Then open C<lib/MyApp/Controller/Login.pm> and add:
- =head2 default
+ =head2 base
Login logic
=cut
- sub default : Private {
+ sub base :Path :Args(0) {
my ($self, $c) = @_;
# Get the username and password from form
C<password> values are not present in the form, the user will be taken
to the empty login form.
+We are using C<sub base :Path :Args(0) {...}> here to specifically match
+the URL C</login>. C<Path> actions (aka, "literal actions") create URI
+matches relative to the namespace of the controller where they are defined.
+Although C<Path> supports arguments that allow relative and absolute paths
+to be defined, here we use an empty C<Path> definition to match on just the
+name of the controller itself. The method name, C<base>, is arbitrary.
+We make the match even more specific with the C<:Args(0)> action modifier
+-- this forces the match on I<only> C</login>, not C</login/somethingelse>.
+
+Note that we could have used something like C<sub default :Private>;
+however, the use of C<default> actions is discouraged because it does
+not receive path args as with other actions. The recommended practice
+is to only use C<default> in C<MyApp::Controller::Root>.
+
Next, create a corresponding method in C<lib/MyApp/Controller/Logout.pm>:
- =head2 default
+ =head2 base
Logout logic
=cut
- sub default : Private {
+ sub base :Path :Args(0) {
my ($self, $c) = @_;
# Clear the user's state
$c->response->redirect($c->uri_for('/'));
}
+Note that we are using the same C<sub base :Path :Args(0) {...}> style
+of action as with the login logic.
+
=head2 Add a Login Form TT Template Page
# This is the model object created by Catalyst::Model::DBIC from your
# schema (you created 'MyAppDB::User' but as the Catalyst startup
# debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
- # NOTE: Omit 'MyAppDB::Model' to avoid a component lookup issue in Catalyst 5.66
+ # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66
user_class: MyAppDB::User
# This is the name of the field in your 'users' table that contains the user's name
user_field: username
# This is the model object created by Catalyst::Model::DBIC from your
# schema (you created 'MyAppDB::Role' but as the Catalyst startup
# debug messages show, it was loaded as 'MyApp::Model::MyAppDB::Role').
- # NOTE: Omit 'MyAppDB::Model' to avoid a component lookup issue in Catalyst 5.66
+ # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66
role_class: MyAppDB::Role
# The name of the field in the 'roles' table that contains the role name
role_field: role
Now trying going to L<http://localhost:3000/books/list> and you should
be taken to the login page (you might have to C<Shift+Reload> your
-browser). Try logging in with both C<test01> and C<test02> (both use a
-password of C<mypass>) and notice how the roles information updates at
-the bottom of the "Book List" page. Also try the C<Logout> link on the
+browser and/or click the "Logout" link on the book list page). Try
+logging in with both C<test01> and C<test02> (both use a password
+of C<mypass>) and notice how the roles information updates at the
+bottom of the "Book List" page. Also try the C<Logout> link on the
book list page.
Now the "url_create" URL will work if you are already logged in as user
L<http://localhost:3000/logout> in you browser directly) when you are
done.
+
=head1 ENABLE ACL-BASED AUTHORIZATION
This section takes a brief look at how the
-L<Catalyst::Plugin::Authorization::ACL> plugin can automate much of the
-work required to perform role-based authorization in a Catalyst
-application.
+L<Catalyst::Plugin::Authorization::ACL|Catalyst::Plugin::Authorization::ACL>
+plugin can automate much of the work required to perform role-based
+authorization in a Catalyst application.
=head2 Add the C<Catalyst::Plugin::Authorization::ACL> Plugin
Each of the three statements above comprises an ACL plugin "rule". The
first two rules only allow admin-level users to create new books using
the form (both the form itself and the data submission logic are
-protected). The third statement allows both users and admin to delete
+protected). The third statement allows both users and admins to delete
books. The C</books/url_create> action will continue to be protected by
the "manually configured" authorization created earlier in this part of
the tutorial.
=head2 Add a Method to Handle Access Violations
By default,
-L<Catalyst::Plugin::Authorization::ACL>
+L<Catalyst::Plugin::Authorization::ACL|Catalyst::Plugin::Authorization::ACL>
throws an exception when authorization fails. This will take the user
to the Catalyst debug screen, or a "Please come back later" message if
you are not using the C<-Debug> flag. This step uses the
# Set the error message
$c->stash->{error_msg} = 'Unauthorized!';
-
+
# Display the list
$c->forward('list');
}
-
Then run the Catalyst development server script:
$ script/myapp_server.pl
Copyright 2006, Kennedy Clark, under Creative Commons License
(L<http://creativecommons.org/licenses/by-nc-sa/2.5/>).
-Version: .94
-
<td>
[% # First initialize a TT variable to hold a list. Then use a TT FOREACH -%]
[% # loop in 'side effect notation' to load just the last names of the -%]
- [% # authors into the list. Note that we are making a bogus assignment to -%]
- [% # the 'xx' vbl to avoid printing the size of the list after each push. -%]
+ [% # authors into the list. Note that we make a bogus assignment to the -%]
+ [% # 'unused' vbl to avoid printing the size of the list after each push. -%]
[% tt_authors = [ ];
- xx = tt_authors.push(author.last_name) FOREACH author = book.authors %]
+ unused = tt_authors.push(author.last_name) FOREACH author = book.authors %]
[% # Now use a TT 'virtual method' to display the author count in parens -%]
([% tt_authors.size %])
[% # Use another vmethod to join & print the names with comma separators -%]