NAME Mojolicious::Plugin::ContextAuth - Role-based access with context VERSION version 0.01 SYNOPSIS # Mojolicious::Lite app app->plugin( 'ContextAuth' => { dsn => 'sqlite:' . $db, }, ); # Mojolicious app in sub startup $self->plugin( 'ContextAuth' => { dsn => 'sqlite:' . $db, }, ); # in your controller my $has_permission = $c->auth->has_permission( $session_id, context => 'project_a', permission => 'title.update', ) DESCRIPTION This addon implements a role based authorization with contexts. There are systems where the user can have different roles in different contexts: e.g. in a company that develops software, one user can have the projectmanager role in one project, but not in an other project. With this module it is easy to implement it. It creates the database and provides some methods to do the authentication and authorization. DATABASE .---------------. .---------------------------. .---------------------. | corbac_users | | corbac_user_context_roles | | corbac_contexts | |---------------| |---------------------------| |---------------------| | user_id |<--------| user_id |------------->| context_id | | username | | context_id | | context_name | | user_password | | role_id | | context_description | '---------------' '---------------------------' '---------------------' ^ ^ ^ | | | | | | | | | | | | .----------------------. .------------------. | | corbac_user_sessions | | corbac_roles | | |----------------------| |------------------| | | user_id | | role_id | | | session_id | | role_name |------------------------------' | access_tree | | role_description | | session_started | | context_id | '----------------------' | is_valid | '------------------' ^ | .-------------------------. | corbac_role_permissions | |-------------------------| .---------------| role_id |------------. | | permission_id | | | | resource_id | | | '-------------------------' | | | v v .------------------------. .----------------------. | corbac_permissions | | corbac_resources | |------------------------| |----------------------| | permission_id | | resource_id | | permission_name |----------------------------->| resource_name | | permission_label | | resource_label | | permission_description | | resource_description | | resource_id | '----------------------' '------------------------' Currently only SQLite is supported. ENTITIES We use some entities that are described in the subsequent paragraphs. But one example might describe it as well: Mr Johnson can update the project description in project A as he is the project manager ^ ^ ^ ^ ^ | | | | | user permission resource context role User The user of the system Context The context the user does an action. In a project management software this could be "system", "project a", "project b". You can define any context you want. Role The role an user has in the given context. A user can be the project manager in one project, but a developer in an other project. Resource This is any resource you have in your system. This could be "title" and "members" for a project. Permission Any permission is bind to a resource. You can define whatever permissions you want. For the project name this could be "update", for the project members it coule be "add", "delete", "set_role". METHODS register Configuration: * dsn Required. This is a dsn used for Mojo::SQLite, Mojo::mysql or Mojo::Pg. * prefix Optional (default: 'auth'). Used to name the helpers (see below) HELPERS Those helpers are defined by the plugin: Returns a Mojolicious::Plugin::ContextAuth::Auth object. _db Returns a Mojolicious::Plugin::ContextAuth::DB object. AUTHOR Renee Baecker COPYRIGHT AND LICENSE This software is Copyright (c) 2020 by Renee Baecker. This is free software, licensed under: The Artistic License 2.0 (GPL Compatible)