/ 
AxKit-App-TABOO-0.021
River stage zero No dependents
/ AxKit::App::TABOO::XSP::User

NAME

AxKit::App::TABOO::XSP::User - User information management and authorization tag library for TABOO

SYNOPSIS

Add the user: namespace to your XSP <xsp:page> tag, e.g.:

<xsp:page
     language="Perl"
     xmlns:xsp="http://apache.org/xsp/core/v1"
     xmlns:user="http://www.kjetil.kjernsmo.net/software/TABOO/NS/User"
>

Add this taglib to AxKit (via httpd.conf or .htaccess):

AxAddXSPTaglib AxKit::App::TABOO::XSP::User

DESCRIPTION

This XSP taglib provides a few tags to retrieve, set, modify and save user information, as it communicates with TABOO Data objects, particulary AxKit::App::TABOO::Data::User and <AxKit::App::TABOO::Data::User::Contributor>.

Apache::AxKit::Language::XSP::SimpleTaglib has been used to write this taglib.

Tag Reference

<store/>

It will take whatever data it finds in the Apache::Request object held by AxKit, and hand it to a new AxKit::App::TABOO::Data::User object, which will use whatever data it finds useful. It may also take newpasswd1 and newpasswd2 fields, and if they are encountered, they will be checked if they are equal and then the password will be encrypted before it is sent to the Data object. The Data object is then instructed to save itself.

<get-passwd username="foo"/>

This tag will return the password of a user. The username may be given in an attribute or child element named username.

<get-authlevel username="foo"/>

This tag will return the authorization level of a user, which is an integer that may be used to grant or deny access to certain elements or pages. The username may be given in an attribute or child element named username.

<this-user username="foo"/>

This tag will return and XML representation of the user information. The username may be given in an attribute or child element named username.

<password-matches>

This tag is a boolean tag, which has child elements <true> and <false>. First, it needs a username, which may be given as an attribute or a child element named username, and the cleartext password in a child element <clear>. If the password is valid, the contents of the <true> element will be included in the output document. Conversely, if it is invalid, the contents of <false> will be in the result document. For example:

      <user:password-matches>
	<user:username>foo</user:username>
	<user:clear>trustno1</user:clear>
	<user:true><p>Password is valid</p></user:true>
	<user:false><p>Password is invalid</p></user:false>
      </user:password-matches>

<is-authorized authlevel="5" username="foo">

This is a boolean tag, which has child elements <true> and <false>. It takes an autherization level in an attribute or child element named authlevel, and an attribute or child element named username. If the authenticated user has it least this level or the given username matches the username of the authenticated user, the contents of the <true> element will be included in the output document. Conversely, if the user has insufficient privileges the contents of <false> will be in the result document. If the user has not been authenticated at all, the tag will throw a exception with an AUTH_REQUIRED code.

NOTE: This should not be looked upon as a "security feature". While it is possible to use it to make sure that an input control is not shown to someone who is not authorized to modify it (and this may indeed be its primary use), a malicious user could still insert data to that field by supplying arguments in a POST or GET request. Consequently, critical data must be checked for sanity before they are passed to the Data objects. The Data objects themselves are designed to believe anything they're fed, so it is most natural to do it in a taglib before handing the data to a Data object. See e.g. the internals of the <store/> tag for an example.

FORMALITIES

See AxKit::App::TABOO.