NAME
App::Dochazka::REST::Auth - HTTP request authentication and authorization
DESCRIPTION
This package, which is between Web::MREST::Entity and Web::Dochazka::REST::Dispatch in the chain of inheritance, provides the 'is_authorized' and 'forbidden' methods called by Web::Machine on each incoming HTTP request.
METHODS
is_authorized
This overrides the Web::Machine method of the same name.
Authenticate the originator of the request, using HTTP Basic Authentication. Upon successful authentication, check that the user (employee) exists in the database (create if necessary) and retrieve her EID. Push the EID and current privilege level onto the context. Get the user's DBIx::Connector object and push that onto the context, too.
_init_session
Initialize the session. Takes an employee object.
_validate_session
Validate the session
_is_fresh
Takes a single argument, which is assumed to be number of seconds since epoch when the session was last seen. This is compared to "now" and if the difference is greater than the DOCHAZKA_REST_SESSION_EXPIRATION_TIME site parameter, the return value is false, otherwise true.
_authenticate
Authenticate the nick associated with an incoming REST request. Takes a nick and a password (i.e., a set of credentials). Returns a status object, which will have level 'OK' on success (with employee object in the payload), 'NOT_OK' on failure. In the latter case, there will be a declared status.
forbidden
This overrides the Web::Machine method of the same name.
Authorization (ACL check) method.
First, parse the path and look at the method to determine which controller action the user is asking us to perform. Each controller action has an ACL associated with it, from which we can determine whether employees of each of the four different privilege levels are authorized to perform that action.
Requests for non-existent resources will always pass the ACL check.