I see it as protection from developer error. You probably want to have authorization handled in a way that allows you to both restrict the overt choices that a user can make and also to give the user a more friendly message up front, which all probably requires explicit coding nearer the front end. However if there is the possibility of an unintended method getting called (a typo in a dispatch table or an unchecked action parameter for instance,) then you might feel it is appropriate to prevent that method being called by unauthorized users. Call it a belt and braces approach.

/J\

Hello, All

Thank you all for your responses. After thinking about it I decided to make a basic implementation.

package Access::Attribute;

use strict;
use warnings;

use Attribute::Handlers;
use Data::Dumper;

sub UNIVERSAL::access_root : ATTR(CODE) {
    my ($package, $symbol, $referent, $attr, $data, $phase) = @_;

    if ($< != 0) {
        die "Access Denied to subroutine " . *{$symbol}{NAME} . "\n";
    }

}

sub UNIVERSAL::access_list : ATTR(CODE) {
    my ($package, $symbol, $referent, $attr, $data, $phase) = @_;

    return if !$data;
    
    my @data = (ref $data) ? @$data : $data;
    
    my $match = 0;
    for my $user (@data) {
        my @passwd = getpwnam($user);
        next if !@passwd;
        $match = 1 if $< == $passwd[2];
    }
    
    if ($match == 0) {
        die "Access Denied to subroutine " . *{$symbol}{NAME} . "\n";
    }
}

1;
[download]

This is mostly to teach myself Attributes, but I thought I would share it.

Thanks,

rlb3