On Jan 23, 2009, at 2:09 AM, Jens Schwarz wrote:
Hi *,
I have some difficulties in applying flexible rules [1] in my
Catalyst app. Until now, I only used easy rules (mainly with
deny_access_unless) like:
deny_access_unless(
"/users/edit" ,
sub{ shift->check_any_user_role(qw/admin user/) }
);
What I now want to achieve is, that 'admin' users can edit _every_
user, and 'user' users only themselves. So if 'user' user foo has
p.ex. the id 5, he is allowed to /user/edit/5 but not /user/edit/4.
So I looked at the flexible rules documentation which I guess might
do the job. I tried to apply the example mentioned there but I guess
I don't understand these "die $ALLOWED"/"die $DENIED" lines (I am
still Perl/Catalyst newbie): Although I added
"Authorization::ACL::Engine" to my "use Catalyst" in myapp.pm, I get
errors like "Global symbol '$ALLOWED/$DENIED' requires explicit
package name at myapp.pm"
From the docs:
"All access control is performed using exceptions
$Catalyst::Plugin::Authorization::ACL::Engine::DENIED, and
$Catalyst::Plugin::Authorization::ACL::Engine::ALLOWED (these can be
imported from the engine module)."
Which means you either need to start your module with:
use Catalyst::Plugin::Authorization::ACL::Engine qw( $ALLOWED $DENIED );
or fully qualify them by like so:
die $Catalyst::Plugin::Authorization::ACL::Engine::DENIED unless
something();
--
Jason Kohles, RHCA RHCDS RHCE
[email protected] - http://www.jasonkohles.com/
"A witty saying proves nothing." -- Voltaire
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
