X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2F06_Authorization.pod;fp=lib%2FCatalyst%2FManual%2FTutorial%2F06_Authorization.pod;h=35f028cc52c3237ebc55a8f6cea45bc7ffa0ae19;hp=5ef7ac4bcf453fb953795e3ded42e7629119c0fa;hb=7ce05098c9b1df9078e709e5a724e821a3b3b00d;hpb=512ec6d005f882e9f4502be3bfc9db2be2e7e1fd diff --git a/lib/Catalyst/Manual/Tutorial/06_Authorization.pod b/lib/Catalyst/Manual/Tutorial/06_Authorization.pod index 5ef7ac4..35f028c 100644 --- a/lib/Catalyst/Manual/Tutorial/06_Authorization.pod +++ b/lib/Catalyst/Manual/Tutorial/06_Authorization.pod @@ -85,12 +85,12 @@ Edit C and add C to the list: -Debug ConfigLoader Static::Simple - + StackTrace - + Authentication Authorization::Roles - + Session Session::Store::File Session::State::Cookie @@ -111,12 +111,12 @@ lines to the bottom of the file: ...

Hello [% c.user.username %], you have the following roles:

- + - +

[% # Add some simple role-specific logic to template %] [% # Use $c->check_user_roles() to check authz -%] @@ -124,7 +124,7 @@ lines to the bottom of the file: [% # Give normal users a link for 'logout' %] User Logout [% END %] - + [% # Can also use $c->user->check_roles() to check authz -%] [% IF c.check_user_roles('admin') %] [% # Give admin users a link for 'create' %] @@ -149,18 +149,18 @@ admin-level users by editing C and updating C to match the following code: =head2 url_create - + Create a book with the supplied title and rating, with manual authorization - + =cut - + sub url_create :Chained('base') :PathPart('url_create') :Args(3) { # In addition to self & context, get the title, rating & author_id args # from the URL. Note that Catalyst automatically puts extra information # after the "//check_user_roles('admin')) { # Call create() on the book model object. Pass the table @@ -169,13 +169,13 @@ updating C to match the following code: title => $title, rating => $rating }); - + # Add a record to the join table for this book, mapping to # appropriate author $book->add_to_book_authors({author_id => $author_id}); # Note: Above is a shortcut for this: # $book->create_related('book_authors', {author_id => $author_id}); - + # Assign the Book object to the stash and set template $c->stash(book => $book, template => 'books/create_done.tt2'); @@ -243,14 +243,14 @@ C and add the following method (be sure to add it below the "C" line): =head2 delete_allowed_by - + Can the specified user delete the current book? - + =cut - + sub delete_allowed_by { my ($self, $user) = @_; - + # Only allow delete if user has 'admin' role return $user->has_role('admin'); } @@ -261,15 +261,15 @@ C and add the following method below the "C" line: =head2 has_role - + Check if a user has the specified role - + =cut - + use Perl6::Junction qw/any/; sub has_role { my ($self, $role) = @_; - + # Does this user posses the required role? return any(map { $_->role } $self->roles) eq $role; } @@ -291,25 +291,25 @@ C and update the C method to match the following code: =head2 delete - + Delete a book - + =cut - + sub delete :Chained('object') :PathPart('delete') :Args(0) { my ($self, $c) = @_; - + # Check permissions $c->detach('/error_noperms') unless $c->stash->{object}->delete_allowed_by($c->user->get_object); - + # Saved the PK id for status_msg below my $id = $c->stash->{object}->id; - + # Use the book object saved by 'object' and delete it along # with related 'book_authors' entries $c->stash->{object}->delete; - + # Redirect the user back to the list page $c->response->redirect($c->uri_for($self->action_for('list'), {mid => $c->set_status_msg("Deleted book $id")})); @@ -321,14 +321,14 @@ for the '/error_noperms' action to work. Open C and add this method: =head2 error_noperms - + Permissions error screen - + =cut - + sub error_noperms :Chained('/') :PathPart('error_noperms') :Args(0) { my ($self, $c) = @_; - + $c->stash(template => 'error_noperms.tt2'); }