1package CGI::Application::Plugin::Authorization::Driver::SimpleGroup;
2
3use strict;
4use warnings;
5
6use base qw(CGI::Application::Plugin::Authorization::Driver);
7
8
9=head1 NAME
10
11CGI::Application::Plugin::Authorization::Driver::SimpleGroup - Simple Group based Authorization driver
12
13
14=head1 SYNOPSIS
15
16 use base qw(CGI::Application);
17 use CGI::Application::Plugin::Authorization;
18
19 __PACKAGE__->authz->config(
20       DRIVER => [ 'SimpleGroup' ],
21       # You are responsible for setting a group param somehow!
22       GET_USERNAME => sub { my $authz = shift; return $authz->cgiapp->session->param('group') },
23 );
24
25=head1 DESCRIPTION
26
27This driver achieves simplicity by assuming that the C<username> method of
28L<CGI::Application::Plugin::Authorization> will return a group rather than a
29username. Thus it can be directly compared with the list of authorized groups passed
30to L<authorize>
31
32=head1 EXAMPLE
33
34 use base qw(CGI::Application);
35 use CGI::Application::Plugin::Authorization;
36
37 __PACKAGE__->authz->config(
38    DRIVER => [ 'SimpleGroup' ],
39    # You are responsible for setting a group param somehow!
40    GET_USERNAME => sub {
41        my $authz = shift;
42        return $authz->cgiapp->session->param('group');
43    },
44 );
45
46 sub cgiapp_prerun {
47    my $self = shift;
48
49    # here is an example of how you could set the
50    # group param that will be tested later
51    if ($ENV{REMOTE_USER} eq 'mark') {
52        $self->session->param('group' => 'admin');
53    }
54 }
55
56 sub my_runmode {
57    my $self = shift;
58
59    # make sure the user has 'admin' privileges
60    return $self->authz->forbidden unless $self->authz->authorize('admin');
61
62    # if we get here the user has 'admin' privileges
63 }
64
65=head1 METHODS
66
67=head2 authorize_user
68
69I<This method is not intended to be used directly. Just follow the SYNOPSIS>.
70
71This method accepts a username followed by a list of group names and will
72return true if the user belongs to at least one of the groups.
73
74=cut
75
76sub authorize_user {
77    my $self = shift;
78    my $username = shift;
79    my @groups = @_;
80
81    return 0 unless defined $username;
82
83    foreach my $group (@groups) {
84        next unless defined $group;
85        return 1 if ($username eq $group);
86    }
87    return 0;
88}
89
90=head1 SEE ALSO
91
92L<CGI::Application::Plugin::Authorization::Driver>, L<CGI::Application::Plugin::Authorization>, perl(1)
93
94
95=head1 LICENCE AND COPYRIGHT
96
97Copyright (c) 2006, Mark Stosberg. All rights reserved.
98
99This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
100
101=cut
102
1031;
104