]>
iEval git - apache2-authzcaps.git/blob - lib/Apache2/AuthzCaps.pm
1 package Apache2
:: AuthzCaps
; 6 use subs qw
/OK DECLINED/ ; 7 no if $] >= 5.017011 , warnings
=> 'experimental::smartmatch' ; 8 our $VERSION = '0.001001' ; 10 use if $ENV { MOD_PERL
}, 'Apache2::Access' ; 11 use if $ENV { MOD_PERL
}, 'Apache2::Const' => qw
/OK DECLINED/ ; 12 use if $ENV { MOD_PERL
}, 'Apache2::RequestRec' ; 13 use YAML
:: Any qw
/LoadFile DumpFile/ ; 15 use parent qw
/Exporter/ ; 17 our @EXPORT_OK = qw
/setcap hascaps/ ; 19 ################################################## 24 my ( $user , $cap , $value ) = @_ ; 25 my $config = eval { LoadFile
" $rootdir / $user .yml" } // {}; 27 my $caps = $config ->{ caps
}; 29 delete $caps ->{ $cap } unless $value ; 30 $caps ->{ $cap } = 1 if $value ; 31 DumpFile
" $rootdir / $user .yml" , $config 35 my ( $user , @caps ) = @_ ; 36 my $config = LoadFile
" $rootdir / $user .yml" ; 37 my $caps = $config ->{ caps
}; 39 return 0 unless $caps ->{ $_ } 47 local $rootdir = $r -> dir_config ( 'AuthzCapsRootdir' ); 50 LOOP
: for my $requirement ( map { $_ ->{ requirement
} } @
{ $r -> requires }) { 51 my ( $command , @args ) = split ' ' , $requirement ; 55 return OK
if hascaps
$user , @args 70 Apache2::AuthzCaps - mod_perl2 capability authorization 74 use Apache2::AuthzCaps qw/setcap hascaps/; 75 $Apache2::AuthzCaps::rootdir = "/path/to/user/directory" 76 setcap marius => deleteusers => 1; # Grant marius the deleteusers capability 77 setcap marius => createusers => 0; 78 hascaps marius => qw/deleteusers/; # returns 1, since marius can delete users 79 hascaps marius => qw/deleteusers createusers/; # returns 0, since marius can delete users but cannot create users 83 # Insert authentication here 84 PerlAuthzHandler Apache2::AuthzCaps 85 PerlSetVar AuthzCapsRootdir /path/to/user/directory 86 Require cap staff important 90 # 1) Let important staff members access /protected 91 # 2) Let admins access /protected 92 # 3) Not let anyone else (such as an important non-staff member or an non-important staff member) access /protected 96 Apache2::AuthzCaps is a perl module which provides simple Apache2 capability-based authorization. It contains a PerlAuthzHandler and some utility functions. 98 The user data is stored in YAML files in a user-set directory. Set this directory using: 100 $Apache2::AuthzCaps::rootdir = "/path/to/directory"; # From perl 101 PerlSetVar AuthzCapsRootdir /path/to/directory # From Apache2 config 107 =item B<setcap>(I<$username>, I<$capability>, I<$value>) 109 If I<$value> is true, grants I<$username> the I<$capability> capability. Otherwise denies I<$username> that capability. 111 =item B<hascaps>(I<$username>, I<$cap>, ...) 113 Returns true if and only of I<$username> has ALL of the listed capabilities. Dies if I<$username> does not exist. 117 The PerlAuthzHandler for use in apache2. 123 Marius Gavrilescu, E<lt>marius@ieval.roE<gt> 125 =head1 COPYRIGHT AND LICENSE 127 Copyright (C) 2013 by Marius Gavrilescu 129 This library is free software; you can redistribute it and/or modify 130 it under the same terms as Perl itself, either Perl version 5.14.2 or, 131 at your option, any later version of Perl 5 you may have available.
This page took 0.056344 seconds and 5 git commands to generate.
projects / apache2-authzcaps.git / blob