Gestinanna::POF::Secure - provides security for POF classes


NAME

Gestinanna::POF::Secure - provides security for POF classes

Back to Top


SYNOPSIS

 package My::Security;
 use base qw(Gestinanna::POF::Secure);
 sub has_access {
     my($self, $attribute, $access) = @_;
     # do check - return true or false
 }
 package My::DataObject;
 use base qw(My::Security);
 use base qw(Gestinanna::POF::Container);
 __PACKAGE__ -> contained_objects(
 );

Back to Top


DESCRIPTION

The following parameters are required for the security code.

actor

This is the object acting on this object. Permissions may be based on both the actor and the object being acted upon.

Back to Top


METHODS

ACCESS METHODS

By default, access methods are created as needed for attributes. The following are part of the base POF security object class and should not be used for anything else.

actor
auth_id

This returns the identifier for the object in the form [ object_type, object_id ].

SECURITY (has_access)

Secured objects will call the has_access method to check whether or not a particular actor has a particular access to a particular attribute. This method should return a true value if the actor has the access and should return a false value if it does not.

The Gestinanna::POF::Base class (from which the other data store classes in the Gestinanna::POF distribution are based) uses the following values for the access:

read

This is used to indicate read access to an attribute.

write

This is used to indicate write access to an attribute.

search

This is used to indicate the searchability of an attribute.

The has_access method should be prepared to receive an array reference containing one or more attributes or array references. Nested array references are allowed. Elements within an array reference either must all be satisfied, or any of them be satisfied, alternately.

For example, given [ qw(read write) ], the actor must have both read and write access. But given [ 'exec', [ qw(read write) ] ], the actor must have exec access and at least one of read or write access. Given [ [ qw(read write) ] ], the actor must have at least one of read or write access.

Some security systems may allow for arbitrary attributes (such as exec in the example above). For example, the Gestinanan application framework makes use of such attributes as admin to indicate an administrative role, exec to indicate execute permission for a state machine, and create for the ability to create a new folder or file in a repository.

Back to Top


TODO

Need to be able to query available attributes considering security and not considering security.

Back to Top


AUTHOR

James Smith, <jsmith@cpan.org>

Back to Top


COPYRIGHT

Copyright (C) 2002, 2003 Texas A&M University. All Rights Reserved.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Back to Top

 Gestinanna::POF::Secure - provides security for POF classes