[cgiapp] help with CAP::Authentication

Alex capfan at gmx.de
Sun Aug 2 12:15:17 EDT 2009 

Hi!

Understanding CAP::Auth could take a while :)

For your "even_more_protected" protection, you might want to use
CGI::Application::Plugin::Authorization. There, you can defined roles and
privileges for users / user groups / whatever you want.

A simple way would be to use two usergroups: users and admins.
Your usual protected stuff would be accessible by the user group and the
other more picky stuff will require the admin group. Finally, you assign a
user group to each user and you're done.

HTH, Alex

-----Original Message-----
From: cgiapp-bounces at lists.openlib.org
[mailto:cgiapp-bounces at lists.openlib.org] On Behalf Of P Kishor
Sent: Sonntag, 2. August 2009 17:49
To: CGI Application
Subject: [cgiapp] help with CAP::Authentication

I am trying to implement *and* understand CAP::Authentication. My questions
are --

1. How do I set (or unset) a bunch of session variables upon successful
login or on logout?

For example, right now I am using a POST_LOGIN_CALLBACK to set an 'is_admin'
bit like so

    $self->authen->config(
        ..
        POST_LOGIN_CALLBACK => \&account_update_session,
    );

    sub account_update_session {
        my $self = shift;

        if ($self->authen->is_authenticated) {
            $self->session->param('is_admin', 0);

            my $dbh = $self->dbh;

            my $sth = $dbh->prepare(qq{
                SELECT u.group_id
                FROM users u JOIN groups g ON u.group_id = g.group_id
                WHERE u.username = ?
            });

            $sth->execute($self->authen->username);
            my ($group_id) = $sth->fetchrow_array;

            if ($group_id == 1) {
                $self->session->param('is_admin', 1);
            }
        }

    }

The above works, but is it the right way to accomplish this? The 'is_admin'
bit is just one session var. I will likely have a few other session vars to
set and unset.


2. Once I have set 'is_admin', how do I protected some of the modes much
like

	$self->authen->protected_runmodes(
        'view',
        'account_prefs',
        'account_update',
        'account_admin'
    );

I would like to create something like so, logically speaking

	$self->authen->even_more_protected_runmodes(
        'account_admin'
    );

--
Puneet Kishor

#####  CGI::Application community mailing list  ################
##                                                            ##
##  To unsubscribe, or change your message delivery options,  ##
##  visit:  http://lists.openlib.org/mailman/listinfo/cgiapp    ##
##                                                            ##
##  Web archive:   http://lists.openlib.org/pipermail/cgiapp/   ##
##  Wiki:          http://cgiapp.erlbaum.net/                 ##
##                                                            ##
################################################################
Eingehende eMail ist virenfrei.
Von AVG überprüft - www.avg.de
Version: 8.5.392 / Virendatenbank: 270.13.41/2277 - Ausgabedatum: 08/02/09
05:56:00

More information about the cgiapp mailing list