/ 
Mojolicious-Plugin-ContextAuth-0.01
River stage zero No dependents
++
 / Mojolicious::Plugin::ContextAuth

NAME

Mojolicious::Plugin::ContextAuth - Role-based access with context

VERSION

version 0.01

SYNOPSIS

    # Mojolicious::Lite app
    app->plugin(
        'ContextAuth' => {
            dsn => 'sqlite:' . $db,
        },
    );

    # Mojolicious app in sub startup
    $self->plugin(
        'ContextAuth' => {
            dsn => 'sqlite:' . $db,
        },
    );

    # in your controller
    my $has_permission = $c->auth->has_permission(
        $session_id, 
        context    => 'project_a',
        permission => 'title.update',
    )

DESCRIPTION

This addon implements a role based authorization with contexts. There are systems where the user can have different roles in different contexts: e.g. in a company that develops software, one user can have the projectmanager role in one project, but not in an other project.

With this module it is easy to implement it. It creates the database and provides some methods to do the authentication and authorization.

DATABASE

       .---------------.         .---------------------------.              .---------------------.
       | corbac_users  |         | corbac_user_context_roles |              |   corbac_contexts   |
       |---------------|         |---------------------------|              |---------------------|
       | user_id       |<--------| user_id                   |------------->| context_id          |
       | username      |         | context_id                |              | context_name        |
       | user_password |         | role_id                   |              | context_description |
       '---------------'         '---------------------------'              '---------------------'
               ^                               ^                                       ^
               |                               |                                       |
               |                               |                                       |
               |                               |                                       |
               |                               |                                       |
   .----------------------.          .------------------.                              |
   | corbac_user_sessions |          |   corbac_roles   |                              |
   |----------------------|          |------------------|                              |
   | user_id              |          | role_id          |                              |
   | session_id           |          | role_name        |------------------------------'
   | access_tree          |          | role_description |
   | session_started      |          | context_id       |
   '----------------------'          | is_valid         |
                                     '------------------'
                                               ^
                                               |
                                  .-------------------------.
                                  | corbac_role_permissions |
                                  |-------------------------|
                  .---------------| role_id                 |------------.
                  |               | permission_id           |            |
                  |               | resource_id             |            |
                  |               '-------------------------'            |
                  |                                                      |
                  v                                                      v
     .------------------------.                              .----------------------.
     |   corbac_permissions   |                              |   corbac_resources   |
     |------------------------|                              |----------------------|
     | permission_id          |                              | resource_id          |
     | permission_name        |----------------------------->| resource_name        |
     | permission_label       |                              | resource_label       |
     | permission_description |                              | resource_description |
     | resource_id            |                              '----------------------'
     '------------------------'

Currently only SQLite is supported.

ENTITIES

We use some entities that are described in the subsequent paragraphs. But one example might describe it as well:

  Mr Johnson can update the project description in project A as he is the project manager
   ^            ^               ^                     ^                     ^
   |            |               |                     |                     |
  user        permission     resource              context                 role

User

The user of the system

Context

The context the user does an action. In a project management software this could be "system", "project a", "project b". You can define any context you want.

Role

The role an user has in the given context. A user can be the project manager in one project, but a developer in an other project.

Resource

This is any resource you have in your system. This could be "title" and "members" for a project.

Permission

Any permission is bind to a resource. You can define whatever permissions you want. For the project name this could be "update", for the project members it coule be "add", "delete", "set_role".

METHODS

register

Configuration:

HELPERS

Those helpers are defined by the plugin:

<prefix>

Returns a Mojolicious::Plugin::ContextAuth::Auth object.

<prefix>_db

Returns a Mojolicious::Plugin::ContextAuth::DB object.

AUTHOR

Renee Baecker <reneeb@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2020 by Renee Baecker.

This is free software, licensed under:

  The Artistic License 2.0 (GPL Compatible)