NAME

SweetPea::Application::Rbac - Role-Based Access Control for SweetPea-Application.

SYNOPSIS

# Based on a common example
permissions.yml
---
roles:
  administrator:
    permissions:
      manage accounts:
        operations:
          create account
          update account
          delete account
  manager:
    permissions:
      manager accounts:
        operations:
          create account
  guests:
    permissions:

... from inside SweetPea::Application or a Controller;

# verify user access
$s->rbac->authorize($login, $password);

# change user
$s->rbac->subject($user_id);

# verify target user has permission to perform "create account" operation
$s->rbac->subject($user_id)->can('/manage accounts/create account');

# change user to default set by authenticate method
$s->rbac->subject;

# verify has the following role
$s->rbac->role('administrator');
$s->rbac->role('guests');

$s->rbac->can('/manage accounts/delete account');

METHODS

new

The new method instantiates a new SweetPea::Application::Rbac object
which uses Yaml (via SweetPea::Application::Config) to provide methods
for retrieving authenticating and verifying system access permissions.

$s->plug( 'rbac', sub { return SweetPea::Application::Rbac->new($s); });

authorize

The authorize method check whether the login and password passed to it
belong to an active system user, if not report the error.

$s->rbac->authorize($login, $password);

authorized

The authorized method check whether a user has been authenticated.

if $s->rbac->authorized;

unauthorize

The unauthorize method revokes the currently authenticated users
authentication status. (Kinda like a logout function)

override

The override method re-authenticates as another system user while retaining
the originally logged in user's credentials. Thie method is useful for
applications that need to provide a means to temporarily switch accounts.

$s->rbac->override($login, $password);

# change back to the original user
$s->rbac->override;

subject

The subject method specifies the user account permissions will be validated
against using the user id pass to it, if called with no parameters the
authenticated user's account will be used.

$s->rbac->subject($user_id);
$s->rbac->subject;

role

The role method verifies whether the subject (target user) has the role
specified.

if $s->rbac->role('administrator');

can

The "can" method verifies whether the subject (target user) has a specific
permission or has permission to perform a specific action.

# check if subject (target user) has permission generally
if $s->rbac->can('/manage accounts');

# check if subject (target user) has permission to perform a specific operation
if $s->rbac->can('/manage accounts/create account');

AUTHOR

Al Newkirk, <al.newkirk at awnstudio.com>

To install SweetPea::Application, copy and paste the appropriate command in to your terminal.

cpanm

cpanm SweetPea::Application

CPAN shell

perl -MCPAN -e shell
install SweetPea::Application

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)