NAME

Catalyst::Plugin::Authorization::Roles - Role based authorization for Catalyst based on Catalyst::Plugin::Authentication.

SYNOPSIS

use Catalyst qw/
	Authentication
	Authentication::Store::ThatSupportsRoles
	Authorization::Roles
/;

sub delete : Local {
	my ( $self, $c ) = @_;

	$c->assert_user_roles( qw/admin/ ); # only admins can delete

	$c->model("Foo")->delete_it();
}

DESCRIPTION

Role based authentication is very simple: every user has a list of roles, which that user is allowed to assume.

Whenever an area that is restricted for e.g. admins, or members, or any other role is accessed a check is made to see whether or not the user has all the required roles.

In this plugin the user objects being checked have the roles method invoked. This method is supposed to return a list of the roles the user is allowed to assume. The roles may be any item that can be compared using Set::Object.

For example, if you have a CRUD application, for every mutating action you probably want to check that the user is allowed to edit. To do this, create an editor role, and add that role to every user who is allowed to edit.

sub edit : Local {
	my ( $self, $c ) = @_;
	$c->assert_user_roles( qw/editor/ );
	$c->model("TheModel")->make_changes();
}

METHODS

assert_user_roles [ $user ], @roles

Cheks that the user (as supplied by the first argument, or, if omitted, <$c-user>>) has the specified roles.

If for any reason (<$c-user>> is not defined, the user is missing a role, etc) the check fails, an error is thrown.

check_user_roles [ $user ], @roles

Takes the same args as assert_user_roles, and performs the same check, but instead of throwing errors returns a boolean value.

SEE ALSO

Catalyst::Plugin::Authentication

AUTHOR

Yuval Kogman, nothingmuch@woobling.org

COPYRIGHT & LICNESE

Copyright (c) 2005 the aforementioned authors. All rights
reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.