/usr/share/perl5/Apache2/SiteControl/PermissionManager.pm is in libapache2-sitecontrol-perl 1.05-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 | package Apache2::SiteControl::PermissionManager;
use 5.008;
use strict;
use warnings;
use Carp;
sub new {
my $proto = shift;
my $class = ref($proto) || $proto;
my $this = { rules => [] };
bless ($this, $class);
return $this;
}
sub addRule($$)
{
my $this = shift;
my $rule = shift;
push @{$this->{rules}}, $rule;
return 1;
}
sub can($$$$)
{
my $this = shift;
my $user = shift;
my $action = shift;
my $resource = shift;
my $rule;
my ($granted, $denied) = (0,0);
for $rule (@{$this->{rules}})
{
$granted = 1 if($rule->grants($user, $action, $resource));
$denied = 1 if($rule->denies($user, $action, $resource));
}
return ($granted && !$denied);
}
1;
__END__
=head1 NAME
Apache2::SiteControl::PermissionManager - Rule-based permission management
=head1 SYNOPSIS
use Apache2::SiteControl::PermissionManager;
$manager = new Apache2::SiteControl::PermissionManager();
$rule1 = new SomeSubclassOfSiteControl();
$manager->addRule($rule1);
...
$user = new SomeUserTypeYouDefineThatMakesSenseToRules;
if($manager->can($user, $action, $resource)) {
# OK to do action
}
# For example
if($manager->can($user, "read", "/etc/shadow")) {
open DATA, "</etc/shadow";
...
}
=head1 DESCRIPTION
This module implements a user capabilities API. The basic idea is that you have
a set of users and a set of things that can be done in a system. In the code of
the system itself, you want to surround sensitive operations with code that
determines if the current user is allowed to do that operation.
This module attempts to make such a system possible, and easily extensible.
The module requires that you write implementations of rules for you system
that are subclasses of Apache2::SiteControl::Rule. The rules can be written to
use any data types, which are abstractly known as "users", "actions", and
"resources."
A user is some object that your applications uses to identify the person
operating the program. The expectation is that at some point the application
authenticated the user and obtained their identity, and the rest of the
application is merely applying a ruleset to determine what that user is
allowed to do. In the context of the SiteControl system, this user is a
Apache2::SiteControl::User or subclass thereof.
An action can be any data type (i.e. simply a string). Again, it is really up
to the code of the rules (which are primarily written by you) to determine what
is valid.
The overall usage of this package is as follows:
=over 8
=item B<1.> Decide how you want to represent a user. (i.e. Apache2::SiteControl::User)
=item B<2.> Decide the critical sections of your code that need to be
protected, and decide what to do if the user doesn't pass muster. For example
if a screen should just hide fields, then the application code needs to reflect
that.
=item B<3.> Create a permission manager instance for your application.
Typically use a singleton pattern (there need be only one manager). In the
SiteControl system, this is done by a ManagerFactory that you write.
=item B<4.> Surround sensitive sections of code with something like:
if($manager->can($user, "view salary", $payrollRecord))
{
# show salary fields
} else
# hide salary fields
}
=item B<5.> Create rules that spell out the behavior you want and add them to
your application's permission manager. The basic idea is that a rule can grant
permission, or deny it. If it neither grants or denies, then the manager will
take the safe route and say that the action cannot be taken. Part of the code
for the rule for protecting salaries might look like:
package SalaryViewRule;
use Apache2::SiteControl::Rule;
use Apache2::SiteControl::User;
use base qw(Apache2::SiteControl::Rule);
sub grants
{
$this = shift;
$user = shift;
$action = shift;
$resource = shift;
# Do not grant on requests we don't understand.
return 0 if(!$user->isa("Apache2::SiteControl::User") ||
!$this->isa("Apache2::SiteControl::Rule"));
if($action eq "view salary" && $resource->isa("Payroll::Record")) {
if($user->getUsername() eq $resource->getEmployeeName()) {
return "user can view their own salary";
}
}
return 0;
}
Then in your subclass of ManagerFactory:
use SalaryViewRule;
...
$viewRule = new SalaryViewRule;
$manager->addRule($viewRule);
=back
=head1 METHODS
=over 8
=item B<can>(I<user>, I<action verb>, I<resource>)
This is the primary method of the PermissionManager. It asks if the specified
user can do the specified action on the specified resource. For example,
$manager->can($user, "eat", "cake");
would return true if the user is allowed to eat cake. Note that this gives you
quite a bit of flexibility, but at the expense of strong type safety. It is
suggested that all of your rules do type checking to insure that a rule is
properly applied.
=back
=head1 SEE ALSO
Apache2::SiteControl::Rule, Apache::SiteControl::ManagerFactory,
Apache2::SiteControl::UserFactory, Apache::SiteControl
=head1 AUTHOR
This module was written by Tony Kay, E<lt>tkay@uoregon.eduE<gt>.
=head1 COPYRIGHT AND LICENSE
=cut
|