I backed up to a simple test script, got easier to find errors, and
found the trouble with what I was doing.
__PACKAGE__->many_to_many(roles => 'user_roles', 'name');
needed to be
__PACKAGE__->many_to_many(roles => 'user_roles', 'role');
and a corresponding many_to_many in Role.pm
__PACKAGE__->many_to_many(users => 'user_roles', 'user');
So, I'm all good now but still a bit mystified about the silent
failure(?).
Thanks again,
-Ashley
On Dec 16, 2007, at 10:49 PM, Ashley Pond V wrote:
Thanks for still looking at this, Jay. This is the top of the
method with some "die" decoration:
Take 1:
my ( $self, $c ) = @_;
die "This will die";
$c->assert_user_roles("no such role");
Take 2:
my ( $self, $c ) = @_;
$c->assert_user_roles("no such role");
die "This will not fire";
I can put the assert in an eval block but $@ is not set so it
doesn't help to see what's happening. There is no information in
the logs at the point the code fails.
I guess I'll ask our admin to pull
Catalyst::Plugin::Authentication::Store::DBIx::Class, yeah?
Authentication is working fine, by the by. It's just Authorization
that's wonky right now.
Pasting my setup stuff below.
-Ashley
--
use Catalyst qw/
ConfigLoader
-Debug
Unicode
StackTrace
Static::Simple
Authentication
Authorization::Roles
Session
Session::Store::FastMmap
Session::State::Cookie
/;
----------------
...User.pm
__PACKAGE__->has_many(
"user_roles",
"MyApp::Schema::UserRole",
{ "foreign.user" => "self.id" },
);
# Created by DBIx::Class::Schema::Loader v0.04004 @ 2007-12-16
13:36:55
# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:qroNdEXQL4pOH80kVPQquw
__PACKAGE__->many_to_many(roles => 'user_roles', 'name');
---------------
yml
authentication:
default_realm: users
realms:
users:
credential:
class: Password
password_type: hashed
password_hash_type: SHA-1
store:
class: DBIx::Class
user_class: User
role_relation: roles
role_field: name
# doesn't matter whether or not the authorization stuff is there
but this is what i've played with (and *many* permutations of the
arguments)
authorization:
dbic:
role_class: Role
role_field: name
user_class: User
user_field: user
user_role_user_field: user
user_role_role_field: role
role_rel: user_roles
user_role_class: UserRole
On Dec 16, 2007, at 9:20 PM, Jay K wrote:
Hi Ashley,
The log message you see is a result of the recent move away from
the Catalyst::Plugin::Authentication namespace for stores /
credentials.
It falls back to the old naming and warns if it can't find the new
module.. It should, however, have no effect on the functionality
of the code.
It's not a bad idea to update the DBIx::Class store - but be sure
to remove the Catalyst::Plugin::Authentication::Store::DBIx::Class
module first - just to avoid conflicts. Nothing has changed
related to roles in the update, so it shouldn't make any difference.
I don't know why the assert is failing, it should not - what do
you get if you use $c->check_user_roles() - valid results?
Jay
On Dec 16, 2007, at 4:27 PM, Ashley Pond V wrote:
Continuing saga. So I set up the many_to_many and lo! It worked.
But it worked with *any* role, even fake ones, so obviously
something was bad. Turned out that it was silently failing
instead of throwing an access exception (but there was a template
set by the namespace so the page rendered as expected).
# failed silently (as far as Cat was concerned)
$c->assert_user_roles("there is no role called this");
So, dug into the log:
[Sun Dec 16 16:13:20 2007] [error] [client 67.170.68.172] [warn]
Store class "Catalyst::Authentication::Store::DBIx::Class" not
found, trying deprecated ::Plugin:: style naming. , referer: [...]
Would love to have more, rather than fewer exceptions thrown. I
think the missing class was the cause of a couple of red herrings
I followed down the rabbit hole trying to get this running
yesterday [I'm entitled to mix metaphors, I pay an annual fee].
After I get an admin to install the missing package in the
morning I'll regale you with my next series of missteps and
annoying language.
Live free or die early, die often,
-Ashley
On Dec 15, 2007, at 9:52 PM, Jay K wrote:
Hi There Ashley,
The DBIx::Class module expects to use the relation provided in
the role_relation config element to retrieve one or more rows,
which must contain a field called by whatever you provide in
role_field.
My guess is that your user_roles table is a cross-ref table -
userid and roleid essentially. In order to solve this you need
to use a many_to_many relationship mapping to the textual role
names.
The DBIx::Class module expects you are going to route it to the
information it needs using the role_relation. So what you
really need to do is create the schema class and just define the
many-to-many for roles. Then provide that relation to
'role_relation' and all your problems should go away.
It still works with dynamic schema - but you have to create the
relationship. You can do that by creating your schema module to
look something like this:
package MyApp::Schema::Users;
use strict;
use warnings;
use base 'DBIx::Class';
__PACKAGE__->load_components("PK::Auto", "Core");
__PACKAGE__->has_many('roles_map', "MyApp::Schema::RoleMap",
user_id');
__PACKAGE__->many_to_many( roles => 'role_map, 'role');
1;
I might have that slightly wrong - I've been moving today so I'm
a bit overtired. but basically that allows your schema to
dynamically figure itself out, but you define the relationships
for it.
For some database types, DBIx::Class can figure out your
relationships for you - but I don't think it can sort out many-
to-many's anyway.
Hope that helps. And I hope it makes as much sense to you as I
make to myself in my head at the moment. This, I understand,
may not be the case. If not, I'll try again tomorrow.
Jay
On Dec 15, 2007, at 5:57 PM, Ashley Pond V wrote:
Progressing… Looking at Catalyst/Plugin/Authentication/Store/
DBIC/User.pm I saw a couple of items in the "authentication"
config I could set. With "role_relation" and "role_field" set--
authentication:
default_realm: users
realms:
users:
credential:
class: Password
password_field: password
password_type: hashed
password_hash_type: SHA-1
store:
class: DBIx::Class
user_class: User
role_relation: user_roles
role_field: role
--I now get the roles checked but they are failing because they
are checking (returning) the role "id" instead of the "name."
$c->user->roles returns a list of the IDs too. So, from reading
this,
Catalyst::Plugin::Authentication::Store::DBIx::Class::roles()
it looks like dynamic loader schemas are incompatible right
now? I'm trying to figure this out but there is a lot of inter-
related code to read, cross-package-configuration, and
documentation drift/lag.
Throw me a bone, er, a line!
-Ashley
On Dec 15, 2007, at 10:18 AM, Ashley Pond V wrote:
Can you elaborate? "map_user_role" ne "user_role." I have
"role_rel" set to the UserRole class. I tried adding
"user_role" but it didn't help and I don't see it anywhere in
the docs.
I should rephrase, I think. Is anyone using
DBIC::Schema::Loader dynamically with role authorization? If
so, please share your configuration or advise of which FMTR.
Thanks again,
-Ashley
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/
catalyst
Searchable archive: http://www.mail-archive.com/
[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
---
For most things, throwing yourself at the wall over and over is
a better way to improve than thinking hard about the wall and
taking pictures of it. -- D.Litwack
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/
catalyst
Searchable archive: http://www.mail-archive.com/
[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/
[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
---
"Those who can make you believe absurdities can make you commit
atrocities." --Voltaire
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/
[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/
[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
