[Catalyst] Three DBIC Authentication/Authorization questions
Dennis Daupert
ddaupert at sbcglobal.net
Fri Jan 6 00:40:58 CET 2006
Skipped content of type multipart/alternative-------------- next part --------------
Three DBIC Authentication/Authorization questions
I have auth working, to a degree, yay! I have three general areas: a public area anyone can browse; a Members area requiring registration; and an admin area. I can bring up my app, click login to go to my admin area, and I get authed. But still having problems. To save time, I'll put them all in here.
(Code details at end)
PROBLEM 1: (ACCESS DENIED EXCEPTION) When I try logging into /admin area as some non-authorized user, I get debug screen: "Caught exception Access to admin/begin denied by rule CODE(0xe182d0)." I want to simply display a nice "not authorized" message. I can't see what I'm doing wrong.
PROBLEM 2: (LOGOUT REMAINS) I have a TT wrapper that displays different navigation menus depending on whether the user is an admin or a public user:
[% IF c.user.id == "admin" %]
[% INCLUDE page/adm_menu.tt %]
[% ELSE %]
[% INCLUDE page/menu.tt %]
[% END %]
But after invoking logout and being returned to the app home page, I still see the admin menu. I can see in the debug printout messages the session is restored. I thought logout was supposed to kill sessions, also. Is there something else I need to do?
PROBLEM 3: I need to be able to display the role of the login user as well as the user id. For example
<b>Admin: [% c.user.id %] Role: [% c.user.role %]</b>
Of course, [% c.user.role %] doesn't work.
#----------------------------------
Code details
#----------------------------------
package MyApp2;
use Catalyst qw/-Debug Static::Simple
FillInForm
FormValidator
Session
Session::Store::FastMmap
Session::State::Cookie
Authentication
Authentication::Store::DBIC
Authentication::Credential::Password
Authorization::Roles
Authorization::ACL
/;
# Authentication
__PACKAGE__->config->{authentication}->{dbic} = {
user_class => 'MyApp2::Model::DBIC::Users',
user_field => 'username',
password_field => 'password',
password_type => 'clear',
};
# Authorization using a many-to-many role relationship
__PACKAGE__->config->{authorization}->{dbic} = {
role_class => 'MyApp2::Model::DBIC::Roles',
role_field => 'role',
role_rel => 'map_user_role',
user_role_user_field => 'user',
};
__PACKAGE__->setup;
__PACKAGE__->deny_access_unless( "/admin", [qw/admin/] );
1;
#----------------------------------
package MyApp2::Controller::Auth;
#-------------------------------------------------
sub login : Local {
my ( $self, $c ) = @_;
my @errors;
$c->stash->{'template'} = 'login.tt';
if ( $c->req->param('op') eq 'SUBMIT' ) {
$c->form(required => [qw/username password/]);
# Are field entries OK?
if ($c->form->success) {
# Are credentials present?
if ($c->login( $c->req->param('username'),
$c->req->param('password') )) {
# Admit to admin area
$c->res->redirect($c->uri_for('/admin/quotes/list'));
} # end if c->login
else {
push @errors, 'Login failed. Please check your login entries and try again';
}
} # end if c->form->success
else {
@errors = map("The field '$_' is required!", $c->form->missing);
}
} # end if op = SUBMIT
push @{$c->stash->{'errors'}}, @errors;
}
#-------------------------------------------------
sub access_denied : Private {
my ( $self, $c, $action ) = @_;
my @errors = ();
$c->stash->{'template'} = 'login.tt';
push @errors, 'Sorry, access is not authorized';
}
#-------------------------------------------------
sub logout : Global {
my ($self, $c) = @_;
if ( $c->user_exists ) {
$c->logout;
#$c->res->redirect('/');
}
else {
$c->forward("auth/login");
}
};
#-------------------------------------------------
=======================================================
Let's say I have this setup:
MyApp2
Controller
Admin
Some.pm
Another.pm
Public
This.pm
That.pm
Members
Some.pm
Another.pm
More information about the Catalyst
mailing list