| Subject: | Let "forbidden()" do redirects like CAP::Authentication does |
Have been adding support in my own apps for CAP::Authorization, but
found that it didn't perform redirects the same way that
CAP::Authentication did. I wanted to be able to set things up so that
I could have entire Apps that require a specific type of authorization
like:
sub cgiapp_prerun {
my $self = shift;
unless ($self->authz->authorize('admin')) {
return $self->authz->forbidden();
}
}
and have CAP::Authorization "do the right thing" with regards to
whether it did a redirect to an external URL or to an internal
run-mode.
I've hacked together a patch against CAP-Authorization 0.05 that makes
it function like this, which I've attached to this message.
Comments?
| Subject: | cap-authorization-forbidden-redirect.diff |
--- Authorization.pm.orig 2006-10-12 12:49:23.055854364 -0700
+++ Authorization.pm 2006-10-12 12:52:47.686480089 -0700
@@ -483,6 +483,7 @@
sub setup_runmodes {
my $self = shift;
$self->run_modes( authz_forbidden => \&authz_forbidden, );
+ $self->run_modes( authz_dummy_redirect => \&authz_dummy_redirect );
return;
}
@@ -515,16 +516,15 @@
my $config = $self->_config;
if ( $config->{FORBIDDEN_RUNMODE} ) {
- my $runmode = $config->{FORBIDDEN_RUNMODE};
- return $cgiapp->$runmode();
+ $cgiapp->prerun_mode($config->{FORBIDDEN_RUNMODE});
}
elsif ( $config->{FORBIDDEN_URL} ) {
$cgiapp->header_add( -location => $config->{FORBIDDEN_URL} );
$cgiapp->header_type('redirect');
- return;
+ $cgiapp->prerun_mode('authz_dummy_redirect');
}
else {
- return authz_forbidden( $self->cgiapp );
+ $cgiapp->prerun_mode('authz_forbidden');
}
}
@@ -555,6 +555,17 @@
return $html;
}
+=head2 authz_dummy_redirect
+
+This runmode is provided for convenience when an external redirect needs
+to be done. It just returns an empty string.
+
+=cut
+
+sub authz_dummy_redirect {
+ return '';
+}
+
###
### Helper methods
###