X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthorization.pod;h=d0ca866fe4e340aad93e412a15b01bfb3878ecc5;hp=331325b3dc03817eefbb956feb2bdc8b60bd8f8d;hb=94d8da411a980c822af29da44d4cbf62a72c25c1;hpb=956740865aa337085c506d81d41e4f69f892bff2 diff --git a/lib/Catalyst/Manual/Tutorial/Authorization.pod b/lib/Catalyst/Manual/Tutorial/Authorization.pod index 331325b..d0ca866 100644 --- a/lib/Catalyst/Manual/Tutorial/Authorization.pod +++ b/lib/Catalyst/Manual/Tutorial/Authorization.pod @@ -64,30 +64,36 @@ at how the ACL authorization plugin can simplify your code. You can checkout the source code for this example from the catalyst subversion repository as per the instructions in -L +L. + =head1 BASIC AUTHORIZATION In this section you learn how to manually configure authorization. + =head2 Update Plugins to Include Support for Authorization Edit C and add C to the list: - use Catalyst qw/ + __PACKAGE__->setup(qw/ -Debug ConfigLoader Static::Simple - + StackTrace - + Authentication Authorization::Roles - + Session Session::Store::FastMmap Session::State::Cookie - /; + /; + +B As discussed in MoreCatalystBasics, different versions of +C have used a variety of methods to load the plugins. +You put the plugins in the C statement if you prefer. =head2 Add Config Information for Authorization @@ -95,6 +101,8 @@ Edit C and add C to the list: Edit C and update it to match the following (the C and C definitions are new): + # rename this file to MyApp.yml and put a : in front of "name" if + # you want to use yaml like in old versions of Catalyst name MyApp default_realm dbic @@ -143,12 +151,12 @@ Open C in your editor and add the following lines to the bottom of the file:

Hello [% c.user.username %], you have the following roles:

- +
    [% # Dump list of roles -%] [% FOR role = c.user.roles %]
  • [% role %]
    • [% END %]
- +

[% # Add some simple role-specific logic to template %] [% # Use $c->check_user_roles() to check authz -%] @@ -156,7 +164,7 @@ lines to the bottom of the file: [% # Give normal users a link for 'logout' %] Logout [% END %] - + [% # Can also use $c->user->check_roles() to check authz -%] [% IF c.check_user_roles('admin') %] [% # Give admin users a link for 'create' %] @@ -167,6 +175,7 @@ lines to the bottom of the file: This code displays a different combination of links depending on the roles assigned to the user. + =head2 Limit C to C Users C statements in TT templates simply control the output that is sent @@ -180,18 +189,18 @@ admin-level users by editing C and updating C to match the following code: =head2 url_create - + Create a book with the supplied title and rating, with manual authorization - + =cut - + sub url_create : Local { # In addition to self & context, get the title, rating & author_id args # from the URL. Note that Catalyst automatically puts extra information # after the "//check_user_roles('admin')) { # Call create() on the book model object. Pass the table @@ -200,16 +209,16 @@ updating C to match the following code: title => $title, rating => $rating }); - + # Add a record to the join table for this book, mapping to # appropriate author $book->add_to_book_authors({author_id => $author_id}); # Note: Above is a shortcut for this: # $book->create_related('book_authors', {author_id => $author_id}); - + # Assign the Book object to the stash for display in the view $c->stash->{book} = $book; - + # This is a hack to disable XSUB processing in Data::Dumper # (it's used in the view). This is a work-around for a bug in # the interaction of some versions or Perl, Data::Dumper & DBIC. @@ -217,7 +226,7 @@ updating C to match the following code: # you are running DBIC 0.06001 or greater), but adding it doesn't # hurt anything either. $Data::Dumper::Useperl = 1; - + # Set the TT template to use $c->stash->{template} = 'books/create_done.tt2'; } else { @@ -242,6 +251,7 @@ create a new copy and comment out the original by making it look like a Pod comment. For example, put something like C<=begin> before C and C<=end> after the closing C<}>. + =head2 Try Out Authentication And Authorization Press C to kill the previous server instance (if it's still @@ -249,13 +259,13 @@ running) and restart it: $ script/myapp_server.pl -Now trying going to L and you should -be taken to the login page (you might have to C your -browser and/or click the "Logout" link on the book list page). Try -logging in with both C and C (both use a password -of C) and notice how the roles information updates at the -bottom of the "Book List" page. Also try the C link on the -book list page. +Now trying going to L and you should +be taken to the login page (you might have to C or +C your browser and/or click the "Logout" link on the book +list page). Try logging in with both C and C (both +use a password of C) and notice how the roles information +updates at the bottom of the "Book List" page. Also try the C +link on the book list page. Now the "url_create" URL will work if you are already logged in as user C, but receive an authorization failure if you are logged in as @@ -263,8 +273,8 @@ C. Try: http://localhost:3000/books/url_create/test/1/6 -while logged in as each user. Use one of the 'Logout' links (or go to -L in your browser directly) when you are +while logged in as each user. Use one of the 'Logout' links (or go to +L in your browser directly) when you are done. @@ -275,20 +285,22 @@ L plugin can automate much of the work required to perform role-based authorization in a Catalyst application. + =head2 Add the C Plugin Open C in your editor and add the following plugin to the -C statement: +C<__PACKAGE__-Esetup> statement: Authorization::ACL Note that the remaining C plugins from earlier sections are not shown here, but they should still be included. + =head2 Add ACL Rules to the Application Class Open C in your editor and add the following B the -C<__PACKAGE__-Esetup;> statement: +C<__PACKAGE__-Esetup> statement: # Authorization::ACL Rules __PACKAGE__->deny_access_unless( @@ -358,6 +370,7 @@ C B the C<__PACKAGE__-Esetup;> line. =back + =head2 Add a Method to Handle Access Violations By default, @@ -372,17 +385,17 @@ Open C in your editor and add the following method: =head2 access_denied - + Handle Catalyst::Plugin::Authorization::ACL access denied exceptions - + =cut - + sub access_denied : Private { my ($self, $c) = @_; - + # Set the error message $c->stash->{error_msg} = 'Unauthorized!'; - + # Display the list $c->forward('list'); } @@ -409,7 +422,7 @@ Kennedy Clark, C Please report any errors, issues or suggestions to the author. The most recent version of the Catalyst Tutorial can be found at -L. +L. Copyright 2006-2008, Kennedy Clark, under Creative Commons License (L).