NAME

Gantry::Plugins::Uaf::Rule - A base class for rules.

DESCRIPTION

Each rule is a custom-written class that implements some aspect of your site's access logic. Rules can choose to grant or deny a request.

package sample::Test;

use strict;
use warnings;

use base qw(Gantry::Plugins::Uaf::Rule);

sub grants($$$$) {

    my $self = shift;
    my $user = shift;
    my $action = shift;
    my $resource = shift;

    if ($action eq "edit" && $resource->isa("sample::Record")) {

       return 1 if ($user->username eq "root");

    }

    return 0;

}

sub denies($$$$) {

    return 0;

}

1;

The Authorize object will only give permission if at least one rule grants permission, and no rule denies it.

It is important that your rules never grant or deny a request they do not understand, so it is a good idea to use type checking to prevent strangeness. Assertions should not be used if you expect different rules to accept different resource types or user types, since each rule is used on every access request.

SEE ALSO

Gantry
Gantry::Plugins::Uaf
Gantry::Plugins::Uaf::User
Gantry::Plugins::Uaf::Authenticate
Gantry::Plugins::Uaf::AuthorizeFactory

AUTHOR

Kevin L. Esteb <kesteb@wsipc.org>.

COPYRIGHT AND LICENSE

Copyright (C) 2007 Kevin L. Esteb

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.