Apache2::AuthzCaps - mod_perl2 capability authorization
use Apache2::AuthzCaps qw/setcap hascaps/; $Apache2::AuthzCaps::rootdir = "/path/to/user/directory" setcap marius => deleteusers => 1; # Grant marius the deleteusers capability setcap marius => createusers => 0; hascaps marius => qw/deleteusers/; # returns 1, since marius can delete users hascaps marius => qw/deleteusers createusers/; # returns 0, since marius can delete users but cannot create users # In Apache2 config <Location /protected> # Insert authentication here PerlAuthzHandler Apache2::AuthzCaps PerlSetVar AuthzCapsRootdir /path/to/user/directory Require cap staff important Require cap admin </Location> # This will: # 1) Let important staff members access /protected # 2) Let admins access /protected # 3) Not let anyone else (such as an important non-staff member or an non-important staff member) access /protected
Apache2::AuthzCaps is a perl module which provides simple Apache2 capability-based authorization. It contains a PerlAuthzHandler and some utility functions.
For Apache 2.4, use Apache2_4::AuthzCaps.
The user data is stored in YAML files in a user-set directory. Set this directory using:
$Apache2::AuthzCaps::rootdir = "/path/to/directory"; # From perl PerlSetVar AuthzCapsRootdir /path/to/directory # From Apache2 config
- setcap($username, $capability, $value)
If $value is true, grants $username the $capability capability. Otherwise denies $username that capability.
- hascaps($username, $cap, ...)
Returns true if and only of $username has ALL of the listed capabilities. Dies if $username does not exist.
The PerlAuthzHandler for use in apache2.
Marius Gavrilescu, <email@example.com>
COPYRIGHT AND LICENSE
Copyright (C) 2013-2015 by Marius Gavrilescu
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.14.2 or, at your option, any later version of Perl 5 you may have available.