NAME
SPOPS::Security::DBI - Implement a security object and basic operations for DBI datasources
SYNOPSIS
# Define your implementation and create the class
my %config = (
'security' => {
class => 'My::Security',
isa => [ 'SPOPS::Secure::DBI', 'SPOPS::DBI' ],
rules_from => [ 'SPOPS::Tool::DBI::DiscoverField' ],
field_discover => 'yes',
field => [],
id_field => 'sid',
increment_field => 1,
sequence_name => 'sp_security_seq',
no_insert => [ qw/ sid / ],
skip_undef => [ qw/ object_id scope_id / ],
no_update => [ qw/ sid object_id class scope scope_id / ],
base_table => 'spops_security',
sql_defaults => [ qw/ object_id scope_id / ],
},
);
SPOPS::Initialize->process({ config => \%config });
# Create a security object with security level WRITE for user $user
# on object $obj
my $sec = My::Security->new();
$sec->{class} = ref $obj;
$sec->{object_id} = $obj->id;
$sec->{scope} = SEC_SCOPE_USER;
$sec->{scope_id} = $user->id;
$sec->{security_level} = SEC_LEVEL_WRITE;
$sec->save;
# Clone that object and change its scope to GROUP and level to READ
my $secg = $sec->clone({ scope => SEC_SCOPE_GROUP,
scope_id => $group->id,
security_level => SEC_LEVEL_READ });
$secg->save;
# Find security settings for a particular object ($spops) and user
my $settings = My::Security->fetch_by_object(
$spops,
{ user => [ $user ] } );
foreach my $scope ( keys %{ $settings } ) {
print "Security for scope $scope: $settings{ $scope }\n";
}
# See if there are any security objects protecting a particular SPOPS
# object ($spops) related to a particular user (this isn't used as
# often as 'fetch_by_object')
use SPOPS::Secure qw( SEC_SCOPE_USER );
my $sec_obj = My::Security->fetch_match( $spops,
{ scope => SEC_SCOPE_USER,
scope_id => $user->id } );
DESCRIPTION
This class implements the methods necessary to create a DBI datastore for security objects. See SPOPS::Manual::Security for a definition of the interface in broader terms.
Each security setting to an object is itself an object. In this manner we can use the SPOPS framework to create/edit/remove security settings. (Note that if you modify this class to use 'SPOPS::Secure' in its @ISA, you will probably collapse the Earth -- or at least your system -- in a self-referential object definition cycle. Do not do that.)
METHODS
fetch_by_object( $obj, [ { user => \@, group => \@ } ] )
Returns a hashref with security information for a particular object. The keys of the hashref are SEC_SCOPE_WORLD, SEC_SCOPE_USER, and SEC_SCOPE_GROUP as exported by SPOPS::Secure.
You can restrict the security returned for USER and/or GROUP by passing an arrayref of objects or ID values under the 'user' or 'group' keys.
Examples:
my \%info = $sec->fetch_by_object( $obj );
Returns all security information for $obj.
my \%info = $sec->fetch_by_object( $obj, { user => 2,
group => [ 817, 901, 716 ] } );
Returns $obj security information for WORLD, USER 2 and GROUPs 817, 901, 716.
my $current_user = My::Object->global_user_current;
my \%info = $sec->fetch_by_object( undef, { class => 'My::Object',
object_id => 'dandelion',
user => $user,
group => $user->group } );
Returns security information for the object of class My::Object
with the ID dandelion
for the current user and the user's groups.
fetch_match( $obj, { scope => SCOPE, scope_id => $ } )
Returns a security object matching the $obj for the scope and scope_id passed in, undef if none found.
Examples:
my $sec_class = 'My::Security';
# Returns security object matching $obj with a scope of WORLD
my $secw = $sec_class->fetch_match( $obj,
{ scope => SEC_SCOPE_WORLD } );
# Returns security object matching $obj with a scope of GROUP
# matching the ID from $group
my $secg = $sec_class->fetch_match( $obj,
{ scope => SEC_SCOPE_GROUP,
scope_id => $group->id } );
# Returns security object matching $obj with a scope of USER
# matching the ID from $user
my $secg = $sec_class->fetch_match( $obj, scope => SEC_SCOPE_USER,
scope_id => $user->id );
TO DO
Nothing known.
BUGS
None known.
COPYRIGHT
Copyright (c) 2001-2002 intes.net, inc.. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
AUTHORS
Chris Winters <chris@cwinters.com>