NAME
Class::Protected - restricting class/method access via ACL's
SYNOPSIS
use Class::Protected;
# We build the ACL
my $acl = Class::NiceApi->new( victim => Decision::ACL->new(), style => 'custom', table => { run_acl => 'RunACL' } );
$acl->push_rule(
Decision::ACL::Rule->new({
now => 0,
action => 'allow', # Action to be applied when rule is concerned, allow, deny, permit or block.
fields =>
{
pkg => 'User',
method => 'firstname',
uid => 'murat',
}
}),
);
$acl->push_rule(
Decision::ACL::Rule->new({
now => 0,
action => 'deny',
fields =>
{
pkg => 'User',
method => 'firstname',
uid => 'john',
}
})
);
$acl->push_rule(
Decision::ACL::Rule->new({
now => 0,
action => 'deny',
fields =>
{
pkg => 'User',
method => 'ALL',
uid => 'james',
}
})
);
for ( qw(murat john) )
{
println "$_ was ",
{ Class::Protected::ACL_RULE_ALLOW() => 'granted', Class::Protected::ACL_RULE_DENY() => 'rejected' }->{
$acl->run_acl(
{
pkg => 'User',
method => 'firstname',
uid => $_ ,
}
)
};
}
# Restrict access to $u's methods (see $ACL above)
my $prot = Class::Protected->new( victim => Human->new( firstname => 'john', lastname => 'doe' ), acl => $acl );
$Class::Protected::uid = 'murat';
print $prot->firstname, "\n"; # everything ok since $Class::Protected::uid eq 'murat' (ACL allow)
$Class::Protected::uid = 'james';
print $prot->firstname, "\n"; # dies because ACL deny on userDESCRIPTION
With this module you can protect the methods of any object. The access is handled via an ACL (Decision::ACL). Class::Protected is implemented via a proxy object (Class::Proxy).
METHODS
USER
The current user id should be stored to $Class::Protected::uid.
EXPORT
None by default.
AUTHOR
M. Uenalan, <muenalan@cpan.org>