Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Catalyst::Plugin::AuthUseraContributedaPelyst::Plugin::Authorization::Roles(3)

NAME
       Catalyst::Plugin::Authorization::Roles -	Role based authorization for
       Catalyst	based on Catalyst::Plugin::Authentication

SYNOPSIS
	   use Catalyst	qw/
	       Authentication
	       Authorization::Roles
	   /;

	   sub delete :	Local {
	       my ( $self, $c )	= @_;

	       $c->assert_user_roles( qw/admin/	); # only admins can delete

	       $c->model("Foo")->delete_it();
	   }

DESCRIPTION
       Role based access control is very simple: every user has	a list of
       roles, which that user is allowed to assume, and	every restricted part
       of the app makes	an assertion about the necessary roles.

       With "assert_user_roles", if the	user is	a member in all	of the
       required	roles access is	granted. Otherwise, access is denied. With
       "assert_any_user_role" it is enough that	the user is a member in	one
       role.

       There are alternative approaches	to do this on a	per action basis, see
       Catalyst::ActionRole::ACL.

       For example, if you have	a CRUD application, for	every mutating action
       you probably want to check that the user	is allowed to edit. To do
       this, create an editor role, and	add that role to every user who	is
       allowed to edit.

	   sub edit : Local {
	       my ( $self, $c )	= @_;
	       $c->assert_user_roles( qw/editor/ );
	       $c->model("TheModel")->make_changes();
	   }

       When this plugin	checks the roles of a user it will first see if	the
       user supports the self check method.

       When this is not	supported the list of roles is extracted from the user
       using the "roles" method.

       When this is supported, the "check_roles" method	will be	used to
       delegate	the role check to the user class. Classes like the one
       provided	with iCatalyst::Authentication::Store::DBIx::Class optimize
       the check this way.

METHODS
       assert_user_roles [ $user ], @roles
	   Checks that the user	(as supplied by	the first argument, or,	if
	   omitted, "$c->user")	has the	specified roles.

	   If for any reason ("$c->user" is not	defined, the user is missing a
	   role, etc) the check	fails, an error	is thrown.

	   You can either catch	these errors with an eval, or clean them up in
	   your	"end" action.

       check_user_roles	[ $user	], @roles
	   Takes the same args as "assert_user_roles", and performs the	same
	   check, but instead of throwing errors returns a boolean value.

       assert_any_user_role [ $user ], @roles
	   Checks that the user	(as supplied by	the first argument, or,	if
	   omitted, "$c->user")	has at least one of the	specified roles.

	   Other than that, works like "assert_user_roles".

       check_any_user_role [ $user ], @roles
	   Takes the same args as "assert_any_user_role", and performs the
	   same	check, but instead of throwing errors returns a	boolean	value.

SEE ALSO
       Catalyst::Plugin::Authentication
       Catalyst::ActionRole::ACL
       Catalyst::Manual::Tutorial::06_Authorization

AUTHOR
       Yuval Kogman <nothingmuch@woobling.org>

COPYRIGHT & LICENSE
       Copyright (c) 2005-2011 the Catalyst::Plugin::Authorization::Roles
       "AUTHOR"	as listed above.

       This library is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

perl v5.24.1			  201Catalyst::Plugin::Authorization::Roles(3)

NAME | SYNOPSIS | DESCRIPTION | METHODS | SEE ALSO | AUTHOR | COPYRIGHT & LICENSE

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Catalyst::Plugin::Authorization::Roles&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help