# Load plugins
use Catalyst qw/-Debug
- ConfigLoader
- Static::Simple
+ ConfigLoader
+ Static::Simple
- StackTrace
+ StackTrace
- Authentication
- Authorization::Roles
+ Authentication
+ Authorization::Roles
- Session
- Session::Store::FastMmap
- Session::State::Cookie
- /;
+ Session
+ Session::Store::FastMmap
+ Session::State::Cookie
+ /;
B<Note:> As discussed in MoreCatalystBasics, different versions of
C<Catalyst::Devel> have used a variety of methods to load the plugins.
You can put the plugins in the C<use Catalyst> statement if you
prefer.
+Once again (remain sharp, by now you should be getting the hang of things)
+include this additional plugin as a new dependency in the Makefile.PL file
+like this:
-=head2 Add Config Information for Authorization
-
-Edit C<myapp.conf> and update it to match the following (the
-C<role_relation> and C<role_field> definitions are new):
-
- # rename this file to MyApp.yml and put a : in front of "name" if
- # you want to use yaml like in old versions of Catalyst
- name MyApp
- <authentication>
- default_realm dbic
- <realms>
- <dbic>
- <credential>
- # Note this first definition would be the same as setting
- # __PACKAGE__->config->{authentication}->{realms}->{dbic}
- # ->{credential} = 'Password' in lib/MyApp.pm
- #
- # Specify that we are going to do password-based auth
- class Password
- # This is the name of the field in the users table with the
- # password stored in it
- password_field password
- # Switch to more secure hashed passwords
- password_type hashed
- # Use the SHA-1 hashing algorithm
- password_hash_type SHA-1
- </credential>
- <store>
- # Use DBIC to retrieve username, password & role information
- class DBIx::Class
- # This is the model object created by Catalyst::Model::DBIC
- # from your schema (you created 'MyApp::Schema::Result::User'
- # but as the Catalyst startup debug messages show, it was
- # loaded as 'MyApp::Model::DB::Users').
- # NOTE: Omit 'MyApp::Model' here just as you would when using
- # '$c->model("DB::Users)'
- user_class DB::Users
- # This is the name of a many_to_many relation in the users
- # object that points to the roles for that user
- role_relation roles
- # This is the name of field in the roles table that contains
- # the role information
- role_field role
- </store>
- </dbic>
- </realms>
- </authentication>
-
+ requires (
+ ...
+ 'Catalyst::Plugin::Authorization::Roles' => '0',
+ );
=head2 Add Role-Specific Logic to the "Book List" Template
<ul>
[% # Dump list of roles -%]
- [% FOR role = c.user.roles %]<li>[% role %]</li>[% END %]
+ [% FOR role = c.user.role %]<li>[% role %]</li>[% END %]
</ul>
<p>
roles assigned to the user.
-=head2 Limit C<Books::add> to C<admin> Users
+=head2 Limit Books::add to 'admin' Users
C<IF> statements in TT templates simply control the output that is sent
to the user's browser; it provides no real enforcement (if users know or
if ($c->check_user_roles('admin')) {
# Call create() on the book model object. Pass the table
# columns/field values we want to set as hash values
- my $book = $c->model('DB::Books')->create({
+ my $book = $c->model('DB::Book')->create({
title => $title,
rating => $rating
});
# Add a record to the join table for this book, mapping to
# appropriate author
- $book->add_to_book_authors({author_id => $author_id});
+ $book->add_to_book_author({author_id => $author_id});
# Note: Above is a shortcut for this:
- # $book->create_related('book_authors', {author_id => $author_id});
+ # $book->create_related('book_author', {author_id => $author_id});
# Assign the Book object to the stash for display in the view
$c->stash->{book} = $book;
- # This is a hack to disable XSUB processing in Data::Dumper
- # (it's used in the view). This is a work-around for a bug in
- # the interaction of some versions or Perl, Data::Dumper & DBIC.
- # You won't need this if you aren't using Data::Dumper (or if
- # you are running DBIC 0.06001 or greater), but adding it doesn't
- # hurt anything either.
- $Data::Dumper::Useperl = 1;
-
# Set the TT template to use
$c->stash->{template} = 'books/create_done.tt2';
} else {
For example, let's add a method to our C<Books.pm> Result Class to
check if a user is allowed to delete a book. Open
-C<lib/MyApp/Schema/Result/Books.pm> and add the following method
+C<lib/MyApp/Schema/Result/Book.pm> and add the following method
(be sure to add it below the "C<DO NOT MODIFY ...>" line):
=head2 delete_allowed_by
Here we call a C<has_role> method on our user object, so we should add
this method to our Result Class. Open
-C<lib/MyApp/Schema/Result/Users.pm> and add this near the top:
-
- use Perl6::Junction qw/any/;
-
-And then add the following method below the "C<DO NOT MODIFY ...>"
-line:
+C<lib/MyApp/Schema/Result/User.pm> and add the following method below
+the "C<DO NOT MODIFY ...>" line:
=head 2 has_role
=cut
+ use Perl6::Junction qw/any/;
sub has_role {
my ($self, $role) = @_;
projects / catagits/Catalyst-Manual.git / blobdiff