File Coverage

blib/lib/CGI/Application/Plugin/Authorization/Driver/SimpleGroup.pm

Criterion	Covered	Total	%
statement	17	17	100.0
branch	4	6	66.6
condition			n/a
subroutine	4	4	100.0
pod	1	1	100.0
total	26	28	92.8

line	stmt	bran	sub	pod	time	code
1						package CGI::Application::Plugin::Authorization::Driver::SimpleGroup;
2
3	2		2		3457	use strict;
	2				5
	2				78
4	2		2		11	use warnings;
	2				4
	2				67
5
6	2		2		12	use base qw(CGI::Application::Plugin::Authorization::Driver);
	2				3
	2				1011
7
8
9						=head1 NAME
10
11						CGI::Application::Plugin::Authorization::Driver::SimpleGroup - Simple Group based Authorization driver
12
13
14						=head1 SYNOPSIS
15
16						use base qw(CGI::Application);
17						use CGI::Application::Plugin::Authorization;
18
19						__PACKAGE__->authz->config(
20						DRIVER => [ 'SimpleGroup' ],
21						# You are responsible for setting a group param somehow!
22						GET_USERNAME => sub { my $authz = shift; return $authz->cgiapp->session->param('group') },
23						);
24
25						=head1 DESCRIPTION
26
27						This driver achieves simplicity by assuming that the C method of
28						L will return a group rather than a
29						username. Thus it can be directly compared with the list of authorized groups passed
30						to L
31
32						=head1 EXAMPLE
33
34						use base qw(CGI::Application);
35						use CGI::Application::Plugin::Authorization;
36
37						__PACKAGE__->authz->config(
38						DRIVER => [ 'SimpleGroup' ],
39						# You are responsible for setting a group param somehow!
40						GET_USERNAME => sub {
41						my $authz = shift;
42						return $authz->cgiapp->session->param('group');
43						},
44						);
45
46						sub cgiapp_prerun {
47						my $self = shift;
48
49						# here is an example of how you could set the
50						# group param that will be tested later
51						if ($ENV{REMOTE_USER} eq 'mark') {
52						$self->session->param('group' => 'admin');
53						}
54						}
55
56						sub my_runmode {
57						my $self = shift;
58
59						# make sure the user has 'admin' privileges
60						return $self->authz->forbidden unless $self->authz->authorize('admin');
61
62						# if we get here the user has 'admin' privileges
63						}
64
65						=head1 METHODS
66
67						=head2 authorize_user
68
69						I.
70
71						This method accepts a username followed by a list of group names and will
72						return true if the user belongs to at least one of the groups.
73
74						=cut
75
76						sub authorize_user {
77	4		4	1	66	my $self = shift;
78	4				5	my $username = shift;
79	4				9	my @groups = @_;
80
81	4	50			9	return 0 unless defined $username;
82
83	4				9	foreach my $group (@groups) {
84	6	50			13	next unless defined $group;
85	6	100			34	return 1 if ($username eq $group);
86						}
87	2				13	return 0;
88						}
89
90						=head1 SEE ALSO
91
92						L, L, perl(1)
93
94
95						=head1 LICENCE AND COPYRIGHT
96
97						Copyright (c) 2006, Mark Stosberg. All rights reserved.
98
99						This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
100
101						=cut
102
103						1;