| Gestinanna::POF::Secure - provides security for POF classes |
Gestinanna::POF::Secure - provides security for POF classes
package My::Security;
use base qw(Gestinanna::POF::Secure);
sub has_access { my($self, $attribute, $access) = @_;
# do check - return true or false
}
package My::DataObject;
use base qw(My::Security); use base qw(Gestinanna::POF::Container);
__PACKAGE__ -> contained_objects( );
The following parameters are required for the security code.
This is the object acting on this object. Permissions may be based on both the actor and the object being acted upon.
By default, access methods are created as needed for attributes. The following are part of the base POF security object class and should not be used for anything else.
This returns the identifier for the object in the form [ object_type, object_id ].
Secured objects will call the has_access method to check whether or
not a particular actor has a particular access to a particular attribute.
This method should return a true value if the actor has the access and
should return a false value if it does not.
The Gestinanna::POF::Base class (from which the other data store classes in the Gestinanna::POF distribution are based) uses the following values for the access:
This is used to indicate read access to an attribute.
This is used to indicate write access to an attribute.
This is used to indicate the searchability of an attribute.
The has_access method should be prepared to receive an array
reference containing one or more attributes or array references.
Nested array references are allowed. Elements within an array
reference either must all be satisfied, or any of them be satisfied,
alternately.
For example, given [ qw(read write) ], the actor must have both read
and write access. But given [ 'exec', [ qw(read write) ] ], the
actor must have exec access and at least one of read or write access.
Given [ [ qw(read write) ] ], the actor must have at least one of
read or write access.
Some security systems may allow for arbitrary attributes (such as exec
in the example above). For example, the Gestinanan application framework
makes use of such attributes as admin to indicate an administrative
role, exec to indicate execute permission for a state machine,
and create for the ability to create a new folder or file in a repository.
Need to be able to query available attributes considering security and not considering security.
James Smith, <jsmith@cpan.org>
Copyright (C) 2002, 2003 Texas A&M University. All Rights Reserved.
This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
| Gestinanna::POF::Secure - provides security for POF classes |