Mojolicious::Plugin::ContextAuth - Role-based access with context
version 0.01
# Mojolicious::Lite app app->plugin( 'ContextAuth' => { dsn => 'sqlite:' . $db, }, ); # Mojolicious app in sub startup $self->plugin( 'ContextAuth' => { dsn => 'sqlite:' . $db, }, ); # in your controller my $has_permission = $c->auth->has_permission( $session_id, context => 'project_a', permission => 'title.update', )
This addon implements a role based authorization with contexts. There are systems where the user can have different roles in different contexts: e.g. in a company that develops software, one user can have the projectmanager role in one project, but not in an other project.
With this module it is easy to implement it. It creates the database and provides some methods to do the authentication and authorization.
.---------------. .---------------------------. .---------------------. | corbac_users | | corbac_user_context_roles | | corbac_contexts | |---------------| |---------------------------| |---------------------| | user_id |<--------| user_id |------------->| context_id | | username | | context_id | | context_name | | user_password | | role_id | | context_description | '---------------' '---------------------------' '---------------------' ^ ^ ^ | | | | | | | | | | | | .----------------------. .------------------. | | corbac_user_sessions | | corbac_roles | | |----------------------| |------------------| | | user_id | | role_id | | | session_id | | role_name |------------------------------' | access_tree | | role_description | | session_started | | context_id | '----------------------' | is_valid | '------------------' ^ | .-------------------------. | corbac_role_permissions | |-------------------------| .---------------| role_id |------------. | | permission_id | | | | resource_id | | | '-------------------------' | | | v v .------------------------. .----------------------. | corbac_permissions | | corbac_resources | |------------------------| |----------------------| | permission_id | | resource_id | | permission_name |----------------------------->| resource_name | | permission_label | | resource_label | | permission_description | | resource_description | | resource_id | '----------------------' '------------------------'
Currently only SQLite is supported.
We use some entities that are described in the subsequent paragraphs. But one example might describe it as well:
Mr Johnson can update the project description in project A as he is the project manager ^ ^ ^ ^ ^ | | | | | user permission resource context role
The user of the system
The context the user does an action. In a project management software this could be "system", "project a", "project b". You can define any context you want.
The role an user has in the given context. A user can be the project manager in one project, but a developer in an other project.
This is any resource you have in your system. This could be "title" and "members" for a project.
Any permission is bind to a resource. You can define whatever permissions you want. For the project name this could be "update", for the project members it coule be "add", "delete", "set_role".
Configuration:
dsn
Required.
This is a dsn used for Mojo::SQLite, Mojo::mysql or Mojo::Pg.
prefix
Optional (default: 'auth').
Used to name the helpers (see below)
Those helpers are defined by the plugin:
Returns a Mojolicious::Plugin::ContextAuth::Auth object.
Returns a Mojolicious::Plugin::ContextAuth::DB object.
Renee Baecker <reneeb@cpan.org>
This software is Copyright (c) 2020 by Renee Baecker.
This is free software, licensed under:
The Artistic License 2.0 (GPL Compatible)
To install Mojolicious::Plugin::ContextAuth, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Mojolicious::Plugin::ContextAuth
CPAN shell
perl -MCPAN -e shell install Mojolicious::Plugin::ContextAuth
For more information on module installation, please visit the detailed CPAN module installation guide.