NAME

Catalyst::Action::Role::ACL - User role-based authorization action class.

SYNOPSIS

sub foo :Local
:ActionClass(Role::ACL)
:RequiresRole(admin) {
    my ($self, $c) = @_;
    ...
}

# elsewhere
sub end :ActionClass('RenderView') {
    my ($self, $c) = @_;

    if ($c->res->status eq '403') {
        $c->detach('denied');
    }
}

DESCRIPTION

Provides a Catalyst reusable action for user role-based authorization. ACLs are applied via the assignment of attributes to application action subroutines.

Processing of ACLs

One or more roles may be associated with an action.

Roles specified with the RequiresRole attribute are processed before roles specified with the AllowedRole attribute.

An action with an empty ACL (no role attributes assigned) is unreachable by any user regardless of the roles assigned to his account. This is not particularly useful, and at some point will be changed so that the absence of role attributes will cause a compile-time exception.

User roles are fetched via the invocation of the context user object's "roles" method.

ACLs may be applied to chained actions so that different roles are required or allowed for each link in the chain (or no roles at all).

Examples

sub foo :Local
:ActionClass(Role::ACL)
:RequiresRole(admin) {
    my ($self, $c) = @_;
    ...
}

This action may only be executed by users with the 'admin' role.

sub bar :Local
:ActionClass(Role::ACL)
:RequiresRole(admin)
:AllowedRole(editor)
:AllowedRole(writer) {
    my ($self, $c) = @_;
    ...
}

This action requires that the user has the 'admin' role and also either the 'editor' or 'writer' role (or both).

sub easy :Local
:ActionClass(Role::ACL)
:AllowedRole(admin)
:AllowedRole(user) {
    my ($self, $c) = @_;
    ...
}

Any user with either the 'admin' or 'user' role may execute this action.

sub unreachable :Local
:ActionClass(Role::ACL) {
    my ($self, $c) = @_;
    ...
}

This action is unreachable and will always result in a 403 Forbidden response. This is probably not very useful and should instead be caught at compile-time and cause an exception.

METHODS

execute

See "METHODS/action" in Catalyst::Action.

can_visit($c)

Return true if the authenticated user can visit this action.

This method is useful for determining in advance if a user can execute a given action.

AUTHOR

David P.C. Wollmann <converter42 at gmail dot com>

BUGS

This is new code. Find the bugs and report them, please.

COPYRIGHT & LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Catalyst::Action::Role::ACL, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Action::Role::ACL

CPAN shell

perl -MCPAN -e shell
install Catalyst::Action::Role::ACL

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)