File Coverage

blib/lib/Dancer2/Plugin/Auth/Extensible/Rights.pm

Criterion	Covered	Total	%
statement	23	27	85.1
branch	8	10	80.0
condition	2	3	66.6
subroutine	5	5	100.0
pod	1	1	100.0
total	39	46	84.7

line	stmt	bran	cond	sub	pod	time	code
1							package Dancer2::Plugin::Auth::Extensible::Rights;
2
3	2			2		481397	use strict;
	2					2
	2					49
4	2			2		7	use warnings;
	2					2
	2					40
5	2			2		560	use Dancer2::Plugin;
	2					54629
	2					13
6	2			2		17293	use Dancer2::Plugin::Auth::Extensible;
	2					43608
	2					13
7
8							our $VERSION = '0.01';
9
10							#
11							# config attributes
12							#
13
14							has rights => (
15							is => 'ro',
16							from_config => sub { return {} },
17							);
18
19							plugin_keywords 'require_right';
20
21							=head1 NAME
22
23							Dancer2::Plugin::Auth::Extensible::Rights - A rights mapper for Dancer2::Plugin::Auth::Extensible roles.
24
25							=head1 DESCRIPTION
26
27							This plugin can be used on top of Dancer2::Plugin::Auth::Extensible to define fine-grained rights for each role.
28							Each right has a list of roles that have this right. You can also define that a user has to have all listed roles to
29							gain that right. This way you can define low-level rights like "create_item" and put that requirement into your routes
30							definition. This plugin will translate the right requirement into a role requirement and call C<require_all_roles> or
31							C<require_any_roles> with those roles.
32
33							=head1 SYNOPSIS
34
35							Configure the rights:
36
37							plugins:
38							# sample config for Auth::Extensible:
39							Auth::Extensible:
40							realms:
41							config1:
42							provider: Config
43							users:
44							- user: dave
45							pass: supersecret
46							roles:
47							- Developer
48							- Manager
49							- BeerDrinker
50							- user: bob
51							pass: alsosecret
52							roles:
53							- Tester
54							Auth::Extensible::Rights:
55							rights:
56							create_item:
57							- BeerDrinker
58							- Tester
59							- Manager
60							delete_item:
61							- [ Manager, Tester ]
62							delete_all: Manager
63
64							Define that a user must be logged in and have the right to access a route:
65
66							get '/create-item' => require_right create_item => sub { show_create_item_form(); };
67
68							=head1 CONTROLLING ACCESS TO ROUTES
69
70							=head2 require_right
71
72							post '/delete-item/:id' => require_right delete_item => sub {
73							...
74							};
75
76							Requires that the user must be logged in as a user who has the specified right. If the user is not
77							logged in, they will be redirected to the login page URL. If they are logged in, but do not
78							have the required role, they will be redirected to the access denied URL.
79
80							If C<disable_roles> configuration option is set to a true value then using "require_role" will
81							cause the application to croak on load.
82
83							=cut
84
85							sub require_right {
86	3			3	1	13484	my $plugin = shift;
87	3					5	my $right = shift;
88	3					3	my $coderef = shift;
89
90	3					30	my $roles = $plugin->rights->{$right};
91
92	3	100				416	my @roles = ref $roles eq 'ARRAY' ? @{$roles} : $roles;
	2					6
93
94							# check for wrong definition
95	3	100	66			4	if ( grep { ref and ref ne 'ARRAY' } @roles ) {
	5	50				20
		50
96	0					0	$plugin->dsl->error( 'Definition error in Plugin Auth::Extensible::Rights ['
97							. $right
98							. ']: rights definition should only contain strings and array-refs.' );
99	0					0	return $coderef;
100							}
101	5					16	elsif ( grep { ref eq 'ARRAY' } @roles and @roles != 1 ) {
102	0					0	$plugin->dsl->error( 'Definition error in Plugin Auth::Extensible::Rights ['
103							. $right
104							. ']: when using an array inside an array, you are only allowed to define one!' );
105	0					0	@roles = ( $roles[0] );
106							}
107
108	3	100				11	return require_all_roles( $roles[0], $coderef ) if ref $roles[0] eq 'ARRAY';
109	2					5	return require_any_role( \@roles, $coderef );
110							}
111
112							=head1 AUTHOR
113
114							Dominic Sonntag, C<< <dominic at s5g.de> >>
115
116							=head1 BUGS
117
118							Please report any bugs or feature requests to C<bug-dancer2-plugin-auth-extensible-rights at rt.cpan.org>, or through
119							the web interface at L<http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Dancer2-Plugin-Auth-Extensible-Rights>. I will be notified, and then you'll
120							automatically be notified of progress on your bug as I make changes.
121
122
123							=head1 SUPPORT
124
125							You can find documentation for this module with the perldoc command.
126
127							perldoc Dancer2::Plugin::Auth::Extensible::Rights
128
129
130							If you want to contribute to this module, write me an email or create a
131							Pull request on Github: L<https://github.com/sonntagd/Dancer2-Plugin-Auth-Extensible-Rights>
132
133
134							=head1 ACKNOWLEDGEMENTS
135
136
137							=head1 LICENSE AND COPYRIGHT
138
139							Copyright 2016 Dominic Sonntag.
140
141							This program is free software; you can redistribute it and/or modify it
142							under the terms of the the Artistic License (2.0). You may obtain a
143							copy of the full license at:
144
145							L<http://www.perlfoundation.org/artistic_license_2_0>
146
147							Any use, modification, and distribution of the Standard or Modified
148							Versions is governed by this Artistic License. By using, modifying or
149							distributing the Package, you accept this license. Do not use, modify,
150							or distribute the Package, if you do not accept this license.
151
152							If your Modified Version has been derived from a Modified Version made
153							by someone other than you, you are nevertheless required to ensure that
154							your Modified Version complies with the requirements of this license.
155
156							This license does not grant you the right to use any trademark, service
157							mark, tradename, or logo of the Copyright Holder.
158
159							This license includes the non-exclusive, worldwide, free-of-charge
160							patent license to make, have made, use, offer to sell, sell, import and
161							otherwise transfer the Package with respect to any patent claims
162							licensable by the Copyright Holder that are necessarily infringed by the
163							Package. If you institute patent litigation (including a cross-claim or
164							counterclaim) against any party alleging that the Package constitutes
165							direct or contributory patent infringement, then this Artistic License
166							to you shall terminate on the date that such litigation is filed.
167
168							Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER
169							AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.
170							THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
171							PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY
172							YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR
173							CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR
174							CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE,
175							EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
176
177
178							=cut
179
180							1; # End of Dancer2::Plugin::Auth::Extensible::Rights