NAME Catalyst::Plugin::Authorization::Roles - Role based authorization for Catalyst based on Catalyst::Plugin::Authentication. SYNOPSIS use Catalyst qw/ Authentication Authentication::Store::ThatSupportsRoles Authorization::Roles /; sub delete : Local { my ( $self, $c ) = @_; $c->assert_user_roles( qw/admin/ ); # only admins can delete $c->model("Foo")->delete_it(); } DESCRIPTION Role based authentication is very simple: every user has a list of roles, which that user is allowed to assume. Whenever an area that is restricted for e.g. admins, or members, or any other role is accessed a check is made to see whether or not the user has all the required roles. In this plugin the user objects being checked have the "roles" method invoked. This method is supposed to return a list of the roles the user is allowed to assume. The roles may be any item that can be compared using Set::Object. For example, if you have a CRUD application, for every mutating action you probably want to check that the user is allowed to edit. To do this, create an editor role, and add that role to every user who is allowed to edit. sub edit : Local { my ( $self, $c ) = @_; $c->assert_user_roles( qw/editor/ ); $c->model("TheModel")->make_changes(); } METHODS assert_user_roles [ $user ], @roles Cheks that the user (as supplied by the first argument, or, if omitted, "<$c-"user>>) has the specified roles. If for any reason ("<$c-"user>> is not defined, the user is missing a role, etc) the check fails, an error is thrown. check_user_roles [ $user ], @roles Takes the same args as "assert_user_roles", and performs the same check, but instead of throwing errors returns a boolean value. SEE ALSO Catalyst::Plugin::Authentication AUTHOR Yuval Kogman, "nothingmuch@woobling.org" COPYRIGHT & LICNESE Copyright (c) 2005 the aforementioned authors. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.