[cgiapp] CAP::Authorization, CAP::AutoRunmode & CA::Dispatch
P Kishor
punk.kish at gmail.com
Wed Aug 12 10:55:25 EDT 2009
On Tue, Aug 11, 2009 at 4:52 AM, Richard Jones<ra.jones at dpw.clara.co.uk> wrote:
> Am having some difficulty with the FORBIDDEN_RUNMODE param when using
> CAP::Authorization with CA::Dispatch. All my application classes inherit
> from a base class where I have defined the 'forbidden' runmode (using
> AutoRunmode syntax). But declaring FORBIDDEN_RUNMODE => 'forbidden' in
> authz->config() means that for some reason the classes loaded by
> CA::Dispatch - which all 'use base MyApp::Base' - can't find the forbidden()
> rm so return my error page instead.
This sounds conceptually similar to the problem I seem to be having
with C::A::P::Routes.
The nut of the problem is that you set up something in your base
class, and that is not respected in the class that inherits from the
base class.
I have been experimenting with my home grown authentication module. I
have the following in my base class
package MyAuthen;
sub setup {
my $self = shift;
..
$self->param(protected_runmodes => [qw(prefs update nuke admin logout)]);
}
sub cgiapp_prerun {
my $self = shift;
my $protected_runmodes = $self->param('protected_runmodes');
foreach my $rm (@$protected_runmodes) {
if ($self->prerun_mode() eq $rm) {
unless ($self->session->param('is_logged_in')) {
$self->prerun_mode('login');
}
last;
}
}
}
and then, in the class that inherits I have
use base 'MyAuthen';
sub setup {
my $self = shift;
$self->SUPER::setup();
$self->param(protected_runmodes => [qw(view)]);
}
I am expecting the 'view' would be added to the list of
'protected_runmodes' inherited from MyAuthen, but that is not the
case.
>
> So I looked at the documentation and found the CALLBACKS section, and
> wondered what would happen if I defined the authz_forbidden runmode in
> cgiapp_prerun() instead of using FORBIDDEN_RUNMODE in the config:
>
> $self->run_modes( authz_forbidden => 'forbidden' );
>
> and this actually works, even though I'm using a version 4.xx
> CGI::Application - I get my forbidden() output rather than the error page.
> But is this the right way to use CAP::Authorization in this
> situation? Should I expect CAP::Auth to work out-of-the-box with
> CA::Dispatch?
> --
> Richard Jones
>
--
Puneet Kishor http://www.punkish.org
Carbon Model http://carbonmodel.org
Charter Member, Open Source Geospatial Foundation http://www.osgeo.org
Science Commons Fellow, http://sciencecommons.org/about/whoweare/kishor
Nelson Institute, UW-Madison http://www.nelson.wisc.edu
-----------------------------------------------------------------------
Assertions are politics; backing up assertions with evidence is science
=======================================================================
More information about the cgiapp
mailing list