Re: Dancer::Plugin::Auth::RBAC any cookbooks or good examples?

I haven't used it, but the YAML suggests that the module is fairly straightforward. I wouldn't use the YAML for experimentation though, but go with SQLite.

The idea behind RBAC is that you do not assign individual permissions in your application to users anymore, but assign sets of permissions to groups.

Then, you assign group membership to users and in your code use $auth->can($operation) to check whether the user is allowed to perform the operation.

What's weird is that the operations seem to have more levels, because ->can takes a second parameter, $action. I guess this is to allow for some hierarchy in the permission names.

What I'm missing is a restriction also based on the object. For example at Perlmonks, users have the permission to edit the nodes owned by themselves but no other nodes. This situation seems not easy to model using Dancer::Plugin::Auth::RBAC (but it also makes the implementation and interface very hairy, so I understand why it's not in there).

Comment on Re: Dancer::Plugin::Auth::RBAC any cookbooks or good examples? Select or Download Code

Replies are listed 'Best First'.
Re^2: Dancer::Plugin::Auth::RBAC any cookbooks or good examples? by Skeeve (Parson) on May 30, 2014 at 07:11 UTC
I also did not want to use YAML for that but I'm not sure how to modify my existing SQLite User DB to be used by RBAC. For another app I already started before I knew about RBAC, I already created a 3 level approach: A User has one or more groups (== roles) and each group has one or more permissions. What I started to do in that app was asking whether a user has a certain permission. So the groups (or roles) are unimportant. Just the permissions they give to the user are important. The problem I face is: How does RBAC interact with my DB and what is required in the DB to interact properly. I looked into RBAC because I want to "do it properly" now for the current App I have to work on. `s$$([},&%#}/&/]+}%&{});#$&&s&&$^X.($'^"%]=\&(\|?{%` `+`.+=%;.#_}\&"^"-+%*).}%:##%}={~=~:.")&e&&s""`$''`"e	[reply] [d/l] [select]
Re^3: Dancer::Plugin::Auth::RBAC any cookbooks or good examples? by Anonymous Monk on May 30, 2014 at 09:57 UTC
how to modify my existing SQLite User DB to be used by RBAC. See inside these links (and source) Dancer::Plugin::Auth::RBAC::Credentials::SQLite, simplest option is probably to copy/paste as SQLiteSkeeve and make sub authorize use your column names ... App::Netdisco::Web::Auth::Provider::DBIC / App::Netdisco::Web::AuthN Dancer::Plugin::Auth::RBAC::Permissions::DBIC Redesigning Dancer::Plugin::Auth::Extensible \| PerlDancer Advent Calendar :) I wouldn't dare call any of this "properly" ... or even flexible ... its all too much work	[reply]