File Coverage

blib/lib/Articulate/Authorisation/Preconfigured.pm
Criterion Covered Total %
statement 12 37 32.4
branch 0 14 0.0
condition n/a
subroutine 4 5 80.0
pod 1 1 100.0
total 17 57 29.8


line stmt bran cond sub pod time code
1             package Articulate::Authorisation::Preconfigured;
2 1     1   1139 use strict;
  1         3  
  1         35  
3 1     1   6 use warnings;
  1         2  
  1         31  
4              
5 1     1   6 use Moo;
  1         2  
  1         6  
6 1     1   341 use Articulate::Syntax qw( locspec );
  1         2  
  1         10  
7              
8             =head1 NAME
9              
10             Articulate::Authorisation::Preconfigured - allow access to users in your config
11              
12             =cut
13              
14             =head1 CONFIGURATION
15              
16             Put this in your config:
17              
18             plugins:
19             Articulate::Authorisation:
20             providers:
21             - class: Articulate::Authorisation::Preconfigured
22             rules:
23             zone/public:
24             "[guest]":
25             read: 1
26             admin: 1
27              
28             =head1 ATTRIBUTES
29              
30             =head3 rules
31              
32             The rules used to determine whether or not requests are authorised. Defaults to C<{}>.
33              
34             =cut
35              
36             has rules =>
37             is => 'rw',
38             default => sub { {} };
39              
40             =head1 METHODS
41              
42             =head3 new
43              
44             No surprises here.
45              
46             =head3 permitted
47              
48             Goes through each of the locations in 'rules' (in ascending order of length) and if the location in the permission request begins with that rule, then look at the contents.
49              
50             We then expect a hash of user ids, or C<[guest]> for users not logged in. Their values should be 0 (for deny), 1 (for grant), or a hash of verbs to grant/deny.
51              
52             This is preconfigured access, so fine for a small personal or static site, but if you have open sign-up or changing requirements then you will probably find changing the config file and reloading the app gets tedious after a while.
53              
54             =cut
55              
56             sub permitted {
57 0     0 1   my $self = shift;
58 0           my $permission = shift;
59 0           my $user_id = $permission->user_id;
60 0           my $location = $permission->location;
61 0           my $verb = $permission->verb;
62 0           my $rules = $self->rules;
63 0           my $access = undef;
64              
65 0           foreach my $rule_location ( sort {$#$a <=> $#$b } map { locspec $_ } keys %$rules) {
  0            
  0            
66 0 0         if ( $rule_location->matches_ancestor_of($location) ) {
67 0 0         if ( grep { $_ eq $user_id } keys %{ $rules->{$rule_location} } ){
  0            
  0            
68 0 0         if ( ref $rules->{$rule_location}->{$user_id} ) {
69 0 0         if ( exists $rules->{$rule_location}->{$user_id}->{$verb} ) {
70 0           my $value = !! $rules->{$rule_location}->{$user_id}->{$verb};
71 0 0         return $permission->deny("User cannot $verb $rule_location") unless $value;
72 0           $access = "User can $verb $rule_location";
73             }
74             }
75             else {
76 0           my $value = !! $rules->{$rule_location}->{$user_id};
77 0 0         return $permission->deny("User cannot access $rule_location at all") unless $value;
78 0           $access = "User can access $rule_location";
79             }
80             }
81             }
82             }
83 0 0         if (defined $access) {
84 0           return $permission->grant($access);
85             }
86              
87 0           return $permission;
88             }
89              
90             1;