NAME
Apache2::AuthzCaps - mod_perl2 capability authorization
SYNOPSIS
use Apache2::AuthzCaps qw/setcap hascaps/;
$Apache2::AuthzCaps::rootdir = "/path/to/user/directory"
setcap marius => deleteusers => 1; # Grant marius the deleteusers capability
setcap marius => createusers => 0;
hascaps marius => qw/deleteusers/; # returns 1, since marius can delete users
hascaps marius => qw/deleteusers createusers/; # returns 0, since marius can delete users but cannot create users
# In Apache2 config
<Location /protected>
# Insert authentication here
PerlAuthzHandler Apache2::AuthzCaps
PerlSetVar AuthzCapsRootdir /path/to/user/directory
Require cap staff important
Require cap admin
</Location>
# This will:
# 1) Let important staff members access /protected
# 2) Let admins access /protected
# 3) Not let anyone else (such as an important non-staff member or an non-important staff member) access /protected
DESCRIPTION
Apache2::AuthzCaps is a perl module which provides simple Apache2 capability-based authorization. It contains a PerlAuthzHandler and some utility functions.
For Apache 2.4, use Apache2_4::AuthzCaps.
The user data is stored in YAML files in a user-set directory. Set this directory using:
$Apache2::AuthzCaps::rootdir = "/path/to/directory"; # From perl
PerlSetVar AuthzCapsRootdir /path/to/directory # From Apache2 config
FUNCTIONS
- setcap($username, $capability, $value)
-
If $value is true, grants $username the $capability capability. Otherwise denies $username that capability.
- hascaps($username, $cap, ...)
-
Returns true if and only of $username has ALL of the listed capabilities. Dies if $username does not exist.
- handler
-
The PerlAuthzHandler for use in apache2.
AUTHOR
Marius Gavrilescu, <marius@ieval.ro>
COPYRIGHT AND LICENSE
Copyright (C) 2013-2015 by Marius Gavrilescu
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.14.2 or, at your option, any later version of Perl 5 you may have available.