/ 
Dancer-Plugin-Auth-RBAC-1.110720
River stage one • 2 direct dependents • 2 total dependents
/ Dancer::Plugin::Auth::RBAC

NAME

Dancer::Plugin::Auth::RBAC - Dancer Authentication, Security and Role-Based Access Control Framework!

VERSION

version 1.110720

SYNOPSIS

post '/login' => sub {
    
    my $auth = auth(params->{user}, params->{pass});
    if (! $auth->errors) {
    
        if ($auth->asa('guest')) {
            ...
        }
        
        if ($auth->can('manage_accounts', 'create')) {
            ...
        }
        
    }
    else {
        print $auth->errors;
    }

};

Note! The authentication framework relies heavily on your choosen session engine, please remember to set that appropiately in your application configuration file.

DESCRIPTION

Dancer::Plugin::Auth::RBAC is an authentication framework and role-based access control system. As a role-based access control system Dancer::Plugin::Auth::RBAC can be complex but will give you the most flexibilty over all other access control philosophies.

The Dancer::Plugin::Auth::RBAC plugin provides your application with the ability to easily authenticate and restrict access to specific users and groups by providing a tried and tested RBAC (role-based access control) system. Dancer::Plugin::Auth::RBAC provides this level of sophistication with minimal configuration.

Dancer::Plugin::Auth::RBAC exports the auth() and authd() keywords:

$auth = auth($login, $pass)     # new authorization instance
$auth->asa($role)               # check if the authenticated user has the specified role
$auth->can($operation)          # check if the authenticated user has permission
$auth->can($operation, $action) # to perform a specific action
$auth->roles(@roles)            # get or set roles for the current logged in user
$auth->errors()                 # authentication errors if any
$auth->revoke()                 # revoke authorization (logout)

return authd()                  # is the current user authorized?

The Dancer::Plugin::Auth::RBAC authentication framework relies on the Dancer::Plugin::Auth::RBAC::Credentials namespace to do the actual authentication, and likewise relies on the Dancer::Plugin::Auth::RBAC::Permissions namespace to handle access control. The following configuration example is based on Dancer::Plugin::Auth::RBAC::Credentials::Config and Dancer::Plugin::Auth::RBAC::Permissions::Config. This framework also ship with Dancer::Plugin::Auth::RBAC::Credentials::SQLite, Dancer::Plugin::Auth::RBAC::Credentials::MySQL, Dancer::Plugin::Auth::RBAC::Credentials::PostrgeSQL which are arguably easier to setup and utilize.

CONFIGURATION

plugins:
  Auth::RBAC:
    credentials:
      class: Config
      options:
        accounts:
          user01:
            password: foobar
            roles:
              - guest
              - user
          user02:
            password: barbaz
            roles:
              - admin
    permissions:
      class: Config
      options:
        control:
          admin:
            permissions:
              manage accounts:
                operations:
                  - view
                  - create
                  - update
                  - delete
          user:
            permissions:
              manage accounts:
                operations:
                  - view
                  - create
          guests:
            permissions:
              manage accounts:
                operations:
                  - view

AUTHOR

Al Newkirk <awncorp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2010 by awncorp.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.