/ 
App-Dochazka-REST-0.463
River stage zero No dependents
/ App::Dochazka::REST::ACL

NAME

App::Dochazka::REST::Dispatch::ACL - ACL module

VERSION

Version 0.463

DESCRIPTION

This module provides helper code for ACL checks.

EXPORTS

PACKAGE VARIABLES

The 'check_acl' routine uses a hash to look up which privlevels satisfy a given ACL profile.

FUNCTIONS

check_acl

Compare ACL profile of a resource, $profile, with the privlevel of the current employee, $privlevel. If the former is at least as high as the latter, the function returns true, otherwise false.

check_acl_context

Check ACL and compare with eid in request body. This routine is designed for resources that have an ACL profile of 'active'. If the request body contains an 'eid' property, it is checked against the current user's EID. If they are different and the current user's priv is 'active', DOCHAZKA_FORBIDDEN_403 is returned; otherwise, an OK status is returned to signify that the check passed.

If the request body does not contain an 'eid' property, it is added.

acl_check_is_me

Takes a property and a value. The property can be 'eid', 'nick', or 'sec_id'. This routine checks the eid/nick/sec_id against $self->context->{'current_obj'} (the current employee object) and returns a boolean value answering the question "is this me?"

acl_check_is_my_report

Takes a property and a value. The property can be 'eid', 'nick', or 'sec_id'. This routine first gets the employee object corresponding to the eid/nick/sec_id and then checks if the current employee is that employee's supervisor.