[Maypole] Maypole::Plugin::Authorization
Dave Howorth
dhoworth@mrc-lmb.cam.ac.uk
Fri, 28 Jan 2005 17:10:36 +0000
Josef Chladek wrote:
> thanks for the updates dave, there are two things:
>
> 1) in line 62 in Authorization.pm i had to add the following statement
>
> return unless $r->user;
>
> otherwise i got
>
> [error] Can't call method "id" on an undefined value at
> /usr/local/share/perl/5.8.4/Maypole/Plugin/Authorization.pm line 62.
>
> after a logout.
Thanks for this, Josef. Just before line 62, I've added:
sub get_authorized_classes {
my ($r, $userid) = @_;
+ return unless $r->user or $userid;
$userid ||= $r->user->id;
I also added equivalent tests in get_authorized_methods:
sub get_authorized_methods {
my ($r, $userid, $class) = @_;
+ return unless $r->user or $userid;
$userid ||= $r->user->id;
$class ||= $r->model_class;
+ return unless $class;
my $cdbi_class = $r->config->auth->{user_class};
> 2) to use the ok_methods i wrote something like that:
>
> ok_methods = request.get_authorized_methods
> FOR meth = ok_methods;
> IF meth == "*";
> button(item, "edit");
> button(item, "delete");
> END;
> END;
>
> is that ok or was it meant to be used in an other way?
That's the general idea. If you want to put explicit permissions for
individual actions, you'll need a more complicated IF statement, I
think. Perhaps something like this?
MACRO if_auth_button(obj, action, permitted_method) BLOCK ;
IF permitted_method == '*' OR permitted_method == action ;
button(obj, action) ;
END ;
END ;
ok_methods = request.get_authorized_methods ;
FOR meth = ok_methods ;
if_auth_button(item, "edit", meth) ;
if_auth_button(item, "delete", meth) ;
END ;
Thanks very much for your feedback.
Cheers, Dave