annotate lib/IMPL/Security/AbstractContext.pm @ 420:df591e3afd10 ref20150831

sync
author cin
date Sat, 25 Feb 2017 22:35:26 +0300
parents c6e90e02dd17
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
407
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
1 package IMPL::Security::AbstractContext;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
2 use strict;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
3 use warnings;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
4
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
5 use IMPL::Const qw(:prop);
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
6
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
7 use IMPL::require {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
8 Role => 'IMPL::Security::Role',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
9 Principal => 'IMPL::Security::Principal',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
10 Exception => 'IMPL::Exception',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
11 NotImplementedException => '-IMPL::NotImplementedException'
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
12 };
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
13
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
14 use parent qw(IMPL::Class::Meta);
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
15
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
16 __PACKAGE__->static_accessor_clone(abstractProps => [
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
17 principal => PROP_RW,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
18 rolesAssigned => PROP_RW | PROP_LIST,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
19 auth => PROP_RW,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
20 authority => PROP_RW
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
21 ]);
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
22
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
23 my $current; # current session if any
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
24
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
25 sub Impersonate {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
26 my ($this,$code,@args) = @_;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
27
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
28 my $old = $current;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
29 $current = $this;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
30 my $result;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
31 my $e;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
32
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
33 {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
34 local $@;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
35 eval {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
36 $result = $code->(@args);
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
37 };
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
38 $e = $@;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
39 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
40 $current = $old;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
41 if($e) {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
42 die $e;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
43 } else {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
44 return $result;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
45 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
46 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
47
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
48 sub Apply {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
49 my ($this) = @_;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
50
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
51 $current = $this;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
52 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
53
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
54 sub isTrusted {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
55 my ($this) = @_;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
56
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
57 if (my $auth = $this->auth) {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
58 return $auth->isTrusted;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
59 } else {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
60 return 0;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
61 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
62 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
63
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
64 sub isNobody {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
65 return (shift->principal == Principal->nobody ? 1 : 0);
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
66 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
67
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
68 sub Satisfy {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
69 my ($this,@roles) = @_;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
70
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
71 my $roleEffective = Role->new ( _effective => scalar $this->rolesAssigned );
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
72
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
73 return $roleEffective->Satisfy(@roles);
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
74 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
75
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
76 sub current {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
77 $current;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
78 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
79
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
80 1;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
81
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
82 __END__
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
83
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
84 =pod
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
85
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
86 =head1 NAME
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
87
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
88 C<abstract IMPL::Security::Context> - контекст безопасности.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
89
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
90 =head1 SINOPSYS
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
91
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
92 =begin code
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
93
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
94 package MyApp::Model::Session;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
95 use strict;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
96
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
97 use IMPL::delare {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
98 base => [
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
99 'MyApp::Model::BaseDBO' => '@_',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
100 'IMPL::Security::AbstractContext' => undef
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
101 ],
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
102 props {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
103 IMPL::Security::AbstractContext->abstractProps,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
104 qouta => PROP_GET
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
105 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
106 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
107
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
108 package main;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
109
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
110 $app->model->GetSession('546a54df4')->Impersonate(sub{
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
111 # do something
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
112 });
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
113
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
114 =end code
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
115
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
116 =head1 DESCRIPTION
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
117
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
118 Код приложения, которое выполняется
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
119
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
120 Являет собой контекст безопасности, описывает пользователя и привелегии, так же
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
121 у программы есть текущий контекст безопасности, по умолчанию он C<nobody>.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
122
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
123 =head1 MEMBERS
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
124
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
125 =head2 C<[get] principal>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
126
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
127 Идентификатор пользователя, владельца контекста.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
128
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
129 =head2 C<[get,set] rolesAssigned>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
130
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
131 Явно назначенные роли. Если список пуст, то считается, что используются роли
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
132 пользователя по-умолчанию.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
133
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
134 =head2 C<[get] auth>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
135
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
136 Объект асторизации C<IMPL::Security::Auth>, использованный при создании текущего контекста.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
137
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
138 =head2 C<[get] authority>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
139
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
140 Модуль безопасности, породивший данный контекст. Модуль безопасности, отвечающий
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
141 за создание контекста безопасности должен реализовывать метод
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
142 C<CreateContext($user,$auth,$roles)>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
143
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
144 =head2 C<[get] isTrusted>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
145
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
146 Возвращает значение является ли контекст доверенным, тоесть клиент
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
147 аутентифицирован и сессия установлена. Если C<false> значит, что сессия была
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
148 начата, однако не установлена до конца.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
149
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
150 =head2 C<Impersonate($code)>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
151
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
152 Делает контекст текущим и выполняет в нем функцию по ссылке C<$code>. По окончании
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
153 выполнения, контекст восстанавливается в предыдущий (не зависимо от того, что
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
154 с ним происходило во время выполнения C<$code>).
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
155
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
156 =head2 C<Apply()>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
157
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
158 Заменяет текущий контекст на себя, но до конца действия метода C<Impersonate>, если
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
159 таковой был вызван.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
160
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
161 =head2 C<Satisfy(@roles)>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
162
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
163 Проверяет наличие необходимых ролей у контекста. Данный метод позволяет
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
164 абстрагироваться от механизмов связи контекста и ролей. Возвращает истинное
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
165 значение если список необходимых ролей у пользователя имеется.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
166
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
167 =cut