NAME

Dancer::Plugin::Auth::RBAC - Dancer Authentication, Security and Role-Based Access Control Framework!

VERSION

version 1.110720

SYNOPSIS

    post '/login' => sub {
        
        my $auth = auth(params->{user}, params->{pass});
        if (! $auth->errors) {
        
            if ($auth->asa('guest')) {
                ...
            }
            
            if ($auth->can('manage_accounts', 'create')) {
                ...
            }
            
        }
        else {
            print $auth->errors;
        }
    
    };

Note! The authentication framework relies heavily on your choosen session engine, please remember to set that appropiately in your application configuration file.

DESCRIPTION

Dancer::Plugin::Auth::RBAC is an authentication framework and role-based access control system. As a role-based access control system Dancer::Plugin::Auth::RBAC can be complex but will give you the most flexibilty over all other access control philosophies.

The Dancer::Plugin::Auth::RBAC plugin provides your application with the ability to easily authenticate and restrict access to specific users and groups by providing a tried and tested RBAC (role-based access control) system. Dancer::Plugin::Auth::RBAC provides this level of sophistication with minimal configuration.

Dancer::Plugin::Auth::RBAC exports the auth() and authd() keywords:

    $auth = auth($login, $pass)     # new authorization instance
    $auth->asa($role)               # check if the authenticated user has the specified role
    $auth->can($operation)          # check if the authenticated user has permission
    $auth->can($operation, $action) # to perform a specific action
    $auth->roles(@roles)            # get or set roles for the current logged in user
    $auth->errors()                 # authentication errors if any
    $auth->revoke()                 # revoke authorization (logout)
    
    return authd()                  # is the current user authorized?

The Dancer::Plugin::Auth::RBAC authentication framework relies on the Dancer::Plugin::Auth::RBAC::Credentials namespace to do the actual authentication, and likewise relies on the Dancer::Plugin::Auth::RBAC::Permissions namespace to handle access control. The following configuration example is based on Dancer::Plugin::Auth::RBAC::Credentials::Config and Dancer::Plugin::Auth::RBAC::Permissions::Config. This framework also ship with Dancer::Plugin::Auth::RBAC::Credentials::SQLite, Dancer::Plugin::Auth::RBAC::Credentials::MySQL, Dancer::Plugin::Auth::RBAC::Credentials::PostrgeSQL which are arguably easier to setup and utilize.

CONFIGURATION

    plugins:
      Auth::RBAC:
        credentials:
          class: Config
          options:
            accounts:
              user01:
                password: foobar
                roles:
                  - guest
                  - user
              user02:
                password: barbaz
                roles:
                  - admin
        permissions:
          class: Config
          options:
            control:
              admin:
                permissions:
                  manage accounts:
                    operations:
                      - view
                      - create
                      - update
                      - delete
              user:
                permissions:
                  manage accounts:
                    operations:
                      - view
                      - create
              guests:
                permissions:
                  manage accounts:
                    operations:
                      - view

AUTHOR

  Al Newkirk <awncorp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2010 by awncorp.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.