=head1 NAME
-Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Part 5: Authorization
+Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Part 6: Authorization
=head1 OVERVIEW
-This is B<Part 5 of 9> for the Catalyst tutorial.
+This is B<Part 6 of 10> for the Catalyst tutorial.
L<Tutorial Overview|Catalyst::Manual::Tutorial>
=item 3
-L<Basic CRUD|Catalyst::Manual::Tutorial_BasicCRUD>
+L<More Catalyst Basics|Catalyst::Manual::Tutorial::MoreCatalystBasics>
=item 4
-L<Authentication|Catalyst::Manual::Tutorial::Authentication>
+L<Basic CRUD|Catalyst::Manual::Tutorial::BasicCRUD>
=item 5
-B<Authorization>
+L<Authentication|Catalyst::Manual::Tutorial::Authentication>
=item 6
-L<Debugging|Catalyst::Manual::Tutorial::Debugging>
+B<Authorization>
=item 7
-L<Testing|Catalyst::Manual::Tutorial::Testing>
+L<Debugging|Catalyst::Manual::Tutorial::Debugging>
=item 8
-L<AdvancedCRUD|Catalyst::Manual::Tutorial::AdvancedCRUD>
+L<Testing|Catalyst::Manual::Tutorial::Testing>
=item 9
+L<Advanced CRUD|Catalyst::Manual::Tutorial::AdvancedCRUD>
+
+=item 10
+
L<Appendices|Catalyst::Manual::Tutorial::Appendices>
=back
-
=head1 DESCRIPTION
This part of the tutorial adds role-based authorization to the existing
-authentication implemented in Part 4. It provides simple examples of
+authentication implemented in Part 5. It provides simple examples of
how to use roles in both TT templates and controller actions. The first
half looks at manually configured authorization. The second half looks
at how the ACL authorization plugin can simplify your code.
StackTrace
Authentication
- Authentication::Store::DBIC
- Authentication::Credential::Password
Authorization::Roles
Session
=head2 Add Config Information for Authorization
-Edit C<myapp.yml> and update it to match (everything from the
-"authorization:" line down is new):
-
- ---
- name: MyApp
- authentication:
- dbic:
- # Note this first definition would be the same as setting
- # __PACKAGE__->config->{authentication}->{dbic}->{user_class} = 'MyAppDB::User'
- # in lib/MyApp.pm (IOW, each hash key becomes a "name:" in the YAML file).
- #
- # This is the model object created by Catalyst::Model::DBIC from your
- # schema (you created 'MyAppDB::User' but as the Catalyst startup
- # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
- # NOTE: Omit 'MyApp::Model' here just as you would when using
- # '$c->model("MyAppDB::User)'
- user_class: MyAppDB::User
- # This is the name of the field in your 'users' table that contains the user's name
- user_field: username
- # This is the name of the field in your 'users' table that contains the password
- password_field: password
- # Other options can go here for hashed passwords
- # Enabled hashed passwords
- password_type: hashed
- # Use the SHA-1 hashing algorithm
- password_hash_type: SHA-1
- authorization:
- dbic:
- # This is the model object created by Catalyst::Model::DBIC from your
- # schema (you created 'MyAppDB::Role' but as the Catalyst startup
- # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::Role').
- # NOTE: Omit 'MyApp::Model' here just as you would when using
- # '$c->model("MyAppDB::User)'
- role_class: MyAppDB::Role
- # The name of the field in the 'roles' table that contains the role name
- role_field: role
- # The name of the accessor used to map a role to the users who have this role
- # See the has_many() in MyAppDB/Role.pm
- role_rel: map_user_role
- # The name of the field in the user_role table that references the user
- user_role_user_field: user_id
+Edit C<myapp.conf> and update it to match the following (the
+C<role_relation> and C<role_field> definitions are new):
+
+ name MyApp
+ <authentication>
+ default_realm dbic
+ <realms>
+ <dbic>
+ <credential>
+ # Note this first definition would be the same as setting
+ # __PACKAGE__->config->{authentication}->{realms}->{dbic}
+ # ->{credential} = 'Password' in lib/MyApp.pm
+ #
+ # Specify that we are going to do password-based auth
+ class Password
+ # This is the name of the field in the users table with the
+ # password stored in it
+ password_field password
+ # Switch to more secure hashed passwords
+ password_type hashed
+ # Use the SHA-1 hashing algorithm
+ password_hash_type SHA-1
+ </credential>
+ <store>
+ # Use DBIC to retrieve username, password & role information
+ class DBIx::Class
+ # This is the model object created by Catalyst::Model::DBIC
+ # from your schema (you created 'MyApp::Schema::User' but as
+ # the Catalyst startup debug messages show, it was loaded as
+ # 'MyApp::Model::DB::Users').
+ # NOTE: Omit 'MyApp::Model' here just as you would when using
+ # '$c->model("DB::Users)'
+ user_class DB::Users
+ # This is the name of the field in your 'users' table that
+ # contains the user's name
+ id_field username
+ # This is the name of a many_to_many relation in the users
+ # object that points to the roles for that user
+ role_relation roles
+ # This is the name of field in the roles table that contains
+ # the role information
+ role_field role
+ </store>
+ </dbic>
+ </realms>
+ </authentication>
=head2 Add Role-Specific Logic to the "Book List" Template
if ($c->check_user_roles('admin')) {
# Call create() on the book model object. Pass the table
# columns/field values we want to set as hash values
- my $book = $c->model('MyAppDB::Book')->create({
+ my $book = $c->model('DB::Books')->create({
title => $title,
rating => $rating
});
body has already been set. In reality you would probably want to use a
technique that maintains the visual continuity of your template layout
(for example, using the "status" or "error" message feature added in
-Part 2).
+Part 3).
B<TIP>: If you want to keep your existing C<url_create> method, you can
create a new copy and comment out the original by making it look like a
$ script/myapp_server.pl
-Log in as C<test02>. Once at the book list, click the "Create" link to
-try the C<form_create> action. You should receive a red "Unauthorized!"
-error message at the top of the list. (Note that in reality you would
-probably want to place the "Create" link code in
-C<root/src/books/list.tt2> inside an C<IF> statement that only displays
-the list to admin-level users.) If you log in as C<test01> you should
-be able to view the C<form_create> form and add a new book.
+Log in as C<test02>. Once at the book list, click the "Create" link
+to try the C<form_create> action. You should receive a red
+"Unauthorized!" error message at the top of the list. (Note that in
+the example code the "Create" link code in C<root/src/books/list.tt2>
+is inside an C<IF> statement that only displays the list to
+admin-level users.) If you log in as C<test01> you should be able to
+view the C<form_create> form and add a new book.
When you are done, use one of the 'Logout' links (or go to the
L<http://localhost:3000/logout> URL directly) when you are done.
Please report any errors, issues or suggestions to the author. The
most recent version of the Catalyst Tutorial can be found at
-L<http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Runtime/lib/Catalyst/Manual/Tutorial/>.
+L<http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Manual/lib/Catalyst/Manual/Tutorial/>.
-Copyright 2006, Kennedy Clark, under Creative Commons License
+Copyright 2006-2008, Kennedy Clark, under Creative Commons License
(L<http://creativecommons.org/licenses/by-nc-sa/2.5/>).
projects / catagits/Catalyst-Manual.git / blobdiff