Gantry::Plugins::Uaf::Rule - A base class for rules.

Each rule is a custom-written class that implements some aspect of your site's access logic. Rules can choose to grant or deny a request.

 package sample::Test;

 use strict;
 use warnings;

 use base qw(Gantry::Plugins::Uaf::Rule);

 sub grants($$$$) {

     my $self = shift;
     my $user = shift;
     my $action = shift;
     my $resource = shift;

     if ($action eq "edit" && $resource->isa("sample::Record")) {

        return 1 if ($user->username eq "root");

     }

     return 0;

 }

 sub denies($$$$) {

     return 0;

 }

 1;

The Authorize object will only give permission if at least one rule grants permission, and no rule denies it.

It is important that your rules never grant or deny a request they do not understand, so it is a good idea to use type checking to prevent strangeness. Assertions should not be used if you expect different rules to accept different resource types or user types, since each rule is used on every access request.

 Gantry
 Gantry::Plugins::Uaf
 Gantry::Plugins::Uaf::User
 Gantry::Plugins::Uaf::Authenticate
 Gantry::Plugins::Uaf::AuthorizeFactory

Kevin L. Esteb <kesteb@wsipc.org>.

Copyright (C) 2007 Kevin L. Esteb

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.