CGI::Application::Plugin::Authorization::Driver - Base module for building driver classes

CGI-Application-Plugin-Authorization documentation Contained in the CGI-Application-Plugin-Authorization distribution.

Index

Code Index:

NAME

Top

CGI::Application::Plugin::Authorization::Driver - Base module for building driver classes for CGI::Application::Plugin::Authorization

SYNOPSIS

Top

 package CGI::Application::Plugin::Authorization::Driver::MyDriver;
 use base qw(CGI::Application::Plugin::Authorization::Driver);

  sub authorize_user {
      my $self = shift;
      my @params = @_;

      if ( >>> Valid Access Permissions <<< ) {
          return 1;
      }
      return;
  }

DESCRIPTION

Top

This module is a base class for all driver classes for the CGI::Application::Plugin::Authorization plugin. Each driver class is required to provide only one method to authorize the given parameters. Often this will be a list of groups that the user needs to be a part of, although it could be anything.

METHODS

Top

new

This is a constructor that can create a new Driver object. It requires an Authorization object as its first parameter, and any number of other parameters that will be used as options depending on which Driver object is being created. You shouldn't need to call this as the Authorization plugin takes care of creating Driver objects.

initialize

This method will be called right after a new Driver object is created. So any startup customizations can be dealt with here.

options

This will return a list of options that were provided when this driver was configured by the user.

find_option

This method will search the Driver options for a specific key and return the value it finds. This method assumes that the Driver configuration contains a hash of information. If it does not, then you will have to parse the option manually in the subclass.

authz

This will return the underlying CGI::Application::Plugin::Authorization object. In most cases it will not be necesary to access this.

username

This will return the name of the current logged in user by calling the username method documented in CGI::Application::Plugin::Authorization.

authorize

 # User must be in the admin group to have access to this runmode
 return $self->authz->forbidden unless $self->authz->authorize('admin');

This method will verify that the currently logged in user (as found through username) passes the authorization checks based on the given parameters, usually a list of groups.

authorize_user

This method needs to be provided by the driver class. It needs to be an object method that accepts a username, followed by a list of parameters, and will verify that the user passes the authorization checks based on the given parameters. It should return a true value if the checks succeed.

SEE ALSO

Top

CGI::Application::Plugin::Authorization, perl(1)

AUTHOR

Top

Cees Hek <ceeshek@gmail.com>

LICENCE AND COPYRIGHT

Top

Copyright (c) 2005, SiteSuite. All rights reserved.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

DISCLAIMER OF WARRANTY

Top

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CGI-Application-Plugin-Authorization documentation Contained in the CGI-Application-Plugin-Authorization distribution. 
package CGI::Application::Plugin::Authorization::Driver;

use strict;
use warnings;

use UNIVERSAL::require;


sub new {
    my $class = shift;
    my $self = {};
    my $authz = shift;
    my @options = @_;

    bless $self, $class;
    $self->{authz} = $authz;
    Scalar::Util::weaken($self->{authz}); # weaken circular reference
    $self->{options} = \@options;
    $self->initialize;
    return $self;
}


sub initialize {
    my $self = shift;
    # override this in the subclass if you need it
    return;
}


sub options { return (@{$_[0]->{options}}) }


sub find_option {
    my $self = shift;
    my $key = shift;
    my @options = $self->options;
    my $marker = 0;
    foreach my $option (@options) {
        if ($marker) {
            return $option;
        } elsif ($option eq $key) {
            # We need the next element
            $marker = 1;
        }
    }
    return;
}


sub authz { return $_[0]->{authz} }


sub username {
    my $self = shift;

    return $self->authz->username;
}


sub authorize {
    my $self = shift;
    my @groups = @_;
    return $self->authorize_user($self->username, @groups);
}


sub authorize_user {
    die "authorize_user must be implemented in the subclass";
}



1;