File Coverage

blib/lib/Authorization/AccessControl.pm
Criterion Covered Total %
statement 18 18 100.0
branch n/a
condition n/a
subroutine 6 6 100.0
pod 1 1 100.0
total 25 25 100.0


line stmt bran cond sub pod time code
1             package Authorization::AccessControl 0.04;
2 6     6   1321816 use v5.26;
  6         31  
3 6     6   39 use warnings;
  6         34  
  6         349  
4              
5             # ABSTRACT: Hybrid RBAC/ABAC access control
6              
7 6     6   3423 use Authorization::AccessControl::ACL;
  6         24  
  6         285  
8              
9 6     6   42 use experimental qw(signatures);
  6         13  
  6         29  
10              
11 6     6   926 use Exporter 'import';
  6         13  
  6         981  
12              
13             our @EXPORT_OK = qw(acl);
14              
15 30     30 1 1325884 sub acl() {
  30         52  
16 30         100 state $acl = Authorization::AccessControl::ACL->new();
17 30         164 $acl;
18             }
19              
20             =head1 NAME
21              
22             Authorization::AccessControl - hybrid RBAC/ABAC access control
23              
24             =head1 SYNOPSIS
25              
26             use Authorization::AccessControl qw(acl);
27              
28             acl
29             ->role('admin')
30             ->grant(User => 'create')
31             ->grant(User => 'delete')
32             ->grant(User => 'update')
33             ->role
34             ->grant(User => 'search')
35             ->grant(User => 'Update', { self => true })
36             ->grant(Book => 'search')
37             ->grant(Book => 'update', { owned => true })
38             ->grant(Book => 'delete', { owned => true });
39              
40             acl->role("super")->grant(Book => "delete");
41              
42             acl->request->with_resource('User')->with_action->('create'); # no
43              
44             acl->request->with_roles('admin')->with_resource('User')
45             ->with_action->('create')->permitted; # yes
46              
47             acl->request->with_action('search')->with_resource('User')->permitted; # yes
48              
49             acl->request->with_roles('admin')->with_resource('User')
50             ->with_action('create')->permitted; # yes
51              
52             acl->request->with_resource('Book')->with_action('delete')
53             ->permitted; # no
54              
55             acl->request->with_resource('Book')->with_action('delete')
56             ->with_attributes({ owned => true })
57             ->permitted; # yes
58            
59             my $user = {id => 4};
60             my $get_attrs = sub($obj) { { owned => $obj->{owner_id} == $user->{id} } };
61             acl->request->with_resource('Book')->with_action('delete')
62             ->with_get_attrs($get_attrs)
63             ->yield(sub () { { owner_id => 4, name => "War & Peace" } })
64             ->granted(sub($entity) { say $entity }) # "War & Peace"
65             ->is_granted; # yes
66              
67             =head1 DESCRIPTION
68              
69             This is a lightweight library for implementing fine-grained access control in
70             applications via an intuitive and expressive interface. It features a hybrid
71             approach, including aspects of both Role-based access control (RBAC) and
72             Attribute-based access control (ABAC).
73              
74             At a high level, the workflow is to populate an access control list with
75             privilege grants, then initiate a request against that list with the specific
76             environment parameters, finally checking if the request is permitted by the list
77              
78             =head1 FUNCTIONS
79              
80             =head2 acl
81              
82             Returns a global persistent instance of L.
83             There's nothing special about this instance other than being globally accessible
84             -- if your usage requires it, you can manually make as many ACL instances as you
85             wish and maintain them as you like. This function exists purely as a convenience
86              
87             Not exported by default.
88              
89             =head1 AUTHOR
90              
91             Mark Tyrrell C<< >>
92              
93             =head1 LICENSE
94              
95             Copyright (c) 2024 Mark Tyrrell
96              
97             Permission is hereby granted, free of charge, to any person obtaining a copy
98             of this software and associated documentation files (the "Software"), to deal
99             in the Software without restriction, including without limitation the rights
100             to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
101             copies of the Software, and to permit persons to whom the Software is
102             furnished to do so, subject to the following conditions:
103              
104             The above copyright notice and this permission notice shall be included in all
105             copies or substantial portions of the Software.
106              
107             THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
108             IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
109             FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
110             AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
111             LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
112             OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
113             SOFTWARE.
114              
115             =cut
116              
117             1;
118              
119             __END__