[Catalyst] ACL Error: deny_access_unless

Gordon Stewart gordon at gorste.plus.com
Tue May 26 20:07:02 GMT 2009 

Tomas

I have am not using an authentication store, I am just using:

		Authentication
		Authorization::Roles
		Authorization::ACL

		Session
		Session::Store::FastMmap
		Session::State::Cookie


If I include the store:

Authentication::Store::DBIC

Then I just get the following:

You must provide a user_class at /usr/local/share/perl/5.8.8/Catalyst.pm
line 1140

But I am passing the user_class though my yml file:

authorization:
    dbic:
        user_class: DnsEmail::Rights
        #role_class: DnsEmail::Rights
        role_field: description
        role_rel: accesses
        user_role_user_field: user_id

Regards

Gordon

-----Original Message-----
From: Tomas Doran [mailto:bobtfish at bobtfish.net] 
Sent: 26 May 2009 12:25
To: The elegant MVC web framework
Subject: Re: [Catalyst] ACL Error: deny_access_unless

Gordon Stewart wrote:
> Does anyone know where in the catalyst code it contacts the database to
> check if a user has the rights in question?

It should be calling $c->user->roles, and this gets the list of roles 
for the user in question.

How this lookup is performed will vary depending on which authentication 
store you're using, how it's configured etc.

   I have looked into the catalyst
> code (Catalyst/Plugin/Authorization/ACL/Engine.pm )and found out that the
> function in question is returning "Denied" without contacting the
database.
> I know it is not contacting the database because I have turn on the Mysql
> logs and see no sql query.
> 
> I am running the most up to date version of the catalyst code (5.8004). 
> 
> Has any one got roles and ACL working in Catalyst 5.8004  

There have been a few people having problems with this.

I know that I fixed ACL to work with Catalyst 5.80 specifically, in that 
I had to do some work to make it pass all of it's tests. However, 
obviously, as people are having issues - the tests may not be 
comprehensive enough..

So I guess we need to produce a minimal TestApp demonstrating the issue, 
and then we can either fix ACL, or fix core Catalyst as appropriate to 
sort the issue out.

This minimal test app would use the minimal authentication store (so no 
DB needed), and just demonstrate the issue (i.e. t/01app.t fails).

If you can produce such a TestApp, then I'll be more than happy to take 
a look, or beat someone else into doing so ;)

Cheers
t0m


_______________________________________________
List: Catalyst at lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

More information about the Catalyst mailing list