File Coverage

blib/lib/Articulate/Authorisation/Preconfigured.pm

Criterion	Covered	Total	%
statement	12	37	32.4
branch	0	14	0.0
condition			n/a
subroutine	4	5	80.0
pod	1	1	100.0
total	17	57	29.8

line	stmt	bran	sub	pod	time	code
1						package Articulate::Authorisation::Preconfigured;
2	1		1		1298	use strict;
	1				3
	1				42
3	1		1		6	use warnings;
	1				2
	1				37
4
5	1		1		5	use Moo;
	1				4
	1				6
6	1		1		352	use Articulate::Syntax qw( new_location_specification );
	1				2
	1				11
7
8						=head1 NAME
9
10						Articulate::Authorisation::Preconfigured - allow access to users in
11						your config
12
13						=cut
14
15						=head1 CONFIGURATION
16
17						Put this in your config:
18
19						components:
20						authorisation:
21						Articulate::Authorisation:
22						rules:
23						- class: Articulate::Authorisation::Preconfigured
24						rules:
25						zone/public:
26						"[guest]":
27						read: 1
28						admin: 1
29
30						=head1 ATTRIBUTES
31
32						=head3 rules
33
34						The rules used to determine whether or not requests are authorised.
35						Defaults to C<{}>.
36
37						=cut
38
39						has rules => (
40						is => 'rw',
41						default => sub { {} }
42						);
43
44						=head1 METHODS
45
46						=head3 new
47
48						No surprises here.
49
50						=head3 permitted
51
52						Goes through each of the locations in 'rules' (in ascending order of
53						length) and if the location in the permission request begins with that
54						rule, then look at the contents.
55
56						We then expect a hash of user ids, or C<[guest]> for users not logged
57						in. Their values should be 0 (for deny), 1 (for grant), or a hash of
58						verbs to grant/deny.
59
60						This is preconfigured access, so fine for a small personal or static
61						site, but if you have open sign-up or changing requirements then you
62						will probably find changing the config file and reloading the app gets
63						tedious after a while.
64
65						=cut
66
67						sub permitted {
68	0		0	1		my $self = shift;
69	0					my $permission = shift;
70	0					my $user_id = $permission->user_id;
71	0					my $location = $permission->location;
72	0					my $verb = $permission->verb;
73	0					my $rules = $self->rules;
74	0					my $access = undef;
75
76	0					foreach my $rule_location ( sort { $#$a <=> $#$b }
	0
	0
77						map { new_location_specification $_ } keys %$rules )
78						{
79	0	0				if ( $rule_location->matches_ancestor_of($location) ) {
80	0	0				if ( grep { $_ eq $user_id } keys %{ $rules->{$rule_location} } ) {
	0
	0
81	0	0				if ( ref $rules->{$rule_location}->{$user_id} ) {
82	0	0				if ( exists $rules->{$rule_location}->{$user_id}->{$verb} ) {
83	0					my $value = !!$rules->{$rule_location}->{$user_id}->{$verb};
84	0	0				return $permission->deny("User cannot $verb $rule_location")
85						unless $value;
86	0					$access = "User can $verb $rule_location";
87						}
88						}
89						else {
90	0					my $value = !!$rules->{$rule_location}->{$user_id};
91	0	0				return $permission->deny("User cannot access $rule_location at all")
92						unless $value;
93	0					$access = "User can access $rule_location";
94						}
95						}
96						}
97						}
98	0	0				if ( defined $access ) {
99	0					return $permission->grant($access);
100						}
101
102	0					return $permission;
103						}
104
105						1;