1package CGI::Application::Plugin::Authorization::Driver::SimpleGroup; 2 3use strict; 4use warnings; 5 6use base qw(CGI::Application::Plugin::Authorization::Driver); 7 8 9=head1 NAME 10 11CGI::Application::Plugin::Authorization::Driver::SimpleGroup - Simple Group based Authorization driver 12 13 14=head1 SYNOPSIS 15 16 use base qw(CGI::Application); 17 use CGI::Application::Plugin::Authorization; 18 19 __PACKAGE__->authz->config( 20 DRIVER => [ 'SimpleGroup' ], 21 # You are responsible for setting a group param somehow! 22 GET_USERNAME => sub { my $authz = shift; return $authz->cgiapp->session->param('group') }, 23 ); 24 25=head1 DESCRIPTION 26 27This driver achieves simplicity by assuming that the C<username> method of 28L<CGI::Application::Plugin::Authorization> will return a group rather than a 29username. Thus it can be directly compared with the list of authorized groups passed 30to L<authorize> 31 32=head1 EXAMPLE 33 34 use base qw(CGI::Application); 35 use CGI::Application::Plugin::Authorization; 36 37 __PACKAGE__->authz->config( 38 DRIVER => [ 'SimpleGroup' ], 39 # You are responsible for setting a group param somehow! 40 GET_USERNAME => sub { 41 my $authz = shift; 42 return $authz->cgiapp->session->param('group'); 43 }, 44 ); 45 46 sub cgiapp_prerun { 47 my $self = shift; 48 49 # here is an example of how you could set the 50 # group param that will be tested later 51 if ($ENV{REMOTE_USER} eq 'mark') { 52 $self->session->param('group' => 'admin'); 53 } 54 } 55 56 sub my_runmode { 57 my $self = shift; 58 59 # make sure the user has 'admin' privileges 60 return $self->authz->forbidden unless $self->authz->authorize('admin'); 61 62 # if we get here the user has 'admin' privileges 63 } 64 65=head1 METHODS 66 67=head2 authorize_user 68 69I<This method is not intended to be used directly. Just follow the SYNOPSIS>. 70 71This method accepts a username followed by a list of group names and will 72return true if the user belongs to at least one of the groups. 73 74=cut 75 76sub authorize_user { 77 my $self = shift; 78 my $username = shift; 79 my @groups = @_; 80 81 return 0 unless defined $username; 82 83 foreach my $group (@groups) { 84 next unless defined $group; 85 return 1 if ($username eq $group); 86 } 87 return 0; 88} 89 90=head1 SEE ALSO 91 92L<CGI::Application::Plugin::Authorization::Driver>, L<CGI::Application::Plugin::Authorization>, perl(1) 93 94 95=head1 LICENCE AND COPYRIGHT 96 97Copyright (c) 2006, Mark Stosberg. All rights reserved. 98 99This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. 100 101=cut 102 1031; 104