Dancer::Plugin::Auth::RBAC any cookbooks or good examples?

Skeeve has asked for the wisdom of the Perl Monks concerning the following question:

Hi!

I'm wondering whether there are any good examples how to set up Dancer::Plugin::Auth::RBAC. The instructions that come with it are very terse and I do not really understand them.

So if anyone of you knows of good examples, cookbooks or tutorials for it, this would be very helpful!

Thanks a lot in advance.

Update

I think I'm not the only one confused ;) http://advent.perldancer.org/2012/2

I'll take a look at Dancer::Plugin::Auth::Extensible. The users are in an LDAP anyway so I might just need to put roles into my DB.

s$$([},&%#}/&/]+}%&{})*;#$&&s&&$^X.($'^"%]=\&(|?*{%
+.+=%;.#_}\&"^"-+%*).}%:##%}={~=~:.")&e&&s""`$''`"e

Comment on Dancer::Plugin::Auth::RBAC any cookbooks or good examples? Select or Download Code

Replies are listed 'Best First'.
Re: Dancer::Plugin::Auth::RBAC any cookbooks or good examples? by Corion (Patriarch) on May 30, 2014 at 06:59 UTC
I haven't used it, but the YAML suggests that the module is fairly straightforward. I wouldn't use the YAML for experimentation though, but go with SQLite. The idea behind RBAC is that you do not assign individual permissions in your application to users anymore, but assign sets of permissions to groups. Then, you assign group membership to users and in your code use `$auth->can($operation)` to check whether the user is allowed to perform the operation. What's weird is that the operations seem to have more levels, because `->can` takes a second parameter, `$action`. I guess this is to allow for some hierarchy in the permission names. What I'm missing is a restriction also based on the object. For example at Perlmonks, users have the permission to edit the nodes owned by themselves but no other nodes. This situation seems not easy to model using Dancer::Plugin::Auth::RBAC (but it also makes the implementation and interface very hairy, so I understand why it's not in there).	[reply] [d/l] [select]
Re^2: Dancer::Plugin::Auth::RBAC any cookbooks or good examples? by Skeeve (Parson) on May 30, 2014 at 07:11 UTC
I also did not want to use YAML for that but I'm not sure how to modify my existing SQLite User DB to be used by RBAC. For another app I already started before I knew about RBAC, I already created a 3 level approach: A User has one or more groups (== roles) and each group has one or more permissions. What I started to do in that app was asking whether a user has a certain permission. So the groups (or roles) are unimportant. Just the permissions they give to the user are important. The problem I face is: How does RBAC interact with my DB and what is required in the DB to interact properly. I looked into RBAC because I want to "do it properly" now for the current App I have to work on. `s$$([},&%#}/&/]+}%&{});#$&&s&&$^X.($'^"%]=\&(\|?{%` `+`.+=%;.#_}\&"^"-+%*).}%:##%}={~=~:.")&e&&s""`$''`"e	[reply] [d/l] [select]
Re^3: Dancer::Plugin::Auth::RBAC any cookbooks or good examples? by Anonymous Monk on May 30, 2014 at 09:57 UTC
how to modify my existing SQLite User DB to be used by RBAC. See inside these links (and source) Dancer::Plugin::Auth::RBAC::Credentials::SQLite, simplest option is probably to copy/paste as SQLiteSkeeve and make sub authorize use your column names ... App::Netdisco::Web::Auth::Provider::DBIC / App::Netdisco::Web::AuthN Dancer::Plugin::Auth::RBAC::Permissions::DBIC Redesigning Dancer::Plugin::Auth::Extensible \| PerlDancer Advent Calendar :) I wouldn't dare call any of this "properly" ... or even flexible ... its all too much work	[reply]