[Catalyst] flexible ACL rules

Jason Kohles email at jasonkohles.com
Sat Jan 24 01:18:20 GMT 2009

On Jan 23, 2009, at 2:09 AM, Jens Schwarz wrote:

> Hi *,
> I have some difficulties in applying flexible rules [1] in my  
> Catalyst app. Until now, I only used easy rules (mainly with  
> deny_access_unless) like:
> deny_access_unless(
>  "/users/edit" ,
>  sub{ shift->check_any_user_role(qw/admin user/) }
> );
> What I now want to achieve is, that 'admin' users can edit _every_  
> user, and 'user' users only themselves. So if 'user' user foo has  
> p.ex. the id 5, he is allowed to /user/edit/5 but not /user/edit/4.
> So I looked at the flexible rules documentation which I guess might  
> do the job. I tried to apply the example mentioned there but I guess  
> I don't understand these "die $ALLOWED"/"die $DENIED" lines (I am  
> still Perl/Catalyst newbie): Although I added  
> "Authorization::ACL::Engine" to my "use Catalyst" in myapp.pm, I get  
> errors like "Global symbol '$ALLOWED/$DENIED' requires explicit  
> package name at myapp.pm"
 From the docs:

"All access control is performed using exceptions   
$Catalyst::Plugin::Authorization::ACL::Engine::DENIED, and  
$Catalyst::Plugin::Authorization::ACL::Engine::ALLOWED (these can be  
imported from the engine module)."

Which means you either need to start your module with:

use Catalyst::Plugin::Authorization::ACL::Engine qw( $ALLOWED $DENIED );

or fully qualify them by like so:

die $Catalyst::Plugin::Authorization::ACL::Engine::DENIED unless  

email at jasonkohles.com - http://www.jasonkohles.com/
"A witty saying proves nothing."  -- Voltaire

More information about the Catalyst mailing list