Tree::AuthzTree::Authz is an inheritance-based authorization scheme. | |
Download |
Tree::Authz Ranking & Summary
Advertisement
- License:
- Perl Artistic License
- Price:
- FREE
- Publisher Name:
- David Baird
- Publisher web site:
- http://search.cpan.org/~davebaird/Tree-Authz-0.03/lib/Tree/Authz.pm
Tree::Authz Tags
Tree::Authz Description
Tree::Authz is an inheritance-based authorization scheme. Tree::Authz is an inheritance-based authorization scheme.SYNOPSIS use Tree::Authz; my $roles = { superuser => , spymasters => , spies => , informants => , moles => , politicians => , citizens => , }; my $authz = Tree::Authz->setup_hierarchy( $roles, 'SpyLand' ); my $superuser = $authz->role( 'superuser' ); my $spies = $authz->role( 'spies' ); my $citizens = $authz->role( 'citizens' ); my $base = $authz->role( 'base' ); $spies ->setup_permissions( ); $citizens->setup_permissions( 'vote' ); $base ->setup_permissions( 'breathe' ); foreach my $role ( $superuser, $spies, $citizens, $base ) { foreach my $ability ( qw( unspecified_ability spy spies read_secrets wear_disguise vote breathe can ) ) { if ( $role->can( $ability ) ) { print "$role can '$ability'n"; } else { print "$role cannot '$ability'n"; } } } # prints: superuser can 'unspecified_ability' # superpowers! superuser can 'spy' superuser can 'spies' superuser can 'read_secrets' superuser can 'wear_disguise' superuser can 'vote' superuser can 'breathe' superuser can 'can' spies cannot 'unspecified_ability' spies can 'spy' spies can 'spies' spies can 'read_secrets' spies can 'wear_disguise' spies can 'vote' spies can 'breathe' spies can 'can' citizens cannot 'unspecified_ability' citizens cannot 'spy' citizens cannot 'spies' citizens cannot 'read_secrets' citizens cannot 'wear_disguise' citizens can 'vote' citizens can 'breathe' citizens can 'can' base cannot 'unspecified_ability' base cannot 'spy' base cannot 'spies' base cannot 'read_secrets' base cannot 'wear_disguise' base cannot 'vote' base cannot 'breathe' # ! base cannot 'can' # !! # storing code on the nodes (roles) of the tree $spies->setup_abilities( read_secret => $coderef ); print $spies->read_secret( '/path/to/secret/file' ); $spies->setup_plugins( 'My::Spies::Skills' ); $spies->fly( $jet ); # My::Spies::Skills::flyClass for inheritable, role-based permissions system (Role Based Access Control - RBAC).Custom methods can be placed on role objects. Authorization can be performed either by checking whether the role name matches the required name, or by testing (via can) whether the role can perform the method required.Two role are specified by default. At the top, superusers can do anything ($superuser->can( $action ) always returns a coderef). At the bottom, the base role can do nothing ($base->can( $action ) always returns undef).All roles are automatically capable of authorizing actions named for the singular and plural of the role name. Requirements: · Perl
Tree::Authz Related Software