Rule-based permission management
use Apache2::SiteControl::PermissionManager; $manager = new Apache2::SiteControl::PermissionManager(); $rule1 = new SomeSubclassOfSiteControl(); $manager->addRule($rule1); ... $user = new SomeUserTypeYouDefineThatMakesSenseToRules; if($manager->can($user, $action, $resource)) { # OK to do action } # For example if($manager->can($user, "read", "/etc/shadow")) { open DATA, "</etc/shadow"; ... }
This module implements a user capabilities \s-1API\s0. The basic idea is that you have a set of users and a set of things that can be done in a system. In the code of the system itself, you want to surround sensitive operations with code that determines if the current user is allowed to do that operation.
This module attempts to make such a system possible, and easily extensible. The module requires that you write implementations of rules for you system that are subclasses of Apache2::SiteControl::Rule. The rules can be written to use any data types, which are abstractly known as \*(L"users\*(R", \*(L"actions\*(R", and \*(L"resources.\*(R"
A user is some object that your applications uses to identify the person operating the program. The expectation is that at some point the application authenticated the user and obtained their identity, and the rest of the application is merely applying a ruleset to determine what that user is allowed to do. In the context of the SiteControl system, this user is a Apache2::SiteControl::User or subclass thereof.
An action can be any data type (i.e. simply a string). Again, it is really up to the code of the rules (which are primarily written by you) to determine what is valid.
The overall usage of this package is as follows:
if($manager->can($user, "view salary", $payrollRecord)) { # show salary fields } else # hide salary fields }
package SalaryViewRule;
use Apache2::SiteControl::Rule; use Apache2::SiteControl::User;
use base qw(Apache2::SiteControl::Rule);
sub grants { $this = shift; $user = shift; $action = shift; $resource = shift;
# Do not grant on requests we don't understand. return 0 if(!$user->isa("Apache2::SiteControl::User") || !$this->isa("Apache2::SiteControl::Rule"));
if($action eq "view salary" && $resource->isa("Payroll::Record")) { if($user->getUsername() eq $resource->getEmployeeName()) { return "user can view their own salary"; } } return 0; } Then in your subclass of ManagerFactory: use SalaryViewRule;
...
$viewRule = new SalaryViewRule; $manager->addRule($viewRule);
This is the primary method of the PermissionManager. It asks if the specified user can do the specified action on the specified resource. For example, $manager->can($user, "eat", "cake"); would return true if the user is allowed to eat cake. Note that this gives you quite a bit of flexibility, but at the expense of strong type safety. It is suggested that all of your rules do type checking to insure that a rule is properly applied.
Apache2::SiteControl::Rule, Apache::SiteControl::ManagerFactory, Apache2::SiteControl::UserFactory, Apache::SiteControl
This module was written by Tony Kay, <[email protected]>.