I haven't used it, but the YAML suggests that the module is fairly straightforward. I wouldn't use the YAML for experimentation though, but go with SQLite.
The idea behind RBAC is that you do not assign individual permissions in your application to users anymore, but assign sets of permissions to groups.
Then, you assign group membership to users and in your code use $auth->can($operation) to check whether the user is allowed to perform the operation.
What's weird is that the operations seem to have more levels, because ->can takes a second parameter, $action. I guess this is to allow for some hierarchy in the permission names.
What I'm missing is a restriction also based on the object. For example at Perlmonks, users have the permission to edit the nodes owned by themselves but no other nodes. This situation seems not easy to model using Dancer::Plugin::Auth::RBAC (but it also makes the implementation and interface very hairy, so I understand why it's not in there).
In reply to Re: Dancer::Plugin::Auth::RBAC any cookbooks or good examples?
by Corion
in thread Dancer::Plugin::Auth::RBAC any cookbooks or good examples?
by Skeeve
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |