[Jifty-commit] r2223 - in jifty/trunk/plugins/AuthzLDAP: .
lib/Jifty/Plugin lib/Jifty/Plugin/AuthzLDAP
lib/Jifty/Plugin/AuthzLDAP/Action share/po share/web/templates/error
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Thu Nov 30 04:04:10 EST 2006
Author: yves
Date: Thu Nov 30 04:04:09 2006
New Revision: 2223
Added:
jifty/trunk/plugins/AuthzLDAP/MANIFEST
jifty/trunk/plugins/AuthzLDAP/share/po/en.po
jifty/trunk/plugins/AuthzLDAP/share/po/fr.po
jifty/trunk/plugins/AuthzLDAP/share/web/templates/error/
jifty/trunk/plugins/AuthzLDAP/share/web/templates/error/AccessDenied
jifty/trunk/plugins/AuthzLDAP/t/00-load.t
Removed:
jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP/Dispatcher.pm
Modified:
jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP.pm
jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP/Action/LDAPValidate.pm
Log:
* Usable AuthzLDAP Plugin, see man Jifty::Plugin::AuthzLDAP
while thinking on new more generic Jifty::Plugin::Authz::XYZ , Jifty::Plugin::Authentication:XYZ
Added: jifty/trunk/plugins/AuthzLDAP/MANIFEST
==============================================================================
--- (empty file)
+++ jifty/trunk/plugins/AuthzLDAP/MANIFEST Thu Nov 30 04:04:09 2006
@@ -0,0 +1,9 @@
+lib/Jifty/Plugin/AuthzLDAP.pm
+lib/Jifty/Plugin/AuthzLDAP/Action/LDAPValidate.pm
+lib/Jifty/Plugin/AuthzLDAP/Model/LDAPFilter.pm
+Makefile.PL
+MANIFEST
+share/po/en.po
+share/po/fr.po
+share/web/templates/error/AccessDenied
+t/00-load.t
Modified: jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP.pm
==============================================================================
--- jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP.pm (original)
+++ jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP.pm Thu Nov 30 04:04:09 2006
@@ -28,6 +28,32 @@
in application create a LDAPFilter model
use base qw/Jifty::Plugin::AuthzLDAP::Model::LDAPFilter/;
+in LDAPFilter model create your filters, something like
+ name |filter |is_group
+ is_admin|(!eduPersonAffiliation=STUDENT)|0
+ in_admin|cn=admin,ou=groups,dc=my.org |1
+
+to protect access to /admin
+in "TestApp" application create a lib/TestApp/Dispatcher.pm
+
+ use strict;
+ use warnings;
+
+ package TestApp::Dispatcher;
+ use Jifty::Dispatcher -base;
+
+ before '/admin/*' => run {
+ # Authentication
+ Jifty->web->tangent(url => '/login')
+ if (! Jifty->web->current_user->id);
+ # Authorization
+ my $user = Jifty->web->current_user->user_object->name;
+ Jifty->web->tangent(url => '/error/AccessDenied')
+ if (! Jifty::Plugin::AuthzLDAP->ldapvalidate($user,'is_admin') );
+ };
+
+ 1
+
=head1 SEE ALSO
L<Net::LDAP>
@@ -131,7 +157,8 @@
# (?) allow use of writing filter in filtername
# TODO: filtername must be cleanned
- my $filter = ($record->filter)?$record->filter:$filtername;
+ # my $filter = ($record->filter)?$record->filter:$filtername;
+ my $filter = $record->filter;
$user = $self->UID().'='.$user.','.$self->BASE();
Modified: jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP/Action/LDAPValidate.pm
==============================================================================
--- jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP/Action/LDAPValidate.pm (original)
+++ jifty/trunk/plugins/AuthzLDAP/lib/Jifty/Plugin/AuthzLDAP/Action/LDAPValidate.pm Thu Nov 30 04:04:09 2006
@@ -57,7 +57,7 @@
if (not $msg) {
$self->result->error(
- _('Access not allowed') );
+ _('Access denied.') );
return;}
return 1;
Added: jifty/trunk/plugins/AuthzLDAP/share/po/en.po
==============================================================================
--- (empty file)
+++ jifty/trunk/plugins/AuthzLDAP/share/po/en.po Thu Nov 30 04:04:09 2006
@@ -0,0 +1,20 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
+"Language-Team: LANGUAGE <LL at li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: lib/Jifty/Plugin/AuthzLDAP/Action/LDAPValidate.pm:60 share/web/templates/error/AccessDenied:1 share/web/templates/error/AccessDenied:2
+msgid "Access denied."
+msgstr ""
Added: jifty/trunk/plugins/AuthzLDAP/share/po/fr.po
==============================================================================
--- (empty file)
+++ jifty/trunk/plugins/AuthzLDAP/share/po/fr.po Thu Nov 30 04:04:09 2006
@@ -0,0 +1,20 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
+"Language-Team: LANGUAGE <LL at li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO8859-15\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: lib/Jifty/Plugin/AuthzLDAP/Action/LDAPValidate.pm:60 share/web/templates/error/AccessDenied:1 share/web/templates/error/AccessDenied:2
+msgid "Access denied."
+msgstr "Accès non autorisé."
Added: jifty/trunk/plugins/AuthzLDAP/share/web/templates/error/AccessDenied
==============================================================================
--- (empty file)
+++ jifty/trunk/plugins/AuthzLDAP/share/web/templates/error/AccessDenied Thu Nov 30 04:04:09 2006
@@ -0,0 +1,3 @@
+<&| /_elements/wrapper, title => _("Access denied.") &>
+<p><% _("Access denied.") %></p>
+</&>
Added: jifty/trunk/plugins/AuthzLDAP/t/00-load.t
==============================================================================
--- (empty file)
+++ jifty/trunk/plugins/AuthzLDAP/t/00-load.t Thu Nov 30 04:04:09 2006
@@ -0,0 +1,5 @@
+#!/usr/bin/env perl -w
+use strict;
+use Test::More tests => 1;
+
+use_ok('Jifty::Plugin::AuthzLDAP');
More information about the Jifty-commit
mailing list