[cgiapp] help with CAP::Authentication
P Kishor
punk.kish at gmail.com
Sun Aug 2 11:49:23 EDT 2009
I am trying to implement *and* understand CAP::Authentication. My
questions are --
1. How do I set (or unset) a bunch of session variables upon
successful login or on logout?
For example, right now I am using a POST_LOGIN_CALLBACK to set an
'is_admin' bit like so
$self->authen->config(
..
POST_LOGIN_CALLBACK => \&account_update_session,
);
sub account_update_session {
my $self = shift;
if ($self->authen->is_authenticated) {
$self->session->param('is_admin', 0);
my $dbh = $self->dbh;
my $sth = $dbh->prepare(qq{
SELECT u.group_id
FROM users u JOIN groups g ON u.group_id = g.group_id
WHERE u.username = ?
});
$sth->execute($self->authen->username);
my ($group_id) = $sth->fetchrow_array;
if ($group_id == 1) {
$self->session->param('is_admin', 1);
}
}
}
The above works, but is it the right way to accomplish this? The
'is_admin' bit is just one session var. I will likely have a few other
session vars to set and unset.
2. Once I have set 'is_admin', how do I protected some of the modes much like
$self->authen->protected_runmodes(
'view',
'account_prefs',
'account_update',
'account_admin'
);
I would like to create something like so, logically speaking
$self->authen->even_more_protected_runmodes(
'account_admin'
);
--
Puneet Kishor
More information about the cgiapp
mailing list