#In the application or scripts
use My::Authentication;

# Loads user information, logs users in and out, controls cookies
my $user = My::Authentication::load();

# require a user to be an admin, or give them an "Access denied page"
$user->must('admin');

# require a user to be an admin or redirect them to the login page
$user->must_or_login('admin');

# require a user to be an admin or redirect them to a specific page
$user->must_or_redirect('admin', '/login.html');

#test a users roles
print "You can 'dance'\n" if $user->can('dance');
print "You can't 'flip'\n" unless $user->can('flip');


#give the user a role    
$user->add_role('dance');  # now they can dance
$user->del_role('dance');  # now they can't

#allow user administration. (for registration etc)
My::Authentication::add_user($username, $password, { #hash to store data }, [ roles ]);
My::Authentication::del_user($username);

#allow role modification of arbitraty users 
#  (not sure why but it seems prudent to let the program do what they want.)
My::Authentication::user_add_role($username, [roles]);
My::Authentication::user_del_role($username, [roles]);

#roles must be registered to avoid typos
My::Authentication::add_role([roles]);
My::Authentication::rem_role([roles]);

##</code><code>##

#in an user_admin.pl script
use My::Authentication;
My::Authentication::administer();
#  Then the script would handler EVERYTHING ELSE 
#  (list users, allow editing, updating, deleting, roles etc.)