=head1 NAME
-Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Part 6: Authorization
+Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Chapter 6: Authorization
=head1 OVERVIEW
-This is B<Part 6 of 10> for the Catalyst tutorial.
+This is B<Chapter 6 of 10> for the Catalyst tutorial.
L<Tutorial Overview|Catalyst::Manual::Tutorial>
=head1 DESCRIPTION
-This part of the tutorial adds role-based authorization to the
-existing authentication implemented in Part 5. It provides simple
+This chapter of the tutorial adds role-based authorization to the
+existing authentication implemented in Chapter 5. It provides simple
examples of how to use roles in both TT templates and controller
actions. The first half looks at basic authorization concepts. The
second half looks at how moving your authorization code to your model
# Load plugins
use Catalyst qw/-Debug
- ConfigLoader
- Static::Simple
+ ConfigLoader
+ Static::Simple
- StackTrace
+ StackTrace
- Authentication
- Authorization::Roles
+ Authentication
+ Authorization::Roles
- Session
- Session::Store::FastMmap
- Session::State::Cookie
- /;
+ Session
+ Session::Store::FastMmap
+ Session::State::Cookie
+ /;
B<Note:> As discussed in MoreCatalystBasics, different versions of
C<Catalyst::Devel> have used a variety of methods to load the plugins.
You can put the plugins in the C<use Catalyst> statement if you
prefer.
+Once again (remain sharp, by now you should be getting the hang of things)
+include this additional plugin as a new dependency in the Makefile.PL file
+like this:
-=head2 Add Config Information for Authorization
-
-Edit C<myapp.conf> and update it to match the following (the
-C<role_relation> and C<role_field> definitions are new):
-
- # rename this file to MyApp.yml and put a : in front of "name" if
- # you want to use yaml like in old versions of Catalyst
- name MyApp
- <authentication>
- default_realm dbic
- <realms>
- <dbic>
- <credential>
- # Note this first definition would be the same as setting
- # __PACKAGE__->config->{authentication}->{realms}->{dbic}
- # ->{credential} = 'Password' in lib/MyApp.pm
- #
- # Specify that we are going to do password-based auth
- class Password
- # This is the name of the field in the users table with the
- # password stored in it
- password_field password
- # Switch to more secure hashed passwords
- password_type hashed
- # Use the SHA-1 hashing algorithm
- password_hash_type SHA-1
- </credential>
- <store>
- # Use DBIC to retrieve username, password & role information
- class DBIx::Class
- # This is the model object created by Catalyst::Model::DBIC
- # from your schema (you created 'MyApp::Schema::Result::User'
- # but as the Catalyst startup debug messages show, it was
- # loaded as 'MyApp::Model::DB::Users').
- # NOTE: Omit 'MyApp::Model' here just as you would when using
- # '$c->model("DB::Users)'
- user_class DB::Users
- # This is the name of a many_to_many relation in the users
- # object that points to the roles for that user
- role_relation roles
- # This is the name of field in the roles table that contains
- # the role information
- role_field role
- </store>
- </dbic>
- </realms>
- </authentication>
-
+ requires (
+ ...
+ 'Catalyst::Plugin::Authorization::Roles' => '0',
+ );
=head2 Add Role-Specific Logic to the "Book List" Template
<ul>
[% # Dump list of roles -%]
- [% FOR role = c.user.roles %]<li>[% role %]</li>[% END %]
+ [% FOR role = c.user.role %]<li>[% role %]</li>[% END %]
</ul>
<p>
roles assigned to the user.
-=head2 Limit C<Books::add> to C<admin> Users
+=head2 Limit Books::add to 'admin' Users
C<IF> statements in TT templates simply control the output that is sent
to the user's browser; it provides no real enforcement (if users know or
if ($c->check_user_roles('admin')) {
# Call create() on the book model object. Pass the table
# columns/field values we want to set as hash values
- my $book = $c->model('DB::Books')->create({
+ my $book = $c->model('DB::Book')->create({
title => $title,
rating => $rating
});
# Add a record to the join table for this book, mapping to
# appropriate author
- $book->add_to_book_authors({author_id => $author_id});
+ $book->add_to_book_author({author_id => $author_id});
# Note: Above is a shortcut for this:
- # $book->create_related('book_authors', {author_id => $author_id});
+ # $book->create_related('book_author', {author_id => $author_id});
# Assign the Book object to the stash for display in the view
$c->stash->{book} = $book;
- # This is a hack to disable XSUB processing in Data::Dumper
- # (it's used in the view). This is a work-around for a bug in
- # the interaction of some versions or Perl, Data::Dumper & DBIC.
- # You won't need this if you aren't using Data::Dumper (or if
- # you are running DBIC 0.06001 or greater), but adding it doesn't
- # hurt anything either.
- $Data::Dumper::Useperl = 1;
-
# Set the TT template to use
$c->stash->{template} = 'books/create_done.tt2';
} else {
body has already been set. In reality you would probably want to use a
technique that maintains the visual continuity of your template layout
(for example, using the "status" or "error" message feature added in
-Part 3 or C<detach> to an action that shows an "unauthorized" page).
+Chapter 3 or C<detach> to an action that shows an "unauthorized" page).
B<TIP>: If you want to keep your existing C<url_create> method, you can
create a new copy and comment out the original by making it look like a
For example, let's add a method to our C<Books.pm> Result Class to
check if a user is allowed to delete a book. Open
-C<lib/MyApp/Schema/Result/Books.pm> and add the following method
+C<lib/MyApp/Schema/Result/Book.pm> and add the following method
(be sure to add it below the "C<DO NOT MODIFY ...>" line):
=head2 delete_allowed_by
Here we call a C<has_role> method on our user object, so we should add
this method to our Result Class. Open
-C<lib/MyApp/Schema/Result/Users.pm> and add this near the top:
-
- use Perl6::Junction qw/any/;
-
-And then add the following method below the "C<DO NOT MODIFY ...>"
-line:
+C<lib/MyApp/Schema/Result/User.pm> and add the following method below
+the "C<DO NOT MODIFY ...>" line:
=head 2 has_role
=cut
+ use Perl6::Junction qw/any/;
sub has_role {
my ($self, $role) = @_;
projects / catagits/Catalyst-Manual.git / blobdiff