Hey Cees,
I put up a test script on my website. Since I was using the DBI
driver I created a simple database to show the problem (just in case
its a problem with the DBI driver?). Anyway, included in the files
is a database dump. I am using MySQL 5 and the latest versions of
CGI::App and the Auth and Authz plugins. I put the files here:
http://www.petnuch.com/TEST_FOR_CEES/
Michael Petnuch
P.S. I hope this is what you wanted, because I am not really familiar
with the Perl "test" modules to create an example using one of those.
On Jun 16, 2006, at 9:25 AM, Cees Hek wrote:
On 6/16/06, Michael Petnuch <[EMAIL PROTECTED]> wrote:
Hey,
Either I have uncovered a bug in the Plugin::Authorization
or I am
doing something still. This is how I am setting up Authorization in
the cgiapp_init function of my superclass of my CGI::Application:
That definately sounds like a bug to me. If you can, it would help if
you could create a small test file that recreates this problem.
Cheers,
Cees
# This appears first
$self->authorization('is_user')->config(
DRIVER => [
'DBI',
DBH => $dbh,
TABLES => [ 'author', 'article' ],
JOIN_ON => 'author.authorId = article.authorId',
CONSTRAINTS => {
'author.username' => '__USERNAME__',
'article.articleId' => '__PARAM_1__',
},
],
FORBIDDEN_RUNMODE => 'forbidden',
);
# Then directly after this follows
$self->authorization('is_clearence')->config(
DRIVER => [
'DBI',
DBH => $dbh,
TABLES => ['author'],
CONSTRAINTS => {
'author.username' => '__USERNAME__',
'author.clearence' => '__PARAM_1__',
},
],
FORBIDDEN_RUNMODE => 'forbidden',
);
Now things were not working as I expected them to, so I edited the
DBI (DBI.pm around line 297) driver to print out the sql.
This was my results:
By executing this command: $self->authorization('is_user')->authorize
($id);
SELECT count(*) FROM author WHERE author.clearence = ? AND
author.username = ?
However, I was expecting this:
SELECT count(*) FROM author, article WHERE author.authorId =
article.authorId AND author.username = ? AND article.articleId = ?
By executing this comment: $self->authorization('is_clearence')-
>authorize($id);
SELECT count(*) FROM author WHERE author.clearence = ? AND
author.username = ?
For some reason they both are executing the same sql. I though by
using the named version of each I could have separate checks for each
one. Why am I overwrite the first one?
Thanks.
Michael Petnuch: developer and webmaster for petnuch.com
contact | [EMAIL PROTECTED] - 914-837-6463 | aim - mpetnuch
Michael Petnuch: developer and webmaster for petnuch.com
contact | [EMAIL PROTECTED] - 914-837-6463 | aim - mpetnuch
