Hey,
Either I have uncovered a bug in the Plugin::Authorization or I am
doing something still. This is how I am setting up Authorization in
the cgiapp_init function of my superclass of my CGI::Application:
# This appears first
$self->authorization('is_user')->config(
DRIVER => [
'DBI',
DBH => $dbh,
TABLES => [ 'author', 'article' ],
JOIN_ON => 'author.authorId = article.authorId',
CONSTRAINTS => {
'author.username' => '__USERNAME__',
'article.articleId' => '__PARAM_1__',
},
],
FORBIDDEN_RUNMODE => 'forbidden',
);
# Then directly after this follows
$self->authorization('is_clearence')->config(
DRIVER => [
'DBI',
DBH => $dbh,
TABLES => ['author'],
CONSTRAINTS => {
'author.username' => '__USERNAME__',
'author.clearence' => '__PARAM_1__',
},
],
FORBIDDEN_RUNMODE => 'forbidden',
);
Now things were not working as I expected them to, so I edited the
DBI (DBI.pm around line 297) driver to print out the sql.
This was my results:
By executing this command: $self->authorization('is_user')->authorize
($id);
SELECT count(*) FROM author WHERE author.clearence = ? AND
author.username = ?
However, I was expecting this:
SELECT count(*) FROM author, article WHERE author.authorId =
article.authorId AND author.username = ? AND article.articleId = ?
By executing this comment: $self->authorization('is_clearence')-
>authorize($id);
SELECT count(*) FROM author WHERE author.clearence = ? AND
author.username = ?
For some reason they both are executing the same sql. I though by
using the named version of each I could have separate checks for each
one. Why am I overwrite the first one?
Thanks.
Michael Petnuch: developer and webmaster for petnuch.com
contact | [EMAIL PROTECTED] - 914-837-6463 | aim - mpetnuch
