Mailing List Archive

Luca,
 
Perhaps it's a stupid question, but have you checked that the user exists?
 
if ( $c->user_exists() && ...
jb


On Monday, February 9, 2015 7:53 AM, Luca Ferrari <fluca1978@infinito.it> wrote:


Hi all,
I'm trying to setup the authorization in an application, and therefore
in my controller method I've something like the following:

if ( ! $c->check_any_user_role( qw/Admin Manutentore/ ) ){ .... }

and the above is always failing. At first I thought I was missing
something with the role configuration, but in my application I also
use ACLS that to the same path are configured as follows (and do
work):

if ( ! $c->check_any_user_role( qw/Admin Manutentore/ ) )

The configuration of the application is as follows:


__PACKAGE__->config('Plugin::
Authentication' => {
    default_realm => 'members',
    realms => {
        members => {
            credential => {
                class => 'Password',
                password_field => 'password',
                password_type => 'clear'
            },
                    store => {
                        class => 'DBIx::Class',
                        user_model => 'SmicketsDB::User',
                        role_relation => 'roles',
                        role_field => 'description',
                }
        }
    }
                    });


Any idea about?

Thanks,
Luca

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Ciao,

On Mon, Feb 9, 2015 at 6:12 PM, Jeff Black <jeffrey.black@yahoo.com> wrote:
>
> Perhaps it's a stupid question, but have you checked that the user exists?
>
> if ( $c->user_exists() && ...
>


Apparently it exists because I print the username and its role list to
check...and of course the role is there.

Luca

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Ciao,
this is what I did in order to get more info:

# in the controller

if ( ! $c->check_any_user_role( qw/Admin Manutentore/ ) ) {
$c->stash->{ message } = "User exists " . $c->user_exists() .
" - with username " . $c->user->username . " and roles "\
. $c->user->roles_to_string . " and the check is " .
$c->check_any_user_role( qw/Admin Manutentore/ );
my @roles = $c->user->users_roles->all();
@roles = map { $_->role->pk . " = " . $_->role->description }
@roles;
$c->stash->{ message } .= "Roles [@roles]";
}


and what is printed is:

User exists 1 - with username fluca1978 and roles [Manutentore] and
the check is 0Roles [12 = Manutentore]

so:
1) the user exists
2) the username is correct
3) the user has one role, the description of the role is matched
4) the check_any_user_role reports false (0)
5) the lookup of all the roles reports the right primary key and description.

Any idea about what I'm missing?

Thanks,
Luca

On Mon, Feb 9, 2015 at 9:43 PM, Luca Ferrari <fluca1978@infinito.it> wrote:
> Ciao,
>
> On Mon, Feb 9, 2015 at 6:12 PM, Jeff Black <jeffrey.black@yahoo.com> wrote:
>>
>> Perhaps it's a stupid question, but have you checked that the user exists?
>>
>> if ( $c->user_exists() && ...
>>
>
>
> Apparently it exists because I print the username and its role list to
> check...and of course the role is there.
>
> Luca

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

What do you get in debug console output?
By code (Catalyst::Plugin::Authorization::Roles) you have to see
something like this:
Role denied: @roles

Anyway, you should look into Catalyst::Plugin::Authorization::Roles
and try debug it, code is simple.

On 10 February 2015 at 11:01, Luca Ferrari <fluca1978@infinito.it> wrote:
> Ciao,
> this is what I did in order to get more info:
>
> # in the controller
>
> if ( ! $c->check_any_user_role( qw/Admin Manutentore/ ) ) {
> $c->stash->{ message } = "User exists " . $c->user_exists() .
> " - with username " . $c->user->username . " and roles "\
> . $c->user->roles_to_string . " and the check is " .
> $c->check_any_user_role( qw/Admin Manutentore/ );
> my @roles = $c->user->users_roles->all();
> @roles = map { $_->role->pk . " = " . $_->role->description }
> @roles;
> $c->stash->{ message } .= "Roles [@roles]";
> }
>
>
> and what is printed is:
>
> User exists 1 - with username fluca1978 and roles [Manutentore] and
> the check is 0Roles [12 = Manutentore]
>
> so:
> 1) the user exists
> 2) the username is correct
> 3) the user has one role, the description of the role is matched
> 4) the check_any_user_role reports false (0)
> 5) the lookup of all the roles reports the right primary key and description.
>
> Any idea about what I'm missing?
>
> Thanks,
> Luca
>
> On Mon, Feb 9, 2015 at 9:43 PM, Luca Ferrari <fluca1978@infinito.it> wrote:
>> Ciao,
>>
>> On Mon, Feb 9, 2015 at 6:12 PM, Jeff Black <jeffrey.black@yahoo.com> wrote:
>>>
>>> Perhaps it's a stupid question, but have you checked that the user exists?
>>>
>>> if ( $c->user_exists() && ...
>>>
>>
>>
>> Apparently it exists because I print the username and its role list to
>> check...and of course the role is there.
>>
>> Luca
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/



--
//wbr, Dmitry L.

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

On Tue, Feb 10, 2015 at 9:26 AM, Dmitry L. <dim0xff@gmail.com> wrote:
> What do you get in debug console output?
> By code (Catalyst::Plugin::Authorization::Roles) you have to see
> something like this:
> Role denied: @roles
>

This is what appears in the debug console:

[debug] Path is "tickets/list"
[debug] Found sessionid "382d4de8c7ec3a66712bf2f6b3c09bea1b180235" in cookie
[debug] Restored session "382d4de8c7ec3a66712bf2f6b3c09bea1b180235"
[debug] "GET" request for "tickets/list" from "192.168.200.1"
[debug] running ACL rule CODE(0x2b93a488) defined at
/mnt/ada1a/sviluppo/Perl/Smickets/script/../lib/Smickets.pm line 85 on
tickets/list
[debug] Form (tickets/list): Looking for config file tickets/list.fb
[debug] Form (tickets/list): Found form config
/mnt/ada1a/sviluppo/Perl/Smickets/root/forms/tickets/list.fb
[debug] Rendering template "tickets/list.tt2"



please note that in my application config I've an ACL entry as follows:

_PACKAGE__->allow_access_if_any( '/tickets', [ qw/Admin Manutentore/ ] );

I don't know if this is interfering with the test I'm performing, but
the result is that even if the user has the "manutentore" role it is
not evaluated as such.

Any idea?

Thanks,
Luca

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/