial::Debugging>
=item 8
-L<AdvancedCRUD|Catalyst::Manual::Tutorial::AdvancedCRUD>
+L<Testing|Catalyst::Manual::Tutorial::Testing>
=item 9
+L<Advanced CRUD|Catalyst::Manual::Tutorial::AdvancedCRUD>
+
+=item 10
+
L<Appendices|Catalyst::Manual::Tutorial::Appendices>
=back
-
=head1 DESCRIPTION
This part of the tutorial adds role-based authorization to the existing
StackTrace
Authentication
- Authentication::Store::DBIC
- Authentication::Credential::Password
Authorization::Roles
Session
=head2 Add Config Information for Authorization
-Edit C<myapp.yml> and update it to match (everything from the
-"authorization:" line down is new):
-
- ---
- name: MyApp
- authentication:
- dbic:
- # Note this first definition would be the same as setting
- # __PACKAGE__->config->{authentication}->{dbic}->{user_class} = 'MyAppDB::User'
- # in lib/MyApp.pm (IOW, each hash key becomes a "name:" in the YAML file).
- #
- # This is the model object created by Catalyst::Model::DBIC from your
- # schema (you created 'MyAppDB::User' but as the Catalyst startup
- # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
- # NOTE: Omit 'MyApp::Model' here just as you would when using
- # '$c->model("MyAppDB::User)'
- user_class: MyAppDB::User
- # This is the name of the field in your 'users' table that contains the user's name
- user_field: username
- # This is the name of the field in your 'users' table that contains the password
- password_field: password
- # Other options can go here for hashed passwords
- # Enabled hashed passwords
- password_type: hashed
- # Use the SHA-1 hashing algorithm
- password_hash_type: SHA-1
- authorization:
- dbic:
- # This is the model object created by Catalyst::Model::DBIC from your
- # schema (you created 'MyAppDB::Role' but as the Catalyst startup
- # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::Role').
- # NOTE: Omit 'MyApp::Model' here just as you would when using
- # '$c->model("MyAppDB::User)'
- role_class: MyAppDB::Role
- # The name of the field in the 'roles' table that contains the role name
- role_field: role
- # The name of the accessor used to map a role to the users who have this role
- # See the has_many() in MyAppDB/Role.pm
- role_rel: map_user_role
- # The name of the field in the user_role table that references the user
- user_role_user_field: user_id
+Edit C<myapp.conf> and update it to match the following (the
+C<role_relation> and C<role_field> definitions are new):
+
+ name MyApp
+ <authentication>
+ default_realm dbic
+ <realms>
+ <dbic>
+ <credential>
+ # Note this first definition would be the same as setting
+ # __PACKAGE__->config->{authentication}->{realms}->{dbic}
+ # ->{credential} = 'Password' in lib/MyApp.pm
+ #
+ # Specify that we are going to do password-based auth
+ class Password
+ # This is the name of the field in the users table with the
+ # password stored in it
+ password_field password
+ # Switch to more secure hashed passwords
+ password_type hashed
+ # Use the SHA-1 hashing algorithm
+ password_hash_type SHA-1
+ </credential>
+ <store>
+ # Use DBIC to retrieve username, password & role information
+ class DBIx::Class
+ # This is the model object created by Catalyst::Model::DBIC
+ # from your schema (you created 'MyApp::Schema::User' but as
+ # the Catalyst startup debug messages show, it was loaded as
+ # 'MyApp::Model::DB::Users').
+ # NOTE: Omit 'MyApp::Model' here just as you would when using
+ # '$c->model("DB::Users)'
+ user_class DB::Users
+ # This is the name of the field in your 'users' table that
+ # contains the user's name
+ id_field username
+ # This is the name of a many_to_many relation in the users
+ # object that points to the roles for that user
+ role_relation roles
+ # This is the name of field in the roles table that contains
+ # the role information
+ role_field role
+ </store>
+ </dbic>
+ </realms>
+ </authentication>
=head2 Add Role-Specific Logic to the "Book List" Template
if ($c->check_user_roles('admin')) {
# Call create() on the book model object. Pass the table
# columns/field values we want to set as hash values
- my $book = $c->model('MyAppDB::Book')->create({
+ my $book = $c->model('DB::Books')->create({
title => $title,
rating => $rating
});
$ script/myapp_server.pl
-Log in as C<test02>. Once at the book list, click the "Create" link to
-try the C<form_create> action. You should receive a red "Unauthorized!"
-error message at the top of the list. (Note that in reality you would
-probably want to place the "Create" link code in
-C<root/src/books/list.tt2> inside an C<IF> statement that only displays
-the list to admin-level users.) If you log in as C<test01> you should
-be able to view the C<form_create> form and add a new book.
+Log in as C<test02>. Once at the book list, click the "Create" link
+to try the C<form_create> action. You should receive a red
+"Unauthorized!" error message at the top of the list. (Note that in
+the example code the "Create" link code in C<root/src/books/list.tt2>
+is inside an C<IF> statement that only displays the list to
+admin-level users.) If you log in as C<test01> you should be able to
+view the C<form_create> form and add a new book.
When you are done, use one of the 'Logout' links (or go to the
L<http://localhost:3000/logout> URL directly) when you are done.
projects / catagits/Catalyst-Manual.git / blobdiff