pub/Impl: Lib/IMPL/Security.pm annotate

annotate Lib/IMPL/Security.pm @ 250:129e48bb5afb

DOM refactoring ObjectToDOM methods are virtual QueryToDOM uses inflators Fixed transform for the complex values in the ObjectToDOM QueryToDOM doesn't allow to use complex values (HASHes) as values for nodes (overpost problem)

author	sergey
date	Wed, 07 Nov 2012 04:17:53 +0400
parents	814d755e5d12
children	d5c8b955bf8d

rev	line source
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	1 package IMPL::Security;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	2 use strict;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	3 use Carp qw(carp);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	4
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	5 ##VERSION##
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	6
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	7 require IMPL::Exception;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	8 require IMPL::Security::Rule::RoleCheck;
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	9
247 2270de2469ff sync sergey parents: 245 diff changeset	10 use IMPL::require {
2270de2469ff sync sergey parents: 245 diff changeset	11 Principal => 'IMPL::Security::Principal',
2270de2469ff sync sergey parents: 245 diff changeset	12 AbstractContext => 'IMPL::Security::AbstractContext',
2270de2469ff sync sergey parents: 245 diff changeset	13 Context => 'IMPL::Security::Context'
2270de2469ff sync sergey parents: 245 diff changeset	14 };
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	15
247 2270de2469ff sync sergey parents: 245 diff changeset	16 our @RULES;
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	17
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	18 sub AccessCheck {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	19 my ($self, $object, $desiredAccess, $context) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	20
247 2270de2469ff sync sergey parents: 245 diff changeset	21 $context \|\|= $self->context;
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	22
247 2270de2469ff sync sergey parents: 245 diff changeset	23 $_->($self,$object,$desiredAccess,$context) or return 0 foreach @{$self->Rules};
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	24
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	25 return 1;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	26 }
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	27
66 f47f93534005 Documentation wizard parents: 51 diff changeset	28 sub Take {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	29 my ($self,$principal,$refRoles) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	30
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	31 die new IMPL::NotImplementedException();
66 f47f93534005 Documentation wizard parents: 51 diff changeset	32 }
f47f93534005 Documentation wizard parents: 51 diff changeset	33
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	34 sub MakeContext {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	35 my ($this,$principal,$refRoles,$auth) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	36
247 2270de2469ff sync sergey parents: 245 diff changeset	37 return Context->new(
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	38 principal => $principal,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	39 rolesAssigned => $refRoles,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	40 auth => $auth
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	41 );
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	42 }
2f31ecabe9ea doc wizard parents: 66 diff changeset	43
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	44 sub Rules {
247 2270de2469ff sync sergey parents: 245 diff changeset	45 return \@RULES;
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	46 }
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	47
245 7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	48 sub principal {
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	49 return
247 2270de2469ff sync sergey parents: 245 diff changeset	50 AbstractContext->current
2270de2469ff sync sergey parents: 245 diff changeset	51 && AbstractContext->current->principal
2270de2469ff sync sergey parents: 245 diff changeset	52 \|\| Principal->nobody;
245 7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	53 }
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	54
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	55 sub context {
248 814d755e5d12 Minor fixes sergey parents: 247 diff changeset	56 AbstractContext->current \|\| Context->nobody;
245 7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	57 }
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	58
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	59 1;
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	60
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	61 __END__
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	62
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	63 =pod
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	64
66 f47f93534005 Documentation wizard parents: 51 diff changeset	65 =head1 NAME
f47f93534005 Documentation wizard parents: 51 diff changeset	66
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	67 C<IMPL::Security> - Модуль для работы с функциями авторизации и аутентификации.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	68
f47f93534005 Documentation wizard parents: 51 diff changeset	69 =head1 SINOPSYS
f47f93534005 Documentation wizard parents: 51 diff changeset	70
f47f93534005 Documentation wizard parents: 51 diff changeset	71 =begin code
f47f93534005 Documentation wizard parents: 51 diff changeset	72
f47f93534005 Documentation wizard parents: 51 diff changeset	73 use IMPL::Security;
f47f93534005 Documentation wizard parents: 51 diff changeset	74
f47f93534005 Documentation wizard parents: 51 diff changeset	75 my Method {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	76 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	77
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	78 # access check in the current context, using standard configuration
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	79 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied");
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	80
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	81 #some more results
66 f47f93534005 Documentation wizard parents: 51 diff changeset	82 }
f47f93534005 Documentation wizard parents: 51 diff changeset	83
f47f93534005 Documentation wizard parents: 51 diff changeset	84 my DelegationMethod {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	85
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	86 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	87
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	88 #forced delegation
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	89 my $delegatedContext = IMPL::Security::Context->new(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	90 principal => IMPL::Security::Principal->new(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	91 name => 'suser'
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	92 ),
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	93 rolesAssigned => ['administrator']
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	94 )
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	95
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	96 my $result;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	97
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	98 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	99 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	100 });
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	101
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	102 return $result;
66 f47f93534005 Documentation wizard parents: 51 diff changeset	103 }
f47f93534005 Documentation wizard parents: 51 diff changeset	104
f47f93534005 Documentation wizard parents: 51 diff changeset	105 my SafeDelegationMethod {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	106
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	107 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	108
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	109 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' );
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	110
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	111 my $result;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	112
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	113 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	114 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	115 });
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	116
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	117 return $result;
66 f47f93534005 Documentation wizard parents: 51 diff changeset	118 }
f47f93534005 Documentation wizard parents: 51 diff changeset	119
f47f93534005 Documentation wizard parents: 51 diff changeset	120 =end code
f47f93534005 Documentation wizard parents: 51 diff changeset	121
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	122 =head1 DESCRIPTION
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	123
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	124 Модуль для инфраструктуры безопасности, реализует основные функции для авторизации
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	125 и аутентификации пользователей.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	126
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	127 Модуль аутентификации, реализиция которого зависит от приложения, аутентифицирует
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	128 пользователя, при этом создается контекст безопасности, который содержит
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	129 идентификатор пользователя и список активных ролей.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	130
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	131 При проверке прав доступа происходит последовательная проверка правил доступа,
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	132 если все правила выполнены, то доступ разрешается.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	133
66 f47f93534005 Documentation wizard parents: 51 diff changeset	134 =head1 MEMBERS
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	135
66 f47f93534005 Documentation wizard parents: 51 diff changeset	136 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	137
f47f93534005 Documentation wizard parents: 51 diff changeset	138 =item C<AccessCheck($object,$desiredAccess,$context)>
f47f93534005 Documentation wizard parents: 51 diff changeset	139
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	140 Метод. Проверка доступа к объекту с определенными правами, в определенном контексте безопасности.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	141
f47f93534005 Documentation wizard parents: 51 diff changeset	142 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	143
f47f93534005 Documentation wizard parents: 51 diff changeset	144 =item C<$object>
f47f93534005 Documentation wizard parents: 51 diff changeset	145
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	146 Объект доступа.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	147
f47f93534005 Documentation wizard parents: 51 diff changeset	148 =item C<$desiredAccess>
f47f93534005 Documentation wizard parents: 51 diff changeset	149
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	150 Требуемые права доступа.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	151
f47f93534005 Documentation wizard parents: 51 diff changeset	152 =item C<$context>
f47f93534005 Documentation wizard parents: 51 diff changeset	153
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	154 Контекст безопасности, если не указан, то используется текущий C<< IMPL::Security::Context->contextCurrent >>
66 f47f93534005 Documentation wizard parents: 51 diff changeset	155
f47f93534005 Documentation wizard parents: 51 diff changeset	156 =item C<returns>
f47f93534005 Documentation wizard parents: 51 diff changeset	157
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	158 C<true \| false> - результат проверки
66 f47f93534005 Documentation wizard parents: 51 diff changeset	159
f47f93534005 Documentation wizard parents: 51 diff changeset	160 =back
f47f93534005 Documentation wizard parents: 51 diff changeset	161
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	162 =item C<MakeContext($principal,$role,$auth)>
2f31ecabe9ea doc wizard parents: 66 diff changeset	163
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	164 Создает контекст безопасности, инициализируя его передданными параметрами.
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	165
2f31ecabe9ea doc wizard parents: 66 diff changeset	166 =over
2f31ecabe9ea doc wizard parents: 66 diff changeset	167
2f31ecabe9ea doc wizard parents: 66 diff changeset	168 =item C<$principal>
2f31ecabe9ea doc wizard parents: 66 diff changeset	169
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	170 Объект пользователя
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	171
2f31ecabe9ea doc wizard parents: 66 diff changeset	172 =item C<$role>
2f31ecabe9ea doc wizard parents: 66 diff changeset	173
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	174 Роль или ссылка на массив ролей
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	175
2f31ecabe9ea doc wizard parents: 66 diff changeset	176 =item C<$auth>
2f31ecabe9ea doc wizard parents: 66 diff changeset	177
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	178 Объект аутентификации
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	179
2f31ecabe9ea doc wizard parents: 66 diff changeset	180 =back
2f31ecabe9ea doc wizard parents: 66 diff changeset	181
66 f47f93534005 Documentation wizard parents: 51 diff changeset	182 =item C<Take($principal,$role)>
f47f93534005 Documentation wizard parents: 51 diff changeset	183
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	184 Метод. Делегирует текущему пользователю полномочия другого пользователя. При этом выполняется проверка
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	185 правомерности такой операции. В случае неудачи вызывается исключение.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	186
f47f93534005 Documentation wizard parents: 51 diff changeset	187 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	188
f47f93534005 Documentation wizard parents: 51 diff changeset	189 =item C<$principal>
f47f93534005 Documentation wizard parents: 51 diff changeset	190
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	191 Либо имя пользователя либо объект C<IMPL::Security::Principal>.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	192
f47f93534005 Documentation wizard parents: 51 diff changeset	193 =item C<$role>
f47f93534005 Documentation wizard parents: 51 diff changeset	194
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	195 Либо имя либо ссылка на роль, или ссылка на массив либо имен, либо ролей.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	196
f47f93534005 Documentation wizard parents: 51 diff changeset	197 =item C<returns>
f47f93534005 Documentation wizard parents: 51 diff changeset	198
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	199 Новый контекст безопасности.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	200
f47f93534005 Documentation wizard parents: 51 diff changeset	201 =back
f47f93534005 Documentation wizard parents: 51 diff changeset	202
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	203 =item C<Rules()>
66 f47f93534005 Documentation wizard parents: 51 diff changeset	204
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	205 Возвращает список правил которые выполняются при проверках доступа. Пререопределите этот
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	206 метод, чтобы возвращать собственный список правил. Список правил является ссылкой на массив
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	207 элементами которого являются функции.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	208
f47f93534005 Documentation wizard parents: 51 diff changeset	209 =begin code
f47f93534005 Documentation wizard parents: 51 diff changeset	210
f47f93534005 Documentation wizard parents: 51 diff changeset	211 package MySecurity;
f47f93534005 Documentation wizard parents: 51 diff changeset	212
166 4267a2ac3d46 Added Class::Template, wizard parents: 95 diff changeset	213 use parent qw(IMPL::Security);
66 f47f93534005 Documentation wizard parents: 51 diff changeset	214
f47f93534005 Documentation wizard parents: 51 diff changeset	215 sub Rules {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	216 return [
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	217 \&Rule1,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	218 \&Rule2,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	219 #...
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	220 ]
66 f47f93534005 Documentation wizard parents: 51 diff changeset	221 }
f47f93534005 Documentation wizard parents: 51 diff changeset	222
f47f93534005 Documentation wizard parents: 51 diff changeset	223 =end code
f47f93534005 Documentation wizard parents: 51 diff changeset	224
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	225 =item C<[static,get] authority>
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	226
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	227 Метод, позволяющий получить текущий источник системы безопасности. Источник безопасности, это модуль,
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	228 который получает входные данные и использует их для работы системы безопасности.
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	229
66 f47f93534005 Documentation wizard parents: 51 diff changeset	230 =back
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	231
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	232 =cut

Mercurial > pub > Impl

annotate Lib/IMPL/Security.pm @ 250:129e48bb5afb