From aaron.trevena at gmail.com Thu Apr 19 16:40:33 2018 From: aaron.trevena at gmail.com (Aaron Trevena) Date: Thu, 19 Apr 2018 17:40:33 +0100 Subject: [Dbix-class] Attribute based access control in DBIC Message-ID: Hi all, Has anybody here had any success with ABAC ( https://en.wikipedia.org/wiki/Attribute-based_access_control ) rather than the usual Role-based access control? I'm looking at using it for a new project but although it seems to be closer to what I need, I'm a bit at a loss as to where to start. Pretty much all the examples assume some sort of framework, java or are whitepapers behind a paywall. Cheers, A -- Aaron J Trevena, BSc Hons http://www.aarontrevena.co.uk LAMP System Integration, Development and Consulting From jgrg at sanger.ac.uk Thu Apr 26 16:44:35 2018 From: jgrg at sanger.ac.uk (James Gilbert) Date: Thu, 26 Apr 2018 17:44:35 +0100 Subject: [Dbix-class] Unmet DBIx::Class::Optional::Dependencies not fatal Message-ID: Hi, I just upgraded my perl to 5.26.2, DBIx::Class 0.82.841 My DBIx::Class code using an Oracle database then failed because it was making SQL where instead of a table alias, e.g. "display_status", was inserting the string "_SHORTEN_IDENTIFIER DISPLAY_STATUS". The "_shorten_identifer" method is in DBIx::Class::SQLMaker::Oracle. It appears that this BEGIN block: BEGIN { use DBIx::Class::Optional::Dependencies; die('The following extra modules are required for Oracle-based Storages ' . DBIx::Class::Optional::Dependencies->req_missing_for ('id_shortener') . "\n" ) unless DBIx::Class::Optional::Dependencies->req_ok_for ('id_shortener'); } at the top of DBIx::Class::SQLMaker::Oracle was not fatal. One of the dependencies for "id_shortener" is Math::Base36, which I didn't have installed. I guess something is trapping the die. I don't understand where the capitalised method + argument string is coming from! Having got this far I wasn't inclined to dig further into the magic guts of DBIx::Class. James -- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From rabbit+dbic at rabbit.us Fri Apr 27 23:07:24 2018 From: rabbit+dbic at rabbit.us (Peter Rabbitson) Date: Sat, 28 Apr 2018 01:07:24 +0200 Subject: [Dbix-class] Unmet DBIx::Class::Optional::Dependencies not fatal In-Reply-To: References: Message-ID: On 04/26/2018 06:44 PM, James Gilbert wrote: > > Hi, > > I just upgraded my perl to 5.26.2, DBIx::Class 0.82.841 > > My DBIx::Class code using an Oracle database then failed because it was making SQL where instead of a table alias, e.g. "display_status", was inserting the string "_SHORTEN_IDENTIFIER DISPLAY_STATUS". > > The "_shorten_identifer" method is in DBIx::Class::SQLMaker::Oracle. It appears that this BEGIN block: > > BEGIN { > use DBIx::Class::Optional::Dependencies; > die('The following extra modules are required for Oracle-based Storages ' . DBIx::Class::Optional::Dependencies->req_missing_for ('id_shortener') . "\n" ) > unless DBIx::Class::Optional::Dependencies->req_ok_for ('id_shortener'); > } > > at the top of DBIx::Class::SQLMaker::Oracle was not fatal Thank you for the report! This is definitely something... unexpected. Will investigate over the weekend. Cheers! From mst at shadowcat.co.uk Sat Apr 28 01:39:32 2018 From: mst at shadowcat.co.uk (Matt S Trout) Date: Sat, 28 Apr 2018 01:39:32 +0000 Subject: [Dbix-class] Unmet DBIx::Class::Optional::Dependencies not fatal In-Reply-To: References: Message-ID: <20180428013932.GK21411@newagaton.scsys.co.uk> On Sat, Apr 28, 2018 at 01:07:24AM +0200, Peter Rabbitson wrote: > Thank you for the report! This is definitely something... > unexpected. Will investigate over the weekend. While I voted for you to regain control of the project since you'd decided not to kill it ... it would be very much appreciated if you released your unreleased work ever - your extensive criticism of our conservatism about releasing that code, in the light of your failure to bother actually releasing it and replying to tickets with "won't happen until 2019" is not really encouraging. I obeyed the principle of "shit or get off the pot" - I got off. It'd be nice if you could do one of the two at some point too. -- Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a clue http://shadowcat.co.uk/blog/matt-s-trout/ http://twitter.com/shadowcat_mst/ Email me now on mst (at) shadowcat.co.uk and let's chat about how our CPAN commercial support, training and consultancy packages could help your team. From mst at shadowcat.co.uk Sat Apr 28 02:01:07 2018 From: mst at shadowcat.co.uk (Matt S Trout) Date: Sat, 28 Apr 2018 02:01:07 +0000 Subject: [Dbix-class] set_column with references - possible SQL injection In-Reply-To: <016b9ae7-a421-1d55-0535-c131319ba894@rabbit.us> References: <016b9ae7-a421-1d55-0535-c131319ba894@rabbit.us> Message-ID: <20180428020107.GO21411@newagaton.scsys.co.uk> On Sun, Feb 11, 2018 at 04:49:25PM +0100, Peter Rabbitson wrote: > I suspect this should go into the default set shipped with > SQL::Abstract [3] , but have not yet done any testing / analysis of > how much impact this would have. > > As a first step I'd recommend you contact the mojolicious people > with this workaround, as they currently seem to be the primary > driver behind SQLA things. I'd be delighted to discuss this, but it would require either you to retract your personal attacks on ilmari, the SQL::Abstract maintainer, or to nominate a proxy to discuss this who is capable of discussing this like an adult. -- Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a clue http://shadowcat.co.uk/blog/matt-s-trout/ http://twitter.com/shadowcat_mst/ Email me now on mst (at) shadowcat.co.uk and let's chat about how our CPAN commercial support, training and consultancy packages could help your team.