X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthorization.pod;h=7eb2a4e9911b59203d045b1dad7508a17a56ad7c;hp=66ada75dbe465324f7312486098022815988c6fc;hb=a46b474eb241c3eac09ac0cd8af400a864de3ee5;hpb=1390ef0ecd30a0dcfe59f212353ed81094fdf64a
diff --git a/lib/Catalyst/Manual/Tutorial/Authorization.pod b/lib/Catalyst/Manual/Tutorial/Authorization.pod
index 66ada75..7eb2a4e 100644
--- a/lib/Catalyst/Manual/Tutorial/Authorization.pod
+++ b/lib/Catalyst/Manual/Tutorial/Authorization.pod
@@ -1,11 +1,11 @@
=head1 NAME
-Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Part 6: Authorization
+Catalyst::Manual::Tutorial::Authorization - Catalyst Tutorial - Chapter 6: Authorization
=head1 OVERVIEW
-This is B for the Catalyst tutorial.
+This is B for the Catalyst tutorial.
L
@@ -56,11 +56,12 @@ L
=head1 DESCRIPTION
-This part of the tutorial adds role-based authorization to the existing
-authentication implemented in Part 5. It provides simple examples of
-how to use roles in both TT templates and controller actions. The first
-half looks at manually configured authorization. The second half looks
-at how the ACL authorization plugin can simplify your code.
+This chapter of the tutorial adds role-based authorization to the
+existing authentication implemented in Chapter 5. It provides simple
+examples of how to use roles in both TT templates and controller
+actions. The first half looks at basic authorization concepts. The
+second half looks at how moving your authorization code to your model
+can simplify your code and make things easier to maintain.
You can checkout the source code for this example from the catalyst
subversion repository as per the instructions in
@@ -69,76 +70,33 @@ L.
=head1 BASIC AUTHORIZATION
-In this section you learn how to manually configure authorization.
+In this section you learn the basics of how authorization works under
+Catalyst.
=head2 Update Plugins to Include Support for Authorization
Edit C and add C to the list:
- __PACKAGE__->setup(qw/
- -Debug
- ConfigLoader
- Static::Simple
-
- StackTrace
-
- Authentication
- Authorization::Roles
-
- Session
- Session::Store::FastMmap
- Session::State::Cookie
- /;
-
-
-=head2 Add Config Information for Authorization
-
-Edit C and update it to match the following (the
-C and C definitions are new):
-
- # rename this file to MyApp.yml and put a : in front of "name" if
- # you want to use yaml like in old versions of Catalyst
- name MyApp
-
- default_realm dbic
-
-
-
- # Note this first definition would be the same as setting
- # __PACKAGE__->config->{authentication}->{realms}->{dbic}
- # ->{credential} = 'Password' in lib/MyApp.pm
- #
- # Specify that we are going to do password-based auth
- class Password
- # This is the name of the field in the users table with the
- # password stored in it
- password_field password
- # Switch to more secure hashed passwords
- password_type hashed
- # Use the SHA-1 hashing algorithm
- password_hash_type SHA-1
-
-
- # Use DBIC to retrieve username, password & role information
- class DBIx::Class
- # This is the model object created by Catalyst::Model::DBIC
- # from your schema (you created 'MyApp::Schema::User' but as
- # the Catalyst startup debug messages show, it was loaded as
- # 'MyApp::Model::DB::Users').
- # NOTE: Omit 'MyApp::Model' here just as you would when using
- # '$c->model("DB::Users)'
- user_class DB::Users
- # This is the name of a many_to_many relation in the users
- # object that points to the roles for that user
- role_relation roles
- # This is the name of field in the roles table that contains
- # the role information
- role_field role
-
-
-
-
+ # Load plugins
+ use Catalyst qw/-Debug
+ ConfigLoader
+ Static::Simple
+
+ StackTrace
+
+ Authentication
+ Authorization::Roles
+
+ Session
+ Session::Store::FastMmap
+ Session::State::Cookie
+ /;
+
+B As discussed in MoreCatalystBasics, different versions of
+C have used a variety of methods to load the plugins.
+You can put the plugins in the C
@@ -172,7 +131,7 @@ This code displays a different combination of links depending on the
roles assigned to the user.
-=head2 Limit C to C Users
+=head2 Limit Books::add to 'admin' Users
C statements in TT templates simply control the output that is sent
to the user's browser; it provides no real enforcement (if users know or
@@ -191,7 +150,7 @@ updating C to match the following code:
=cut
- sub url_create : Local {
+ sub url_create :Chained('base') :PathPart('url_create') :Args(3) {
# In addition to self & context, get the title, rating & author_id args
# from the URL. Note that Catalyst automatically puts extra information
# after the "// to match the following code:
# Assign the Book object to the stash for display in the view
$c->stash->{book} = $book;
- # This is a hack to disable XSUB processing in Data::Dumper
- # (it's used in the view). This is a work-around for a bug in
- # the interaction of some versions or Perl, Data::Dumper & DBIC.
- # You won't need this if you aren't using Data::Dumper (or if
- # you are running DBIC 0.06001 or greater), but adding it doesn't
- # hurt anything either.
- $Data::Dumper::Useperl = 1;
-
# Set the TT template to use
$c->stash->{template} = 'books/create_done.tt2';
} else {
- # Provide very simple feedback to the user
+ # Provide very simple feedback to the user.
$c->response->body('Unauthorized!');
}
}
@@ -240,12 +191,12 @@ way to demonstrate that TT templates will not be used if the response
body has already been set. In reality you would probably want to use a
technique that maintains the visual continuity of your template layout
(for example, using the "status" or "error" message feature added in
-Part 3).
+Chapter 3 or C to an action that shows an "unauthorized" page).
B: If you want to keep your existing C method, you can
create a new copy and comment out the original by making it look like a
-Pod comment. For example, put something like C<=begin> before C and C<=end> after the closing C<}>.
+Pod comment. For example, put something like C<=begin> before
+C and C<=end> after the closing C<}>.
=head2 Try Out Authentication And Authorization
@@ -257,10 +208,10 @@ running) and restart it:
Now trying going to L and you should
be taken to the login page (you might have to C or
-C your browser and/or click the "Logout" link on the book
+C your browser and/or click the "User Logout" link on the book
list page). Try logging in with both C and C (both
use a password of C) and notice how the roles information
-updates at the bottom of the "Book List" page. Also try the C
+updates at the bottom of the "Book List" page. Also try the "User Logout"
link on the book list page.
Now the "url_create" URL will work if you are already logged in as user
@@ -269,146 +220,124 @@ C. Try:
http://localhost:3000/books/url_create/test/1/6
-while logged in as each user. Use one of the 'Logout' links (or go to
+while logged in as each user. Use one of the "logout" links (or go to
L in your browser directly) when you are
done.
-=head1 ENABLE ACL-BASED AUTHORIZATION
-
-This section takes a brief look at how the
-L
-plugin can automate much of the work required to perform role-based
-authorization in a Catalyst application.
-
-
-=head2 Add the C Plugin
-
-Open C in your editor and add the following plugin to the
-C<__PACKAGE__-Esetup> statement:
-
- Authorization::ACL
-
-Note that the remaining C