Re: [cgiapp] CAP::Authentication or CAP::Authorization

Sun, 02 Apr 2006 17:02:56 -0700 

On 4/2/06, Kevin <[EMAIL PROTECTED]> wrote:
> Cees,
>
> Thank you for your reply.
>
> I have the Authentication portion working properly.  If I wanted to break up
> the runmodes using different modules depending on the users privileges,
> would  CGI::Application::Dispatch be the way to handle the different
> modules?

You can, but you don't have to.  You could just create two separate
instance scripts, that load two different modules.  It makes sense to
create a base class that both of these modules inherit from so that
you can share the common code between them (like the authentication
and session stuff).

Here is a brief structure that might help get you started:

package MyBase;

use base qw(CGI::Application);

use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::Authentication;
use CGI::Application::Plugin::Authorization;

__PACKAGE__->authen->config(
    DRIVER => ['HTPasswd', '/etc/apache/htpasswd' ],
);

__PACKAGE__->authz->config(
    DRIVER => [ 'HTGroup', '/etc/apache/htgroup' ],
);

1;


package MyAdmin;

use base qw(MyBase);

__PACKAGE__->authen->protected_runmodes(':all');

sub cgiapp_prerun
    my $self = shift;

    if (!$self->authz->authorize('admin')) {
        # Does this user belong to the admin group?
        $self->prerun_mode('authz_forbidden');
    }
}

sub myrunmode {
    my $self = shift;

    # only users with admin group previleges should be able to get here
}

1;


#!/usr/bin/perl

use MyAdmin;
MyAdmin->new->run;


package MyOther;

use base qw(MyBase);

__PACKAGE__->authen->protected_runmodes(':all');


sub myrunmode {
    my $self = shift;

    # anyone that is logged in can access this one
}

sub myprotectedrunmode {
    my $self = shift;

    return $self->authz->forbidden unless $self->authz->authorize('foobar');
    # only users in the right group can access this one
}

1;


#!/usr/bin/perl

use MyOther;
MyOther->new->run;

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/[email protected]/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to