[Catalyst] "no role configuration found" -- authorization: dbic and DBI::Schema::Loader

Ashley Pond V apv at sedition.com
Mon Dec 17 06:49:44 GMT 2007 

Thanks for still looking at this, Jay. This is the top of the method  
with some "die" decoration:

Take 1:
     my ( $self, $c ) = @_;
     die "This will die";
     $c->assert_user_roles("no such role");

Take 2:
     my ( $self, $c ) = @_;
     $c->assert_user_roles("no such role");
     die "This will not fire";

I can put the assert in an eval block but $@ is not set so it doesn't  
help to see what's happening. There is no information in the logs at  
the point the code fails.

I guess I'll ask our admin to pull  
Catalyst::Plugin::Authentication::Store::DBIx::Class, yeah?  
Authentication is working fine, by the by. It's just Authorization  
that's wonky right now.

Pasting my setup stuff below.

-Ashley
-- 

use Catalyst qw/
     ConfigLoader
     -Debug
     Unicode
     StackTrace
     Static::Simple
     Authentication
     Authorization::Roles
     Session
     Session::Store::FastMmap
     Session::State::Cookie
/;
----------------
...User.pm

__PACKAGE__->has_many(
   "user_roles",
   "MyApp::Schema::UserRole",
   { "foreign.user" => "self.id" },
);


# Created by DBIx::Class::Schema::Loader v0.04004 @ 2007-12-16 13:36:55
# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:qroNdEXQL4pOH80kVPQquw

__PACKAGE__->many_to_many(roles => 'user_roles', 'name');
---------------
yml
authentication:
   default_realm: users
   realms:
     users:
       credential:
         class: Password
         password_type: hashed
         password_hash_type: SHA-1
       store:
         class: DBIx::Class
         user_class: User
         role_relation: roles
         role_field: name

# doesn't matter whether or not the authorization stuff is there but  
this is what i've played with (and *many* permutations of the arguments)

authorization:
   dbic:
     role_class: Role
     role_field: name
     user_class: User
     user_field: user
     user_role_user_field: user
     user_role_role_field: role
     role_rel: user_roles
     user_role_class: UserRole



On Dec 16, 2007, at 9:20 PM, Jay K wrote:

> Hi Ashley,
>
> The log message you see is a result of the recent move away from  
> the Catalyst::Plugin::Authentication namespace for stores /  
> credentials.
>
> It falls back to the old naming and warns if it can't find the new  
> module.. It should, however, have no effect on the functionality of  
> the code.
>
> It's not a bad idea to update the DBIx::Class store - but be sure  
> to remove the Catalyst::Plugin::Authentication::Store::DBIx::Class  
> module first - just to avoid conflicts.  Nothing has changed  
> related to roles in the update, so it shouldn't make any difference.
>
> I don't know why the assert is failing, it should not - what do you  
> get if you use $c->check_user_roles() - valid results?
>
> Jay
>
>
> On Dec 16, 2007, at 4:27 PM, Ashley Pond V wrote:
>
>> Continuing saga. So I set up the many_to_many and lo! It worked.  
>> But it worked with *any* role, even fake ones, so obviously  
>> something was bad. Turned out that it was silently failing instead  
>> of throwing an access exception (but there was a template set by  
>> the namespace so the page rendered as expected).
>>
>>  # failed silently (as far as Cat was concerned)
>>  $c->assert_user_roles("there is no role called this");
>>
>> So, dug into the log:
>>
>> [Sun Dec 16 16:13:20 2007] [error] [client 67.170.68.172] [warn]  
>> Store class "Catalyst::Authentication::Store::DBIx::Class" not  
>> found, trying deprecated ::Plugin:: style naming. , referer: [...]
>>
>> Would love to have more, rather than fewer exceptions thrown. I  
>> think the missing class was the cause of a couple of red herrings  
>> I followed down the rabbit hole trying to get this running  
>> yesterday [I'm entitled to mix metaphors, I pay an annual fee].  
>> After I get an admin to install the missing package in the morning  
>> I'll regale you with my next series of missteps and annoying  
>> language.
>>
>> Live free or die early, die often,
>> -Ashley
>>
>> On Dec 15, 2007, at 9:52 PM, Jay K wrote:
>>
>>> Hi There Ashley,
>>>
>>> The DBIx::Class module expects to use the relation provided in  
>>> the role_relation config element to retrieve one or more rows,  
>>> which must contain a field called by whatever you provide in  
>>> role_field.
>>>
>>> My guess is that your user_roles table is a cross-ref table -  
>>> userid and roleid essentially.  In order to solve this you need  
>>> to use a many_to_many relationship mapping to the textual role  
>>> names.
>>>
>>> The DBIx::Class module expects you are going to route it to the  
>>> information it needs using the role_relation.  So what you really  
>>> need to do is create the schema class and just define the many-to- 
>>> many for roles.   Then provide that relation to 'role_relation'  
>>> and all your problems should go away.
>>>
>>> It still works with dynamic schema - but you have to create the  
>>> relationship.  You can do that by creating your schema module to  
>>> look something like this:
>>>
>>> package MyApp::Schema::Users;
>>> use strict;
>>> use warnings;
>>>
>>> use base 'DBIx::Class';
>>> __PACKAGE__->load_components("PK::Auto", "Core");
>>>
>>>
>>> __PACKAGE__->has_many('roles_map', "MyApp::Schema::RoleMap",  
>>> user_id');
>>> __PACKAGE__->many_to_many( roles => 'role_map, 'role');
>>>
>>> 1;
>>>
>>> I might have that slightly wrong - I've been moving today so I'm  
>>> a bit overtired.  but basically that allows your schema to  
>>> dynamically figure itself out, but you define the relationships  
>>> for it.
>>>
>>> For some database types, DBIx::Class can figure out your  
>>> relationships for you - but I don't think it can sort out many-to- 
>>> many's anyway.
>>>
>>> Hope that helps.  And I hope it makes as much sense to you as I  
>>> make to myself in my head at the moment.   This, I understand,  
>>> may not be the case.  If not, I'll try again tomorrow.
>>>
>>> Jay
>>>
>>> On Dec 15, 2007, at 5:57 PM, Ashley Pond V wrote:
>>>
>>>> Progressing… Looking at Catalyst/Plugin/Authentication/Store/ 
>>>> DBIC/User.pm I saw a couple of items in the "authentication"  
>>>> config I could set. With "role_relation" and "role_field" set--
>>>>
>>>> authentication:
>>>> default_realm: users
>>>> realms:
>>>>   users:
>>>>     credential:
>>>>       class: Password
>>>>       password_field: password
>>>>       password_type: hashed
>>>>       password_hash_type: SHA-1
>>>>     store:
>>>>       class: DBIx::Class
>>>>       user_class: User
>>>>       role_relation: user_roles
>>>>       role_field: role
>>>>
>>>> --I now get the roles checked but they are failing because they  
>>>> are checking (returning) the role "id" instead of the "name."
>>>>
>>>> $c->user->roles returns a list of the IDs too. So, from reading  
>>>> this,
>>>>    Catalyst::Plugin::Authentication::Store::DBIx::Class::roles()
>>>> it looks like dynamic loader schemas are incompatible right now?  
>>>> I'm trying to figure this out but there is a lot of inter- 
>>>> related code to read, cross-package-configuration, and  
>>>> documentation drift/lag.
>>>>
>>>> Throw me a bone, er, a line!
>>>> -Ashley
>>>>
>>>>
>>>> On Dec 15, 2007, at 10:18 AM, Ashley Pond V wrote:
>>>>> Can you elaborate? "map_user_role" ne "user_role." I have  
>>>>> "role_rel" set to the UserRole class. I tried adding  
>>>>> "user_role" but it didn't help and I don't see it anywhere in  
>>>>> the docs.
>>>>>
>>>>> I should rephrase, I think. Is anyone using  
>>>>> DBIC::Schema::Loader dynamically with role authorization? If  
>>>>> so, please share your configuration or advise of which FMTR.
>>>>>
>>>>> Thanks again,
>>>>> -Ashley
>>>>>
>>>>
>>>> _______________________________________________
>>>> List: Catalyst at lists.scsys.co.uk
>>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/ 
>>>> catalyst
>>>> Searchable archive: http://www.mail-archive.com/ 
>>>> catalyst at lists.rawmode.org/
>>>> Dev site: http://dev.catalyst.perl.org/
>>>
>>> ---
>>> For most things, throwing yourself at the wall over and over is a  
>>> better way to improve than thinking hard about the wall and  
>>> taking pictures of it.  -- D.Litwack
>>>
>>>
>>>
>>> _______________________________________________
>>> List: Catalyst at lists.scsys.co.uk
>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>>> Searchable archive: http://www.mail-archive.com/ 
>>> catalyst at lists.rawmode.org/
>>> Dev site: http://dev.catalyst.perl.org/
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive: http://www.mail-archive.com/ 
>> catalyst at lists.rawmode.org/
>> Dev site: http://dev.catalyst.perl.org/
>
> ---
> "Those who can make you believe absurdities can make you commit  
> atrocities." --Voltaire
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/ 
> catalyst at lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/

More information about the Catalyst mailing list