Re: [Catalyst] no role configuration found -- authorization: dbic and DBI::Schema::Loader
I backed up to a simple test script, got easier to find errors, and
found the trouble with what I was doing.
__PACKAGE__-many_to_many(roles = 'user_roles', 'name');
needed to be
__PACKAGE__-many_to_many(roles = 'user_roles', 'role');
and a corresponding many_to_many in Role.pm
__PACKAGE__-many_to_many(users = 'user_roles', 'user');
So, I'm all good now but still a bit mystified about the silent
failure(?).
Thanks again,
-Ashley
On Dec 16, 2007, at 10:49 PM, Ashley Pond V wrote:
Thanks for still looking at this, Jay. This is the top of the
method with some die decoration:
Take 1:
my ( $self, $c ) = @_;
die This will die;
$c-assert_user_roles(no such role);
Take 2:
my ( $self, $c ) = @_;
$c-assert_user_roles(no such role);
die This will not fire;
I can put the assert in an eval block but $@ is not set so it
doesn't help to see what's happening. There is no information in
the logs at the point the code fails.
I guess I'll ask our admin to pull
Catalyst::Plugin::Authentication::Store::DBIx::Class, yeah?
Authentication is working fine, by the by. It's just Authorization
that's wonky right now.
Pasting my setup stuff below.
-Ashley
--
use Catalyst qw/
ConfigLoader
-Debug
Unicode
StackTrace
Static::Simple
Authentication
Authorization::Roles
Session
Session::Store::FastMmap
Session::State::Cookie
/;
...User.pm
__PACKAGE__-has_many(
user_roles,
MyApp::Schema::UserRole,
{ foreign.user = self.id },
);
# Created by DBIx::Class::Schema::Loader v0.04004 @ 2007-12-16
13:36:55
# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:qroNdEXQL4pOH80kVPQquw
__PACKAGE__-many_to_many(roles = 'user_roles', 'name');
---
yml
authentication:
default_realm: users
realms:
users:
credential:
class: Password
password_type: hashed
password_hash_type: SHA-1
store:
class: DBIx::Class
user_class: User
role_relation: roles
role_field: name
# doesn't matter whether or not the authorization stuff is there
but this is what i've played with (and *many* permutations of the
arguments)
authorization:
dbic:
role_class: Role
role_field: name
user_class: User
user_field: user
user_role_user_field: user
user_role_role_field: role
role_rel: user_roles
user_role_class: UserRole
On Dec 16, 2007, at 9:20 PM, Jay K wrote:
Hi Ashley,
The log message you see is a result of the recent move away from
the Catalyst::Plugin::Authentication namespace for stores /
credentials.
It falls back to the old naming and warns if it can't find the new
module.. It should, however, have no effect on the functionality
of the code.
It's not a bad idea to update the DBIx::Class store - but be sure
to remove the Catalyst::Plugin::Authentication::Store::DBIx::Class
module first - just to avoid conflicts. Nothing has changed
related to roles in the update, so it shouldn't make any difference.
I don't know why the assert is failing, it should not - what do
you get if you use $c-check_user_roles() - valid results?
Jay
On Dec 16, 2007, at 4:27 PM, Ashley Pond V wrote:
Continuing saga. So I set up the many_to_many and lo! It worked.
But it worked with *any* role, even fake ones, so obviously
something was bad. Turned out that it was silently failing
instead of throwing an access exception (but there was a template
set by the namespace so the page rendered as expected).
# failed silently (as far as Cat was concerned)
$c-assert_user_roles(there is no role called this);
So, dug into the log:
[Sun Dec 16 16:13:20 2007] [error] [client 67.170.68.172] [warn]
Store class Catalyst::Authentication::Store::DBIx::Class not
found, trying deprecated ::Plugin:: style naming. , referer: [...]
Would love to have more, rather than fewer exceptions thrown. I
think the missing class was the cause of a couple of red herrings
I followed down the rabbit hole trying to get this running
yesterday [I'm entitled to mix metaphors, I pay an annual fee].
After I get an admin to install the missing package in the
morning I'll regale you with my next series of missteps and
annoying language.
Live free or die early, die often,
-Ashley
On Dec 15, 2007, at 9:52 PM, Jay K wrote:
Hi There Ashley,
The DBIx::Class module expects to use the relation provided in
the role_relation config element to retrieve one or more rows,
which must contain a field called by whatever you provide in
role_field.
My guess is that your user_roles table is a cross-ref table -
userid and roleid essentially. In order to solve this you need
to use a many_to_many relationship mapping to the textual role
names.
The DBIx::Class module expects you are going to route it to the
information it needs using the role_relation. So what you
really need to do is create the schema class and just define the
many-to-many
Re: [Catalyst] no role configuration found -- authorization: dbic and DBI::Schema::Loader
Continuing saga. So I set up the many_to_many and lo! It worked. But
it worked with *any* role, even fake ones, so obviously something was
bad. Turned out that it was silently failing instead of throwing an
access exception (but there was a template set by the namespace so
the page rendered as expected).
# failed silently (as far as Cat was concerned)
$c-assert_user_roles(there is no role called this);
So, dug into the log:
[Sun Dec 16 16:13:20 2007] [error] [client 67.170.68.172] [warn]
Store class Catalyst::Authentication::Store::DBIx::Class not found,
trying deprecated ::Plugin:: style naming. , referer: [...]
Would love to have more, rather than fewer exceptions thrown. I think
the missing class was the cause of a couple of red herrings I
followed down the rabbit hole trying to get this running yesterday
[I'm entitled to mix metaphors, I pay an annual fee]. After I get an
admin to install the missing package in the morning I'll regale you
with my next series of missteps and annoying language.
Live free or die early, die often,
-Ashley
On Dec 15, 2007, at 9:52 PM, Jay K wrote:
Hi There Ashley,
The DBIx::Class module expects to use the relation provided in the
role_relation config element to retrieve one or more rows, which
must contain a field called by whatever you provide in role_field.
My guess is that your user_roles table is a cross-ref table -
userid and roleid essentially. In order to solve this you need to
use a many_to_many relationship mapping to the textual role names.
The DBIx::Class module expects you are going to route it to the
information it needs using the role_relation. So what you really
need to do is create the schema class and just define the many-to-
many for roles. Then provide that relation to 'role_relation' and
all your problems should go away.
It still works with dynamic schema - but you have to create the
relationship. You can do that by creating your schema module to
look something like this:
package MyApp::Schema::Users;
use strict;
use warnings;
use base 'DBIx::Class';
__PACKAGE__-load_components(PK::Auto, Core);
__PACKAGE__-has_many('roles_map', MyApp::Schema::RoleMap,
user_id');
__PACKAGE__-many_to_many( roles = 'role_map, 'role');
1;
I might have that slightly wrong - I've been moving today so I'm a
bit overtired. but basically that allows your schema to
dynamically figure itself out, but you define the relationships for
it.
For some database types, DBIx::Class can figure out your
relationships for you - but I don't think it can sort out many-to-
many's anyway.
Hope that helps. And I hope it makes as much sense to you as I
make to myself in my head at the moment. This, I understand, may
not be the case. If not, I'll try again tomorrow.
Jay
On Dec 15, 2007, at 5:57 PM, Ashley Pond V wrote:
Progressing… Looking at Catalyst/Plugin/Authentication/Store/DBIC/
User.pm I saw a couple of items in the authentication config I
could set. With role_relation and role_field set--
authentication:
default_realm: users
realms:
users:
credential:
class: Password
password_field: password
password_type: hashed
password_hash_type: SHA-1
store:
class: DBIx::Class
user_class: User
role_relation: user_roles
role_field: role
--I now get the roles checked but they are failing because they
are checking (returning) the role id instead of the name.
$c-user-roles returns a list of the IDs too. So, from reading this,
Catalyst::Plugin::Authentication::Store::DBIx::Class::roles()
it looks like dynamic loader schemas are incompatible right now?
I'm trying to figure this out but there is a lot of inter-related
code to read, cross-package-configuration, and documentation drift/
lag.
Throw me a bone, er, a line!
-Ashley
On Dec 15, 2007, at 10:18 AM, Ashley Pond V wrote:
Can you elaborate? map_user_role ne user_role. I have
role_rel set to the UserRole class. I tried adding user_role
but it didn't help and I don't see it anywhere in the docs.
I should rephrase, I think. Is anyone using DBIC::Schema::Loader
dynamically with role authorization? If so, please share your
configuration or advise of which FMTR.
Thanks again,
-Ashley
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/
[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
---
For most things, throwing yourself at the wall over and over is a
better way to improve than thinking hard about the wall and taking
pictures of it. -- D.Litwack
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/
[EMAIL PROTECTED]/
Dev site:
Re: [Catalyst] no role configuration found -- authorization: dbic and DBI::Schema::Loader
Hi Ashley,
The log message you see is a result of the recent move away from the
Catalyst::Plugin::Authentication namespace for stores / credentials.
It falls back to the old naming and warns if it can't find the new
module.. It should, however, have no effect on the functionality of
the code.
It's not a bad idea to update the DBIx::Class store - but be sure to
remove the Catalyst::Plugin::Authentication::Store::DBIx::Class module
first - just to avoid conflicts. Nothing has changed related to roles
in the update, so it shouldn't make any difference.
I don't know why the assert is failing, it should not - what do you
get if you use $c-check_user_roles() - valid results?
Jay
On Dec 16, 2007, at 4:27 PM, Ashley Pond V wrote:
Continuing saga. So I set up the many_to_many and lo! It worked. But
it worked with *any* role, even fake ones, so obviously something
was bad. Turned out that it was silently failing instead of throwing
an access exception (but there was a template set by the namespace
so the page rendered as expected).
# failed silently (as far as Cat was concerned)
$c-assert_user_roles(there is no role called this);
So, dug into the log:
[Sun Dec 16 16:13:20 2007] [error] [client 67.170.68.172] [warn]
Store class Catalyst::Authentication::Store::DBIx::Class not
found, trying deprecated ::Plugin:: style naming. , referer: [...]
Would love to have more, rather than fewer exceptions thrown. I
think the missing class was the cause of a couple of red herrings I
followed down the rabbit hole trying to get this running yesterday
[I'm entitled to mix metaphors, I pay an annual fee]. After I get an
admin to install the missing package in the morning I'll regale you
with my next series of missteps and annoying language.
Live free or die early, die often,
-Ashley
On Dec 15, 2007, at 9:52 PM, Jay K wrote:
Hi There Ashley,
The DBIx::Class module expects to use the relation provided in the
role_relation config element to retrieve one or more rows, which
must contain a field called by whatever you provide in role_field.
My guess is that your user_roles table is a cross-ref table -
userid and roleid essentially. In order to solve this you need to
use a many_to_many relationship mapping to the textual role names.
The DBIx::Class module expects you are going to route it to the
information it needs using the role_relation. So what you really
need to do is create the schema class and just define the many-to-
many for roles. Then provide that relation to 'role_relation' and
all your problems should go away.
It still works with dynamic schema - but you have to create the
relationship. You can do that by creating your schema module to
look something like this:
package MyApp::Schema::Users;
use strict;
use warnings;
use base 'DBIx::Class';
__PACKAGE__-load_components(PK::Auto, Core);
__PACKAGE__-has_many('roles_map', MyApp::Schema::RoleMap,
user_id');
__PACKAGE__-many_to_many( roles = 'role_map, 'role');
1;
I might have that slightly wrong - I've been moving today so I'm a
bit overtired. but basically that allows your schema to
dynamically figure itself out, but you define the relationships for
it.
For some database types, DBIx::Class can figure out your
relationships for you - but I don't think it can sort out many-to-
many's anyway.
Hope that helps. And I hope it makes as much sense to you as I
make to myself in my head at the moment. This, I understand, may
not be the case. If not, I'll try again tomorrow.
Jay
On Dec 15, 2007, at 5:57 PM, Ashley Pond V wrote:
Progressing… Looking at Catalyst/Plugin/Authentication/Store/DBIC/
User.pm I saw a couple of items in the authentication config I
could set. With role_relation and role_field set--
authentication:
default_realm: users
realms:
users:
credential:
class: Password
password_field: password
password_type: hashed
password_hash_type: SHA-1
store:
class: DBIx::Class
user_class: User
role_relation: user_roles
role_field: role
--I now get the roles checked but they are failing because they
are checking (returning) the role id instead of the name.
$c-user-roles returns a list of the IDs too. So, from reading
this,
Catalyst::Plugin::Authentication::Store::DBIx::Class::roles()
it looks like dynamic loader schemas are incompatible right now?
I'm trying to figure this out but there is a lot of inter-related
code to read, cross-package-configuration, and documentation drift/
lag.
Throw me a bone, er, a line!
-Ashley
On Dec 15, 2007, at 10:18 AM, Ashley Pond V wrote:
Can you elaborate? map_user_role ne user_role. I have
role_rel set to the UserRole class. I tried adding user_role
but it didn't help and I don't see it anywhere in the docs.
I should rephrase, I think. Is anyone using DBIC::Schema::Loader
dynamically with role authorization? If so, please share your
Re: [Catalyst] no role configuration found -- authorization: dbic and DBI::Schema::Loader
Thanks for still looking at this, Jay. This is the top of the method
with some die decoration:
Take 1:
my ( $self, $c ) = @_;
die This will die;
$c-assert_user_roles(no such role);
Take 2:
my ( $self, $c ) = @_;
$c-assert_user_roles(no such role);
die This will not fire;
I can put the assert in an eval block but $@ is not set so it doesn't
help to see what's happening. There is no information in the logs at
the point the code fails.
I guess I'll ask our admin to pull
Catalyst::Plugin::Authentication::Store::DBIx::Class, yeah?
Authentication is working fine, by the by. It's just Authorization
that's wonky right now.
Pasting my setup stuff below.
-Ashley
--
use Catalyst qw/
ConfigLoader
-Debug
Unicode
StackTrace
Static::Simple
Authentication
Authorization::Roles
Session
Session::Store::FastMmap
Session::State::Cookie
/;
...User.pm
__PACKAGE__-has_many(
user_roles,
MyApp::Schema::UserRole,
{ foreign.user = self.id },
);
# Created by DBIx::Class::Schema::Loader v0.04004 @ 2007-12-16 13:36:55
# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:qroNdEXQL4pOH80kVPQquw
__PACKAGE__-many_to_many(roles = 'user_roles', 'name');
---
yml
authentication:
default_realm: users
realms:
users:
credential:
class: Password
password_type: hashed
password_hash_type: SHA-1
store:
class: DBIx::Class
user_class: User
role_relation: roles
role_field: name
# doesn't matter whether or not the authorization stuff is there but
this is what i've played with (and *many* permutations of the arguments)
authorization:
dbic:
role_class: Role
role_field: name
user_class: User
user_field: user
user_role_user_field: user
user_role_role_field: role
role_rel: user_roles
user_role_class: UserRole
On Dec 16, 2007, at 9:20 PM, Jay K wrote:
Hi Ashley,
The log message you see is a result of the recent move away from
the Catalyst::Plugin::Authentication namespace for stores /
credentials.
It falls back to the old naming and warns if it can't find the new
module.. It should, however, have no effect on the functionality of
the code.
It's not a bad idea to update the DBIx::Class store - but be sure
to remove the Catalyst::Plugin::Authentication::Store::DBIx::Class
module first - just to avoid conflicts. Nothing has changed
related to roles in the update, so it shouldn't make any difference.
I don't know why the assert is failing, it should not - what do you
get if you use $c-check_user_roles() - valid results?
Jay
On Dec 16, 2007, at 4:27 PM, Ashley Pond V wrote:
Continuing saga. So I set up the many_to_many and lo! It worked.
But it worked with *any* role, even fake ones, so obviously
something was bad. Turned out that it was silently failing instead
of throwing an access exception (but there was a template set by
the namespace so the page rendered as expected).
# failed silently (as far as Cat was concerned)
$c-assert_user_roles(there is no role called this);
So, dug into the log:
[Sun Dec 16 16:13:20 2007] [error] [client 67.170.68.172] [warn]
Store class Catalyst::Authentication::Store::DBIx::Class not
found, trying deprecated ::Plugin:: style naming. , referer: [...]
Would love to have more, rather than fewer exceptions thrown. I
think the missing class was the cause of a couple of red herrings
I followed down the rabbit hole trying to get this running
yesterday [I'm entitled to mix metaphors, I pay an annual fee].
After I get an admin to install the missing package in the morning
I'll regale you with my next series of missteps and annoying
language.
Live free or die early, die often,
-Ashley
On Dec 15, 2007, at 9:52 PM, Jay K wrote:
Hi There Ashley,
The DBIx::Class module expects to use the relation provided in
the role_relation config element to retrieve one or more rows,
which must contain a field called by whatever you provide in
role_field.
My guess is that your user_roles table is a cross-ref table -
userid and roleid essentially. In order to solve this you need
to use a many_to_many relationship mapping to the textual role
names.
The DBIx::Class module expects you are going to route it to the
information it needs using the role_relation. So what you really
need to do is create the schema class and just define the many-to-
many for roles. Then provide that relation to 'role_relation'
and all your problems should go away.
It still works with dynamic schema - but you have to create the
relationship. You can do that by creating your schema module to
look something like this:
package MyApp::Schema::Users;
use strict;
use warnings;
use base 'DBIx::Class';
__PACKAGE__-load_components(PK::Auto, Core);
__PACKAGE__-has_many('roles_map', MyApp::Schema::RoleMap,
user_id');
__PACKAGE__-many_to_many( roles =
Re: [Catalyst] no role configuration found -- authorization: dbic and DBI::Schema::Loader
While I don't use the DBIx::Class::Loader, I did notice that since the Catalyst::Plugin::Auth refactor, that set of modules doesn't like dealing with role_id's any longer. I ended up creating a database view (and corresponding DBIC class) that spits out role names rather than role IDs, and Catalyst::Plugin::Authentication::Store::DBIx::Class liked that much better. This may not be the only way to solve it, but it worked for me. On 12/15/07, Ashley Pond V [EMAIL PROTECTED] wrote: Progressing… Looking at Catalyst/Plugin/Authentication/Store/DBIC/ User.pm I saw a couple of items in the authentication config I could set. With role_relation and role_field set-- authentication: default_realm: users realms: users: credential: class: Password password_field: password password_type: hashed password_hash_type: SHA-1 store: class: DBIx::Class user_class: User role_relation: user_roles role_field: role --I now get the roles checked but they are failing because they are checking (returning) the role id instead of the name. $c-user-roles returns a list of the IDs too. So, from reading this, Catalyst::Plugin::Authentication::Store::DBIx::Class::roles() it looks like dynamic loader schemas are incompatible right now? I'm trying to figure this out but there is a lot of inter-related code to read, cross-package-configuration, and documentation drift/lag. Throw me a bone, er, a line! -Ashley On Dec 15, 2007, at 10:18 AM, Ashley Pond V wrote: Can you elaborate? map_user_role ne user_role. I have role_rel set to the UserRole class. I tried adding user_role but it didn't help and I don't see it anywhere in the docs. I should rephrase, I think. Is anyone using DBIC::Schema::Loader dynamically with role authorization? If so, please share your configuration or advise of which FMTR. Thanks again, -Ashley ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] no role configuration found -- authorization: dbic and DBI::Schema::Loader
Hi There Ashley,
The DBIx::Class module expects to use the relation provided in the
role_relation config element to retrieve one or more rows, which must
contain a field called by whatever you provide in role_field.
My guess is that your user_roles table is a cross-ref table - userid
and roleid essentially. In order to solve this you need to use a
many_to_many relationship mapping to the textual role names.
The DBIx::Class module expects you are going to route it to the
information it needs using the role_relation. So what you really need
to do is create the schema class and just define the many-to-many for
roles. Then provide that relation to 'role_relation' and all your
problems should go away.
It still works with dynamic schema - but you have to create the
relationship. You can do that by creating your schema module to look
something like this:
package MyApp::Schema::Users;
use strict;
use warnings;
use base 'DBIx::Class';
__PACKAGE__-load_components(PK::Auto, Core);
__PACKAGE__-has_many('roles_map', MyApp::Schema::RoleMap, user_id');
__PACKAGE__-many_to_many( roles = 'role_map, 'role');
1;
I might have that slightly wrong - I've been moving today so I'm a bit
overtired. but basically that allows your schema to dynamically
figure itself out, but you define the relationships for it.
For some database types, DBIx::Class can figure out your relationships
for you - but I don't think it can sort out many-to-many's anyway.
Hope that helps. And I hope it makes as much sense to you as I make
to myself in my head at the moment. This, I understand, may not be
the case. If not, I'll try again tomorrow.
Jay
On Dec 15, 2007, at 5:57 PM, Ashley Pond V wrote:
Progressing… Looking at Catalyst/Plugin/Authentication/Store/DBIC/
User.pm I saw a couple of items in the authentication config I
could set. With role_relation and role_field set--
authentication:
default_realm: users
realms:
users:
credential:
class: Password
password_field: password
password_type: hashed
password_hash_type: SHA-1
store:
class: DBIx::Class
user_class: User
role_relation: user_roles
role_field: role
--I now get the roles checked but they are failing because they are
checking (returning) the role id instead of the name.
$c-user-roles returns a list of the IDs too. So, from reading this,
Catalyst::Plugin::Authentication::Store::DBIx::Class::roles()
it looks like dynamic loader schemas are incompatible right now? I'm
trying to figure this out but there is a lot of inter-related code
to read, cross-package-configuration, and documentation drift/lag.
Throw me a bone, er, a line!
-Ashley
On Dec 15, 2007, at 10:18 AM, Ashley Pond V wrote:
Can you elaborate? map_user_role ne user_role. I have
role_rel set to the UserRole class. I tried adding user_role
but it didn't help and I don't see it anywhere in the docs.
I should rephrase, I think. Is anyone using DBIC::Schema::Loader
dynamically with role authorization? If so, please share your
configuration or advise of which FMTR.
Thanks again,
-Ashley
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
---
For most things, throwing yourself at the wall over and over is a
better way to improve than thinking hard about the wall and taking
pictures of it. -- D.Litwack
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/
