NAME
Mojolicious::Plugin::ContextAuth - Role-based access with context
VERSION
version 0.01
SYNOPSIS
# Mojolicious::Lite app
app->plugin(
'ContextAuth' => {
dsn => 'sqlite:' . $db,
},
);
# Mojolicious app in sub startup
$self->plugin(
'ContextAuth' => {
dsn => 'sqlite:' . $db,
},
);
# in your controller
my $has_permission = $c->auth->has_permission(
$session_id,
context => 'project_a',
permission => 'title.update',
)DESCRIPTION
This addon implements a role based authorization with contexts. There are systems where the user can have different roles in different contexts: e.g. in a company that develops software, one user can have the projectmanager role in one project, but not in an other project.
With this module it is easy to implement it. It creates the database and provides some methods to do the authentication and authorization.
DATABASE
.---------------. .---------------------------. .---------------------.
| corbac_users | | corbac_user_context_roles | | corbac_contexts |
|---------------| |---------------------------| |---------------------|
| user_id |<--------| user_id |------------->| context_id |
| username | | context_id | | context_name |
| user_password | | role_id | | context_description |
'---------------' '---------------------------' '---------------------'
^ ^ ^
| | |
| | |
| | |
| | |
.----------------------. .------------------. |
| corbac_user_sessions | | corbac_roles | |
|----------------------| |------------------| |
| user_id | | role_id | |
| session_id | | role_name |------------------------------'
| access_tree | | role_description |
| session_started | | context_id |
'----------------------' | is_valid |
'------------------'
^
|
.-------------------------.
| corbac_role_permissions |
|-------------------------|
.---------------| role_id |------------.
| | permission_id | |
| | resource_id | |
| '-------------------------' |
| |
v v
.------------------------. .----------------------.
| corbac_permissions | | corbac_resources |
|------------------------| |----------------------|
| permission_id | | resource_id |
| permission_name |----------------------------->| resource_name |
| permission_label | | resource_label |
| permission_description | | resource_description |
| resource_id | '----------------------'
'------------------------'Currently only SQLite is supported.
ENTITIES
We use some entities that are described in the subsequent paragraphs. But one example might describe it as well:
Mr Johnson can update the project description in project A as he is the project manager
^ ^ ^ ^ ^
| | | | |
user permission resource context roleUser
The user of the system
Context
The context the user does an action. In a project management software this could be "system", "project a", "project b". You can define any context you want.
Role
The role an user has in the given context. A user can be the project manager in one project, but a developer in an other project.
Resource
This is any resource you have in your system. This could be "title" and "members" for a project.
Permission
Any permission is bind to a resource. You can define whatever permissions you want. For the project name this could be "update", for the project members it coule be "add", "delete", "set_role".
METHODS
register
Configuration:
dsn
Required.
This is a dsn used for Mojo::SQLite, Mojo::mysql or Mojo::Pg.
prefix
Optional (default: 'auth').
Used to name the helpers (see below)
HELPERS
Those helpers are defined by the plugin:
<prefix>
Returns a Mojolicious::Plugin::ContextAuth::Auth object.
<prefix>_db
Returns a Mojolicious::Plugin::ContextAuth::DB object.
AUTHOR
Renee Baecker <reneeb@cpan.org>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2020 by Renee Baecker.
This is free software, licensed under:
The Artistic License 2.0 (GPL Compatible)