[Catalyst] flexible ACL rules
Jason Kohles
email at jasonkohles.com
Sat Jan 24 01:18:20 GMT 2009
On Jan 23, 2009, at 2:09 AM, Jens Schwarz wrote:
> Hi *,
>
> I have some difficulties in applying flexible rules [1] in my
> Catalyst app. Until now, I only used easy rules (mainly with
> deny_access_unless) like:
>
> deny_access_unless(
> "/users/edit" ,
> sub{ shift->check_any_user_role(qw/admin user/) }
> );
>
> What I now want to achieve is, that 'admin' users can edit _every_
> user, and 'user' users only themselves. So if 'user' user foo has
> p.ex. the id 5, he is allowed to /user/edit/5 but not /user/edit/4.
>
> So I looked at the flexible rules documentation which I guess might
> do the job. I tried to apply the example mentioned there but I guess
> I don't understand these "die $ALLOWED"/"die $DENIED" lines (I am
> still Perl/Catalyst newbie): Although I added
> "Authorization::ACL::Engine" to my "use Catalyst" in myapp.pm, I get
> errors like "Global symbol '$ALLOWED/$DENIED' requires explicit
> package name at myapp.pm"
>
From the docs:
"All access control is performed using exceptions
$Catalyst::Plugin::Authorization::ACL::Engine::DENIED, and
$Catalyst::Plugin::Authorization::ACL::Engine::ALLOWED (these can be
imported from the engine module)."
Which means you either need to start your module with:
use Catalyst::Plugin::Authorization::ACL::Engine qw( $ALLOWED $DENIED );
or fully qualify them by like so:
die $Catalyst::Plugin::Authorization::ACL::Engine::DENIED unless
something();
--
Jason Kohles, RHCA RHCDS RHCE
email at jasonkohles.com - http://www.jasonkohles.com/
"A witty saying proves nothing." -- Voltaire
More information about the Catalyst
mailing list