]> iEval git - apache2-authzcaps.git/blame - lib/Apache2/AuthzCaps.pm
Initial commit
[apache2-authzcaps.git] / lib / Apache2 / AuthzCaps.pm
CommitLineData
7442fd06
MG
1package Apache2::AuthzCaps 0.001;
2
3use 5.014000;
4use strict;
5use warnings;
6
7use Apache2::Access;
8use Apache2::Const qw/OK DECLINED/;
9use Apache2::RequestRec;
10use YAML::Any qw/LoadFile DumpFile/;
11
12use parent qw/Exporter/;
13
14our @EXPORT_OK = qw/setcap hascaps/;
15
16##################################################
17
18our $rootdir;
19
20sub setcap{
21 my ($user, $cap, $value) = @_;
22 my $config = eval { LoadFile "$rootdir/$user.yml" } // {};
23 $config->{caps}//={};
24 my $caps=$config->{caps};
25
26 delete $caps->{$cap} unless $value;
27 $caps->{$cap} = 1 if $value;
28 DumpFile "$rootdir/$user.yml", $config
29}
30
31sub hascaps{
32 my ($user, @caps) = @_;
33 my $config = LoadFile "$rootdir/$user.yml";
34 my $caps = $config->{caps};
35 for (@caps) {
36 return 0 unless $caps->{$_}
37 }
38 1
39}
40
41sub handler{
42 my $r=shift;
43 my $user = $r->user;
44 local $rootdir = $r->dir_config('AuthzCapsRootdir');
45
46 if ($user) {
47 LOOP: for my $requirement (map { $_->{requirement} } @{$r->requires}) {
48 my ($command, @args) = split ' ', $requirement;
49
50 given ($command){
51 when('cap'){
52 return OK if hascaps $user, @args
53 }
54
55 }
56 }
57 }
58
59 DECLINED
60}
61
621;
63__END__
64
65=head1 NAME
66
67Apache2::AuthzCaps - mod_perl2 capability authorization
68
69=head1 SYNOPSIS
70
71 use Apache2::AuthzCaps qw/setcap hascaps/;
72 $Apache2::AuthzCaps::rootdir = "/path/to/user/directory"
73 setcap marius => deleteusers => 1; # Grant marius the deleteusers capability
74 setcap marius => createusers => 0;
75 hascaps marius => qw/deleteusers/; # returns 1, since marius can delete users
76 hascaps marius => qw/deleteusers createusers/; # returns 0, since marius can delete users but cannot create users
77
78 # In Apache2 config
79 <Location /protected>
80 # Insert authentication here
81 PerlAuthzHandler Apache2::AuthzCaps
82 PerlSetVar AuthzCapsRootdir /path/to/user/directory
83 Require cap staff important
84 Require cap admin
85 </Location>
86 # This will:
87 # 1) Let important staff members access /protected
88 # 2) Let admins access /protected
89 # 3) Not let anyone else (such as an important non-staff member or an non-important staff member) access /protected
90
91=head1 DESCRIPTION
92
93Apache2::AuthzCaps is a perl module which provides simple Apache2 capability-based authorization. It contains a PerlAuthzHandler and some utility functions.
94
95The user data is stored in YAML files in a user-set directory. Set this directory using:
96
97 $Apache2::AuthzCaps::rootdir = "/path/to/directory"; # From perl
98 PerlSetVar AuthzCapsRootdir /path/to/directory # From Apache2 config
99
100=head1 FUNCTIONS
101
102=over
103
104=item B<setcap>(I<$username>, I<$capability>, I<$value>)
105
106If I<$value> is true, grants I<$username> the I<$capability> capability. Otherwise denies I<$username> that capability.
107
108=item B<hascaps>(I<$username>, I<$cap>, ...)
109
110Returns true if and only of I<$username> has ALL of the listed capabilities. Dies if I<$username> does not exist.
111
112=item B<handler>
113
114The PerlAuthzHandler for use in apache2.
115
116=back
117
118=head1 AUTHOR
119
120Marius Gavrilescu, E<lt>marius@ieval.roE<gt>
121
122=head1 COPYRIGHT AND LICENSE
123
124Copyright (C) 2013 by Marius Gavrilescu
125
126This library is free software; you can redistribute it and/or modify
127it under the same terms as Perl itself, either Perl version 5.14.2 or,
128at your option, any later version of Perl 5 you may have available.
129
130
131=cut
This page took 0.033274 seconds and 4 git commands to generate.