Provided by: libjifty-perl_1.10518+dfsg-3ubuntu1_all
NAME
Jifty::Manual::AccessControl_zhtw - XX Jifty XXX ACL XX
DESCRIPTION
X Jifty XXXXXXXXXXXXXXXX (ACL) XXXXXXXXXXXXX "current_user_can" XXXXXXXXXXXXXXXXXXXXXXXX Jifty::Record XXXXXXXXX ( ACL )X XXXXXXXXX CRUD XXXXXXXXXXXXXXXX "current_user" XXX X "create()" XXXXX "current_user_can('create')" XX false XXXXXXXX X "_value()" X "somefieldname" XXX XX "current_user_can('read')" XX false XXXXXXXX X "_set()" X "set_somefieldname" XXXXX "current_user_can('read')" XX false XXXXXXXX X "delete()" XXXXX "current_user_can('read')" XX false XXXXXXXX XXXXXXXXX "current_user_can" XX 1X XXXXX ACLs XXXXXXXX "Jifty::Record" XXX "current_user_can()" XXX It's likely that at some point, you'll decide you want to ask other questions on certain types of operations. Say, you only want to let administrators update the "paid_account" field. In that case, you'd override "check_update_rights()" to look for the "admin" right rather than the "update" right, if the "FIELD" is "paid_account".
XXXXXXXXXXX ( ENABLING ACCESS CONTROL USING THE USER PLUGIN )
XXXXX AccessControl XXXXXXXX User XXXXXXXXXXXX X "Authentication::Password" XXXXXXXX etc/config.yml XXXXXXXXX: Plugins: - Authentication::Password: {} XXXXXXX "App::Model::User" XXXXXXX "Jifty::Plugin::User::Mixin::Model::User" XXXXXXX "Jifty::Plugin::Authentication::Password::Mixin::Model::User" XXXX: use strict; use warnings; package App::Model::User; use Jifty::DBI::Schema; use App::Record schema { }; use Jifty::Plugin::User::Mixin::Model::User; use Jifty::Plugin::Authentication::Password::Mixin::Model::User; # Your model-specific methods go here. 1; XXXXXX jifty XXXXXXXXXXXXXXXXXX: $ bin/jifty schema --setup XXXXXX XX "User" XXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXXXXXXXXX ( schema ) XXXXXXXXXXXXXX: use Jifty::DBI::Schema; use App::Record schema { column 'extra_column_name'; column 'mygroup' => valid_values are qw/admin moderator user/, default is 'user'; # more columns if necessary }; XXXXXXXXXXXXXXXXXX Jifty::Manual::Models X Jifty::DBI::Schema XXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (superuser) XXXX XXXXXXXX "App::Model::User" XX "current_user_can" XX: sub current_user_can { my $self = shift; my $type = shift; my %args = (@_); return 0 if ( $type eq 'update' and !$self->current_user->is_superuser and $args{'column'} eq 'mygroup' ); return 1; } XXX "App::CurrentUser" XXXXXX "_init" XX XXXXXXXXXXXXXX "CurrentUser" XXX XXXXXXXXX "_init" XXXXXXXXXXXX package App::CurrentUser; use strict; use warnings; use base qw(Jifty::CurrentUser); __PACKAGE__->mk_accessors(qw(group)); sub _init { my $self = shift; my %args = (@_); if (keys %args) { $self->user_object(App::Model::User->new(current_user => $self)); $self->user_object->load_by_cols(%args); if ( $self->user_object->mygroup eq 'admin') { $self->is_superuser(1); }; $self->group($self->user_object->mygroup); }; $self->SUPER::_init(%args); }; XXXXXXX "App::CurrentUser" , X admin XXXXXXXXXXXXXXX (superuser) XXXXXXXXXXXXXXX "Jifty->web->current_user->group"X "Authentication::Password" XXXXXXXX "Authentication::Password" XXXXXXXXXXXXXXXXXXXXXXXXXX /login XXXXXXXXXXXXXXXX (signup) XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX / X /logout XXXXXXXX /signup XXXXXXX XXXXXXXXXXXXXXX /passwordreminder XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X /let/reset_lost_password XXXXX /let/confirm_email XXXXXXXXXXXXXXXXXXXXXXXXXXX /let/reset_lost_password XXXXX XXXXXXXXXXXXXXX Doing checks at other places in your code XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX "Jifty->web->current_user" XXX "App::CurrentUser" XXXXXXXXXXXXXXXXXXXXXXXXXXX: "username" XXXXXXXXXXXXXXXXXXXXX "undef" "id" XXXXXXXX ID XXXXXXXXXX "undef"
SEE ALSO
Jifty::CurrentUser, Jifty::Record, Jifty::RightsFrom, Jifty::Plugin::Authentication::Ldap, Jifty::Plugin::Authentication::CAS
XXX
XXX (c9s) ( "cornelius.howl_at_gmail.com" ) <http://oulixe.us/>