/ 
App-Dochazka-REST-0.559
River stage zero No dependents
/ App::Dochazka::REST::ACL

NAME

App::Dochazka::REST::ACL - ACL module

DESCRIPTION

This module provides helper code for ACL checks.

EXPORTS

PACKAGE VARIABLES

The 'check_acl' routine uses a hash to look up which privlevels satisfy a given ACL profile.

FUNCTIONS

check_acl

Takes a PARAMHASH with two properties: profile and privlevel. Their values are assumed to be the ACL profile of a resource and the privlevel of an employee, respectively. The function returns a true or false value indicating whether that employee satisfies the given ACL profile.

In addition to the usual privlevels, the profile property can be 'forbidden', in which case the function returns false for all possible values of privlevel.

check_acl_context

Check ACL and compare with eid in request body. This routine is designed for resources that have an ACL profile of 'active'. If the request body contains an 'eid' property, it is checked against the current user's EID. If they are different and the current user's priv is 'active', DOCHAZKA_FORBIDDEN_403 is returned; otherwise, an OK status is returned to signify that the check passed.

If the request body does not contain an 'eid' property, it is added.

acl_check_is_me

Takes a property and a value. The property can be 'eid', 'nick', or 'sec_id'. This routine checks the eid/nick/sec_id against $self->context->{'current_obj'} (the current employee object) and returns a boolean value answering the question "is this me?"

acl_check_is_my_report

Takes a property and a value. The property can be 'eid', 'nick', or 'sec_id'. This routine first gets the employee object corresponding to the eid/nick/sec_id and then checks if the current employee is that employee's supervisor.