Data::ACL - Perl extension for simple ACL lists

 use Data::ACL;
 use Set::NestedGroups;  #   See Set::NestedGroups documentation

 my $groups = Set::NestedGroups->new;
 $groups->add( 'root', 'wheel' );
 $groups->add( 'wheel', 'staff' );
 $groups->add( 'webmaster', 'staff' );

 my $acl = Data::ACL->new( $groups );
 my $web = $acl->Realm( 'web' );
 $web->Deny( 'all' );
 $web->Allow( 'staff' );

 &DenyAccess unless $acl->IsAuthorized( $user, 'web' );

This module implements a series of allowed and denied access control lists for permissive controls. The Set::NestedGroups module is used to define users and nested permissive groups.

The following methods are available through this module for use in the creation and manipulation of access control lists. No methods of this module may be exported into the calling namespace.

new

 my $acl = Data::ACL->new( $groups );

The method creates a new access control list module and requires the Set::NestedGroups object of defined users and nested permissive groups to be passed to this object constructor.

Realm

 my $realm = $acl->Realm( $name );

This method creates a new authentication realm to which users and groups can be assigned access rights via the Allow and Deny methods.

Allow

 $realm->Allow( $group );

This method grants access rights to the user or group passed as an argument to this method within the authentication realm object defined previously by the $acl->Realm method.

Deny

 $realm->Deny( $group );

This method denies access rights to the user or group passed as an argument to this method within the authentication realm object defined previously by the $acl->Realm method.

IsAuthorized

 if ( $acl->IsAuthorized( $user, $name ) ) { ... }

This method is used to test the access rights of a user or group to the authentication realm defined by $name.

Set::NestedGroups

0.02

Ariel Brosh, schop@cpan.org (Inactive); Rob Casey, robau@cpan.org