[Dancer-users] Dancer::Plugin::Auth::RBAC Application

Flavio Poletti polettix at gmail.com
Mon Apr 18 16:16:47 CEST 2011


Hi,

    no offense intended, but you seem to miss some Perl basics and I think
that this might be a major problem apart specific problems with Dancer. In
particular, you should study a bit about variable scoping and the difference
between package and lexical variables.

Returning to the topic, from what I see, the module is not supposed to
export any $auth variable; as a matter of fact, it only exposes two
functions, i.e. "auth()" and "authd()". The documentation would benefit from
some more examples (e.g. for routes different from '/login') and better
explanation (is authd() expected not to take any parameter? Can I call
auth() without parameters after the login has been done? etc. etc.), but the
bottom line is that you have to retrieve the value for $auth in each route:

    my $auth = auth($username, $password);

If you actually need to provide a $username and $password at each call for
auth() (i.e. if auth() does not save these parameters inside a session for
you, this is not clear from the documentation even though it seems to
suggest it) you can save them inside the session, e.g. when you run the
/login route:

post '/login' => sub {
    my $auth = auth(params->{username}, params->{password});
    if (! $auth->errors) {
      flash ok => 'Login ok';
      session username => params->{username};
      session password => params->{password};
      redirect '/';
    }
    else {
      flash error => 'Login Error';
      redirect '/login';
    }
};


and then use these values in other routes, e.g. when getting the root
document:

get '/' => sub {
  my $auth = auth(session('username'), session('password'));
  if $auth->asa('guest') ) {
    redirect '/login';
  }
  else {
    template 'index';
  }
};

Hope this helps,

    Flavio.



On Mon, Apr 18, 2011 at 3:47 PM, Forgoselo Fontardion
<fontardion at gmail.com>wrote:

> Hello Flavio:
>
> May be I didn't explained the problem properly. Excuseme for taking so many
> days to answer, but I've out off the office for the weekend.
>
> In my first route '/':
>
>    - The RBAC plugin doesn't export the variable $auth, so the program
>    can't access information as type of user, using the "asa" function.
>    - The error given by the perl parser when executing app.pl is: *Variable
>    "$auth" is not imported*
>    - If I add a *my $auth;* to the root of the package the error returned
>    would be: *Can't call method "asa" on an undefined value*. This is due
>    to the $auth isn't an object.
>
>
> In the second route '/logn':
> No problem arises because the $auth is declared there.
>
> In the third route '/logout':
> The same problem as in the first route.
>
>
> Best regards,
>                     Fontardion
>
>
> 2011/4/15 Flavio Poletti <polettix at gmail.com>
>
>> Please report your errors as well.
>>
>> At first glance, it seems that you're trying to use $auth as a global
>> variable, but you use "my" inside '/login' which means that inside that
>> route you're dealing with a different variable.
>>
>> Cheers,
>>
>>     Flavio.
>>
>>
>> On Thu, Apr 14, 2011 at 6:53 PM, Forgoselo Fontardion <
>> fontardion at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm startirng to create a new web application, my first dancer's one.
>>>
>>> I'm testing the RBAC plugin. I've found a problem that I can't solve.
>>> When I try to use a function to check the status of the login, in example to
>>> check if a user has admin role or to revoke its permissions. In the cases
>>> previously described I found an error, because the $auth scalar variable is
>>> only accessible to the route '/'.
>>>
>>> get '/' => sub {
>>>   if $auth->asa('guest') ) {
>>>     redirect '/login';
>>>   }
>>>   else {
>>>     template 'index';
>>>   }
>>> };
>>>
>>> post '/login' => sub {
>>>     my $auth = auth(params->{username}, params->{password});
>>>     if (! $auth->errors) {
>>>       flash ok => 'Login ok';
>>>       redirect '/';
>>>     }
>>>     else {
>>>       flash error => 'Login Error';
>>>       redirect '/login';
>>>     }
>>>
>>> };
>>>
>>> get '/logout' => sub {
>>>     $auth->revoke();
>>>     flash ok => 'Session Closed';
>>>     redirect '/';
>>> };
>>>
>>> Best regards,
>>>                         Fontardion
>>>
>>> _______________________________________________
>>> Dancer-users mailing list
>>> Dancer-users at perldancer.org
>>> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
>>>
>>>
>>
>> _______________________________________________
>> Dancer-users mailing list
>> Dancer-users at perldancer.org
>> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
>>
>>
>
> _______________________________________________
> Dancer-users mailing list
> Dancer-users at perldancer.org
> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.backup-manager.org/pipermail/dancer-users/attachments/20110418/b9d9e024/attachment.htm>


More information about the Dancer-users mailing list