[dancer-users] Dancer::Plugin::Auth::Extensible - removing sub attributes - ready to try out

[David Precious]

On Tue, 18 Dec 2012 16:09:47 +0000
David Cantrell <david at cantrell.org.uk> wrote:

> On 15/12/2012 19:20, David Precious wrote:
> 
> >      get '/foo' => requires_role ['Foo','Bar'] => sub { ... };
> >
> > (requires_roles could be added as an alias, so code could read
> > better.)
> >
> > I imagine the common requirement will be to say "any of these
> > roles", not "all of these roles".  I was considering whether
> > requires_role should be for "must have this role" or "must have all
> > of these roles", and e.g. a new requires_any_role keyword would be
> > added to ensure a user had all the specified roles; I'm not sure
> > how valuable that would be, though.
> 
> You definitely need to be able to support any and all. Which is the 
> default doesn't really matter IMO.  

Indeed - the overhauled version provides require_any_role and
require_all_roles keywords.

> I suggest also letting the user 
> supply their own authentication sub so that they can implement
> exotica like "must be cleared for Case Nightmare Green and be ranked
> Major or higher".

Hmm - I could handle that with a hook that fires, and whose return
value can indicate whether the request is OK, possibly.

Or, I could add a require_custom_auth (or similarly-named) keyword
which would take a coderef which is used to decide if the route should
be allowed, so you could say e.g.:

  sub check_auth {
      my %has_role = map { $_ => 1 } user_roles();
      return ($has_role{Drinker} && !$has_role{Lightweight});
  };

  get '/shot' => require_custom_auth \&check_auth, sub { ... };


Ta for the suggestion, oh bearded one.


-- 
David Precious ("bigpresh") <davidp at preshweb.co.uk>
http://www.preshweb.co.uk/     www.preshweb.co.uk/twitter
www.preshweb.co.uk/linkedin    www.preshweb.co.uk/facebook
www.preshweb.co.uk/cpan        www.preshweb.co.uk/github