NAME

SweetPea::Application::Rbac - Role-Based Access Control for SweetPea-Application.

SYNOPSIS

    # Based on a common example
    permissions.yml
    ---
    roles:
      administrator:
        permissions:
          manage accounts:
            operations:
              create account
              update account
              delete account
      manager:
        permissions:
          manager accounts:
            operations:
              create account
      guests:
        permissions:
    
    ... from inside SweetPea::Application or a Controller;
    
    # verify user access
    $s->rbac->authorize($login, $password);
    
    # change user
    $s->rbac->subject($user_id);
    
    # verify target user has permission to perform "create account" operation
    $s->rbac->subject($user_id)->can('/manage accounts/create account');
    
    # change user to default set by authenticate method
    $s->rbac->subject;
    
    # verify has the following role
    $s->rbac->role('administrator');
    $s->rbac->role('guests');
    
    $s->rbac->can('/manage accounts/delete account');

METHODS

new

    The new method instantiates a new SweetPea::Application::Rbac object
    which uses Yaml (via SweetPea::Application::Config) to provide methods
    for retrieving authenticating and verifying system access permissions.
    
    $s->plug( 'rbac', sub { return SweetPea::Application::Rbac->new($s); });

authorize

    The authorize method check whether the login and password passed to it
    belong to an active system user, if not report the error.
    
    $s->rbac->authorize($login, $password);

authorized

    The authorized method check whether a user has been authenticated.
    
    if $s->rbac->authorized;

unauthorize

    The unauthorize method revokes the currently authenticated users
    authentication status. (Kinda like a logout function)

override

    The override method re-authenticates as another system user while retaining
    the originally logged in user's credentials. Thie method is useful for
    applications that need to provide a means to temporarily switch accounts.
    
    $s->rbac->override($login, $password);
    
    # change back to the original user
    $s->rbac->override;

subject

    The subject method specifies the user account permissions will be validated
    against using the user id pass to it, if called with no parameters the
    authenticated user's account will be used.
    
    $s->rbac->subject($user_id);
    $s->rbac->subject;

role

    The role method verifies whether the subject (target user) has the role
    specified.
    
    if $s->rbac->role('administrator');

can

    The "can" method verifies whether the subject (target user) has a specific
    permission or has permission to perform a specific action.
    
    # check if subject (target user) has permission generally
    if $s->rbac->can('/manage accounts');
    
    # check if subject (target user) has permission to perform a specific operation
    if $s->rbac->can('/manage accounts/create account');

AUTHOR

Al Newkirk, <al.newkirk at awnstudio.com>

To install SweetPea::Application, copy and paste the appropriate command in to your terminal.

cpanm

cpanm SweetPea::Application

CPAN shell

perl -MCPAN -e shell
install SweetPea::Application

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)