package Alex2::CGI::Admin;

use strict;
use warnings;

use base 'Alex2::CGI';

sub setup { 
    my $self = shift;
    $self->run_modes( [ 'main' ] );
    $self->start_mode( 'main' );
}

sub cgiapp_prerun { 
    my $self = shift;

    $self->SUPER::cgiapp_prerun( @_ );

    $self->run_modes( [ 'unauthorized' ] );

    unless( $self->user->admin or $self->user->group_admin ) { 
        $self->prerun_mode( 'unauthorized' );
    }

    # group admins can only use certain tools
    if ( $self->user->group_admin and !$self->allows_group_admin ) { 
        $self->prerun_mode( 'unauthorized' );
    }
}

....