Mercurial > pub > Impl
comparison Lib/IMPL/Security.pm @ 194:4d0e1962161c
Replaced tabs with spaces
IMPL::Web::View - fixed document model, new features (control classes, document constructor parameters)
| author | cin |
|---|---|
| date | Tue, 10 Apr 2012 20:08:29 +0400 |
| parents | d1676be8afcc |
| children | 6d8092d8ce1b |
comparison
equal
deleted
inserted
replaced
| 193:8e8401c0aea4 | 194:4d0e1962161c |
|---|---|
| 1 package IMPL::Security; | 1 package IMPL::Security; |
| 2 require IMPL::Security::Context; | 2 require IMPL::Security::Context; |
| 3 require IMPL::Security::Rule::RoleCheck; | 3 require IMPL::Security::Rule::RoleCheck; |
| 4 | 4 |
| 5 our @rules = ( | 5 our @rules = ( |
| 6 \&IMPL::Security::Rule::RoleCheck::SatisfyAll | 6 \&IMPL::Security::Rule::RoleCheck::SatisfyAll |
| 7 ); | 7 ); |
| 8 | 8 |
| 9 our $authority = undef; | 9 our $authority = undef; |
| 10 | 10 |
| 11 sub AccessCheck { | 11 sub AccessCheck { |
| 12 my ($self, $object, $desiredAccess, $context) = @_; | 12 my ($self, $object, $desiredAccess, $context) = @_; |
| 13 | 13 |
| 14 $context ||= IMPL::Security::Context->contextCurrent; | 14 $context ||= IMPL::Security::Context->contextCurrent; |
| 15 | 15 |
| 16 $_->() or return 0 foreach @{$self->Rules}; | 16 $_->() or return 0 foreach @{$self->Rules}; |
| 17 | 17 |
| 18 return 1; | 18 return 1; |
| 19 } | 19 } |
| 20 | 20 |
| 21 sub Take { | 21 sub Take { |
| 22 my ($self,$principal,$refRoles) = @_; | 22 my ($self,$principal,$refRoles) = @_; |
| 23 | 23 |
| 24 die new IMPL::NotImplementedException(); | 24 die new IMPL::NotImplementedException(); |
| 25 } | 25 } |
| 26 | 26 |
| 27 sub MakeContext { | 27 sub MakeContext { |
| 28 my ($this,$principal,$refRoles,$auth) = @_; | 28 my ($this,$principal,$refRoles,$auth) = @_; |
| 29 | 29 |
| 30 return new IMPL::Security::Context( | 30 return new IMPL::Security::Context( |
| 31 principal => $principal, | 31 principal => $principal, |
| 32 rolesAssigned => $refRoles, | 32 rolesAssigned => $refRoles, |
| 33 auth => $auth | 33 auth => $auth |
| 34 ); | 34 ); |
| 35 } | 35 } |
| 36 | 36 |
| 37 sub Rules { | 37 sub Rules { |
| 38 return \@rules; | 38 return \@rules; |
| 39 } | 39 } |
| 40 | 40 |
| 41 sub authority { | 41 sub authority { |
| 42 return $authority; | 42 return $authority; |
| 43 } | 43 } |
| 44 | 44 |
| 45 1; | 45 1; |
| 46 | 46 |
| 47 __END__ | 47 __END__ |
| 57 =begin code | 57 =begin code |
| 58 | 58 |
| 59 use IMPL::Security; | 59 use IMPL::Security; |
| 60 | 60 |
| 61 my Method { | 61 my Method { |
| 62 my $this = shift; | 62 my $this = shift; |
| 63 | 63 |
| 64 # access check in the current context, using standard configuration | 64 # access check in the current context, using standard configuration |
| 65 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied"); | 65 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied"); |
| 66 | 66 |
| 67 #some more results | 67 #some more results |
| 68 } | 68 } |
| 69 | 69 |
| 70 my DelegationMethod { | 70 my DelegationMethod { |
| 71 | 71 |
| 72 my $this = shift; | 72 my $this = shift; |
| 73 | 73 |
| 74 #forced delegation | 74 #forced delegation |
| 75 my $delegatedContext = IMPL::Security::Context->new( | 75 my $delegatedContext = IMPL::Security::Context->new( |
| 76 principal => IMPL::Security::Principal->new( | 76 principal => IMPL::Security::Principal->new( |
| 77 name => 'suser' | 77 name => 'suser' |
| 78 ), | 78 ), |
| 79 rolesAssigned => ['administrator'] | 79 rolesAssigned => ['administrator'] |
| 80 ) | 80 ) |
| 81 | 81 |
| 82 my $result; | 82 my $result; |
| 83 | 83 |
| 84 $delegatedContext->Impersonate(sub{ | 84 $delegatedContext->Impersonate(sub{ |
| 85 $result = $this->Method(); | 85 $result = $this->Method(); |
| 86 }); | 86 }); |
| 87 | 87 |
| 88 return $result; | 88 return $result; |
| 89 } | 89 } |
| 90 | 90 |
| 91 my SafeDelegationMethod { | 91 my SafeDelegationMethod { |
| 92 | 92 |
| 93 my $this = shift; | 93 my $this = shift; |
| 94 | 94 |
| 95 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' ); | 95 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' ); |
| 96 | 96 |
| 97 my $result; | 97 my $result; |
| 98 | 98 |
| 99 $delegatedContext->Impersonate(sub{ | 99 $delegatedContext->Impersonate(sub{ |
| 100 $result = $this->Method(); | 100 $result = $this->Method(); |
| 101 }); | 101 }); |
| 102 | 102 |
| 103 return $result; | 103 return $result; |
| 104 } | 104 } |
| 105 | 105 |
| 106 =end code | 106 =end code |
| 107 | 107 |
| 108 =head1 DESCRIPTION | 108 =head1 DESCRIPTION |
| 197 package MySecurity; | 197 package MySecurity; |
| 198 | 198 |
| 199 use parent qw(IMPL::Security); | 199 use parent qw(IMPL::Security); |
| 200 | 200 |
| 201 sub Rules { | 201 sub Rules { |
| 202 return [ | 202 return [ |
| 203 \&Rule1, | 203 \&Rule1, |
| 204 \&Rule2, | 204 \&Rule2, |
| 205 #... | 205 #... |
| 206 ] | 206 ] |
| 207 } | 207 } |
| 208 | 208 |
| 209 =end code | 209 =end code |
| 210 | 210 |
| 211 =item C<[static,get] authority> | 211 =item C<[static,get] authority> |