NAME

Class::User::DBI::Privileges - A Privileges class.

VERSION

Version 0.10

SYNOPSIS

Through a DBIx::Connector object, this module models a "Privileges" class, used for Roles Based Access Control. Class::User::DBI allows each user to have a single role, and Class::User::DBI::RolePrivileges allows each role to have multiple privileges. And so goes the heirarchy: A user has a role, and a role has privileges.

# Set up a connection using DBIx::Connector:
# MySQL database settings:

my $conn = DBIx::Connector->new(
    'dbi:mysql:database=cudbi_tests, 'testing_user', 'testers_pass',
    {
        RaiseError => 1,
        AutoCommit => 1,
    }
);


# Now we can play with Class::User::DBI::Privileges

# Set up a 'privileges' table in the database.
Class::User::DBI::Roles->configure_db( $conn );

my $p = Class::User::DBI::Privileges->new( $conn );

$p->add_privileges( 
    [ 'work', 'Authorized to work' ],
    [ 'play', 'Authorized to play' ],
);

print "Privilege exists." if $p->exists_privilege( 'work' );

my @privileges = $p->fetch_privileges;
foreach my $privilege ( @privileges ) {
    my( $name, $description ) = @{$privilege};
    print "$name => $description\n";
}

print "Description for 'work' privilege: ", 
      $p->get_privilege_description( 'work' );

$p->set_privilege_description( 'work', 'Right to work hard.' );

$p->delete_privileges( 'work' ); # Pass a list for multiple deletes.

DESCRIPTION

This is a maintenance class facilitating the creation, deletion, and testing of privileges that are compatible with Class::User::DBI's roles, and Class::User::DBI::RolePrivileges privileges.

A common usage is to configure a database table, and then add a few privileges along with their descriptions. Think of privileges as authorizations that a given role (group) may have.

Then use Class::User::DBI::Roles to create roles, and Class::User::DBI::RolePrivileges to associate one or more privileges with a given role. Finally, use Class::User::DBI to associate a role with one or more users.

EXPORT

Nothing is exported. There are many object methods, and three class methods, described in the next section.

SUBROUTINES/METHODS

new (The constructor -- Class method.)

my $priv_obj = Class::User::DBI::Privileges->new( $connector );

Creates a privileges object that can be manipulated to set and get roles from the database's 'cud_privileges' table. Pass a DBIx::Connector object as a parameter. Throws an exception if it doesn't get a valid DBIx::Connector.

configure_db (Class method)

Class::User::DBI::Privileges->configure_db( $connector );

This is a class method. Pass a valid DBIx::Connector as a parameter. Builds a minimal database table in support of the Class::User::DBI::Privileges class.

The table created will be cud_privileges.

add_privileges

$p->add_privileges( [ 'goof_off', 'Authorization to goof off' ], ... );

Add one or more privileges. Each privilege must be bundled along with its description in an array ref. Pass an AoA for multiple privileges, or just an aref for a single privilege/description pair.

It will drop requests to add privileges that already exist.

Returns a count of privileges added, which may be less than the number passed if one already existed.

delete_privileges

$p->delete_privileges( 'goof_off', 'play' ); # Now we can only work.

Deletes from the database all privileges specified. Return value is the number of privileges actually deleted, which may be less than the number of privileges requested if any of the requested privileges didn't exist in the database to begin with.

exists_privilege

print "Privilege exists." if $p->exists_privilege( 'work' );

Returns true if a given privilege exists, and false if not.

fetch_privileges

foreach my $priv ( $p->fetch_privileges ) {
    print "$priv->[0] = $priv->[1]\n";
}

Returns an array of array refs. Each array ref contains the privilege's name and its description as the first and second elements, respectively.

An empty list means there are no privileges defined.

get_privilege_description

my $description = $p->get_privilege_description( 'work' );

Returns the description for a given privilege. Throws an exception if the privilege doesn't exist, so be sure to test with $r->exists_privilege( 'work' ) first.

set_privilege_description

$p->set_privilege_description( 'work', 'New work priv description.' );

Sets a new description for a given privilege. If the privilege doesn't exist in the database, if not enough parameters are passed, or if any of the params are undef, an exception will be thrown. To update a privilege by giving it a blank description, pass an empty string as the description.

DEPENDENCIES

The dependencies for this module are the same as for Class::User::DBI, from this same distribution. Refer to the documentation in that module for a full description.

CONFIGURATION AND ENVIRONMENT

Please refer to the configure_db() class method for this module for a simple means of creating the table that supports this class.

All SQL for this distribution is contained in the Class::User::DBI::DB module.

DIAGNOSTICS

If you find that your particular database engine is not playing nicely with the test suite from this module, it may be necessary to provide the database login credentials for a test database using the same engine that your application will actually be using. You may do this by setting $ENV{CUDBI_TEST_DSN}, $ENV{CUDBI_TEST_DATABASE}, $ENV{CUDBI_TEST_USER}, and $ENV{CUDBI_TEST_PASS}.

Currently the test suite tests against a SQLite database since it's such a lightweight dependency for the testing. The author also uses this module with several MySQL databases. As you're configuring your database, providing its credentials to the tests and running the test scripts will offer really good diagnostics if some aspect of your database tables proves to be at odds with what this module needs.

INCOMPATIBILITIES

This module has only been tested on MySQL and SQLite database engines. If you are successful in using it with other engines, please send me an email detailing any additional configuration changes you had to make so that I can document the compatibility, and improve the documentation for the configuration process.

BUGS AND LIMITATIONS

AUTHOR

David Oswald, <davido at cpan.org>

BUGS

Please report any bugs or feature requests to bug-class-user-dbi at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Class-User-DBI. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Class::User::DBI::Privileges

You can also look for information at:

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Copyright 2012 David Oswald.

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.