[Catalyst] "no role configuration found" -- authorization:
dbic and DBI::Schema::Loader
Ashley Pond V
apv at sedition.com
Mon Dec 17 19:36:41 GMT 2007
I backed up to a simple test script, got easier to find errors, and
found the trouble with what I was doing.
__PACKAGE__->many_to_many(roles => 'user_roles', 'name');
needed to be
__PACKAGE__->many_to_many(roles => 'user_roles', 'role');
and a corresponding many_to_many in Role.pm
__PACKAGE__->many_to_many(users => 'user_roles', 'user');
So, I'm all good now but still a bit mystified about the silent
failure(?).
Thanks again,
-Ashley
On Dec 16, 2007, at 10:49 PM, Ashley Pond V wrote:
> Thanks for still looking at this, Jay. This is the top of the
> method with some "die" decoration:
>
> Take 1:
> my ( $self, $c ) = @_;
> die "This will die";
> $c->assert_user_roles("no such role");
>
> Take 2:
> my ( $self, $c ) = @_;
> $c->assert_user_roles("no such role");
> die "This will not fire";
>
> I can put the assert in an eval block but $@ is not set so it
> doesn't help to see what's happening. There is no information in
> the logs at the point the code fails.
>
> I guess I'll ask our admin to pull
> Catalyst::Plugin::Authentication::Store::DBIx::Class, yeah?
> Authentication is working fine, by the by. It's just Authorization
> that's wonky right now.
>
> Pasting my setup stuff below.
>
> -Ashley
> --
>
> use Catalyst qw/
> ConfigLoader
> -Debug
> Unicode
> StackTrace
> Static::Simple
> Authentication
> Authorization::Roles
> Session
> Session::Store::FastMmap
> Session::State::Cookie
> /;
> ----------------
> ...User.pm
>
> __PACKAGE__->has_many(
> "user_roles",
> "MyApp::Schema::UserRole",
> { "foreign.user" => "self.id" },
> );
>
>
> # Created by DBIx::Class::Schema::Loader v0.04004 @ 2007-12-16
> 13:36:55
> # DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:qroNdEXQL4pOH80kVPQquw
>
> __PACKAGE__->many_to_many(roles => 'user_roles', 'name');
> ---------------
> yml
> authentication:
> default_realm: users
> realms:
> users:
> credential:
> class: Password
> password_type: hashed
> password_hash_type: SHA-1
> store:
> class: DBIx::Class
> user_class: User
> role_relation: roles
> role_field: name
>
> # doesn't matter whether or not the authorization stuff is there
> but this is what i've played with (and *many* permutations of the
> arguments)
>
> authorization:
> dbic:
> role_class: Role
> role_field: name
> user_class: User
> user_field: user
> user_role_user_field: user
> user_role_role_field: role
> role_rel: user_roles
> user_role_class: UserRole
>
>
>
> On Dec 16, 2007, at 9:20 PM, Jay K wrote:
>
>> Hi Ashley,
>>
>> The log message you see is a result of the recent move away from
>> the Catalyst::Plugin::Authentication namespace for stores /
>> credentials.
>>
>> It falls back to the old naming and warns if it can't find the new
>> module.. It should, however, have no effect on the functionality
>> of the code.
>>
>> It's not a bad idea to update the DBIx::Class store - but be sure
>> to remove the Catalyst::Plugin::Authentication::Store::DBIx::Class
>> module first - just to avoid conflicts. Nothing has changed
>> related to roles in the update, so it shouldn't make any difference.
>>
>> I don't know why the assert is failing, it should not - what do
>> you get if you use $c->check_user_roles() - valid results?
>>
>> Jay
>>
>>
>> On Dec 16, 2007, at 4:27 PM, Ashley Pond V wrote:
>>
>>> Continuing saga. So I set up the many_to_many and lo! It worked.
>>> But it worked with *any* role, even fake ones, so obviously
>>> something was bad. Turned out that it was silently failing
>>> instead of throwing an access exception (but there was a template
>>> set by the namespace so the page rendered as expected).
>>>
>>> # failed silently (as far as Cat was concerned)
>>> $c->assert_user_roles("there is no role called this");
>>>
>>> So, dug into the log:
>>>
>>> [Sun Dec 16 16:13:20 2007] [error] [client 67.170.68.172] [warn]
>>> Store class "Catalyst::Authentication::Store::DBIx::Class" not
>>> found, trying deprecated ::Plugin:: style naming. , referer: [...]
>>>
>>> Would love to have more, rather than fewer exceptions thrown. I
>>> think the missing class was the cause of a couple of red herrings
>>> I followed down the rabbit hole trying to get this running
>>> yesterday [I'm entitled to mix metaphors, I pay an annual fee].
>>> After I get an admin to install the missing package in the
>>> morning I'll regale you with my next series of missteps and
>>> annoying language.
>>>
>>> Live free or die early, die often,
>>> -Ashley
>>>
>>> On Dec 15, 2007, at 9:52 PM, Jay K wrote:
>>>
>>>> Hi There Ashley,
>>>>
>>>> The DBIx::Class module expects to use the relation provided in
>>>> the role_relation config element to retrieve one or more rows,
>>>> which must contain a field called by whatever you provide in
>>>> role_field.
>>>>
>>>> My guess is that your user_roles table is a cross-ref table -
>>>> userid and roleid essentially. In order to solve this you need
>>>> to use a many_to_many relationship mapping to the textual role
>>>> names.
>>>>
>>>> The DBIx::Class module expects you are going to route it to the
>>>> information it needs using the role_relation. So what you
>>>> really need to do is create the schema class and just define the
>>>> many-to-many for roles. Then provide that relation to
>>>> 'role_relation' and all your problems should go away.
>>>>
>>>> It still works with dynamic schema - but you have to create the
>>>> relationship. You can do that by creating your schema module to
>>>> look something like this:
>>>>
>>>> package MyApp::Schema::Users;
>>>> use strict;
>>>> use warnings;
>>>>
>>>> use base 'DBIx::Class';
>>>> __PACKAGE__->load_components("PK::Auto", "Core");
>>>>
>>>>
>>>> __PACKAGE__->has_many('roles_map', "MyApp::Schema::RoleMap",
>>>> user_id');
>>>> __PACKAGE__->many_to_many( roles => 'role_map, 'role');
>>>>
>>>> 1;
>>>>
>>>> I might have that slightly wrong - I've been moving today so I'm
>>>> a bit overtired. but basically that allows your schema to
>>>> dynamically figure itself out, but you define the relationships
>>>> for it.
>>>>
>>>> For some database types, DBIx::Class can figure out your
>>>> relationships for you - but I don't think it can sort out many-
>>>> to-many's anyway.
>>>>
>>>> Hope that helps. And I hope it makes as much sense to you as I
>>>> make to myself in my head at the moment. This, I understand,
>>>> may not be the case. If not, I'll try again tomorrow.
>>>>
>>>> Jay
>>>>
>>>> On Dec 15, 2007, at 5:57 PM, Ashley Pond V wrote:
>>>>
>>>>> Progressing… Looking at Catalyst/Plugin/Authentication/Store/
>>>>> DBIC/User.pm I saw a couple of items in the "authentication"
>>>>> config I could set. With "role_relation" and "role_field" set--
>>>>>
>>>>> authentication:
>>>>> default_realm: users
>>>>> realms:
>>>>> users:
>>>>> credential:
>>>>> class: Password
>>>>> password_field: password
>>>>> password_type: hashed
>>>>> password_hash_type: SHA-1
>>>>> store:
>>>>> class: DBIx::Class
>>>>> user_class: User
>>>>> role_relation: user_roles
>>>>> role_field: role
>>>>>
>>>>> --I now get the roles checked but they are failing because they
>>>>> are checking (returning) the role "id" instead of the "name."
>>>>>
>>>>> $c->user->roles returns a list of the IDs too. So, from reading
>>>>> this,
>>>>> Catalyst::Plugin::Authentication::Store::DBIx::Class::roles()
>>>>> it looks like dynamic loader schemas are incompatible right
>>>>> now? I'm trying to figure this out but there is a lot of inter-
>>>>> related code to read, cross-package-configuration, and
>>>>> documentation drift/lag.
>>>>>
>>>>> Throw me a bone, er, a line!
>>>>> -Ashley
>>>>>
>>>>>
>>>>> On Dec 15, 2007, at 10:18 AM, Ashley Pond V wrote:
>>>>>> Can you elaborate? "map_user_role" ne "user_role." I have
>>>>>> "role_rel" set to the UserRole class. I tried adding
>>>>>> "user_role" but it didn't help and I don't see it anywhere in
>>>>>> the docs.
>>>>>>
>>>>>> I should rephrase, I think. Is anyone using
>>>>>> DBIC::Schema::Loader dynamically with role authorization? If
>>>>>> so, please share your configuration or advise of which FMTR.
>>>>>>
>>>>>> Thanks again,
>>>>>> -Ashley
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> List: Catalyst at lists.scsys.co.uk
>>>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/
>>>>> catalyst
>>>>> Searchable archive: http://www.mail-archive.com/
>>>>> catalyst at lists.rawmode.org/
>>>>> Dev site: http://dev.catalyst.perl.org/
>>>>
>>>> ---
>>>> For most things, throwing yourself at the wall over and over is
>>>> a better way to improve than thinking hard about the wall and
>>>> taking pictures of it. -- D.Litwack
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> List: Catalyst at lists.scsys.co.uk
>>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/
>>>> catalyst
>>>> Searchable archive: http://www.mail-archive.com/
>>>> catalyst at lists.rawmode.org/
>>>> Dev site: http://dev.catalyst.perl.org/
>>>
>>>
>>> _______________________________________________
>>> List: Catalyst at lists.scsys.co.uk
>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>>> Searchable archive: http://www.mail-archive.com/
>>> catalyst at lists.rawmode.org/
>>> Dev site: http://dev.catalyst.perl.org/
>>
>> ---
>> "Those who can make you believe absurdities can make you commit
>> atrocities." --Voltaire
>>
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive: http://www.mail-archive.com/
>> catalyst at lists.rawmode.org/
>> Dev site: http://dev.catalyst.perl.org/
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/
> catalyst at lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/
More information about the Catalyst
mailing list