NAME

Krang::CGI - Krang base class for CGI modules


SYNOPSIS

  package Krang::CGI::SomeSuch;
  use Krang::ClassLoader base => 'CGI';
  sub setup {
    my $self = shift;
    $self->start_mode('status');
    $self->run_modes(status => \&status);
  }
  sub status {
    my $self = shift;
    my $query = $self->query;
    # ...
  }


DESCRIPTION

Krang::CGI is a subclass of CGI::Application. All the usual CGI::Application features are available.


INTERFACE

See CGI::Application.

Some additional methods are provided:


AUTHORIZATION

User authentication is handled by Krang::Handler. But for authoriztion, Krang::Handler assumes that any valid user is also authorized to perform every action and leaves module and run-mode authorization up to the individual modules. A simple mechanism is provided by this base class to add this protection.

Protecting a Module

To restrict an entire module to only users with given permissions, simply use the PACKAGE_PERMISSIONS param() in either the init stage, or through new() . For instance, user.pl contains:

    my $app = pkg('CGI::User')->new(
        PARAMS => {
            PACKAGE_PERMISSIONS => [qw(admin_users admin_users_limited)],
        }
    )->run();

This means that only users with either the admin_users or admin_users_limited permissions will be access to the entire script.

You can also protect on asset permissions:

    my $app = pkg('CGI::Story')->new(
        PARAMS => {
            PACKAGE_ASSETS => { story => [qw(read-only edit)] },
        }
    )->run();

Protecting a Run Mode

Protecting a run mode is similar to protecting an entire module. Simple use the RUNMODE_PERMISSIONS param. The main difference is that PACKAGE_PERMISSIONS takes an arrayref, and RUNMODE_PERMISSIONS takes a hashref. The keys of this hash are the names of the run modes. The values are arrayrefs containing the permissions needed.

So to add run mode level protection to publisher to protect the publish_* run modes, we need something like this:

    my $app = pkg('CGI::Publisher')->new(
        PARAMS => {
            RUNMODE_PERMISSIONS => {
                publish_story       => [qw(may_publish)],
                publish_story_list  => [qw(may_publish)],
                publish_assets      => [qw(may_publish)],
                publish_media       => [qw(may_publish)],
            },
        },
    )->run();

and you can also protect based on asset permissions:

    my $app = pkg('CGI::Story')->new(
        PARAMS => {
            PACKAGE_ASSETS => { story => [qw(read-only edit)] },
            RUNMODE_ASSETS => {
                new_story                     => { story => ['edit'] },
                create                        => { story => ['edit'] },
                edit                          => { story => ['edit'] },
                checkout_and_edit             => { story => ['edit'] },
                check_in                      => { story => ['edit'] },
                revert                        => { story => ['edit'] },
                delete                        => { story => ['edit'] },
                delete_selected               => { story => ['edit'] },
                checkout_selected             => { story => ['edit'] },
                checkin_selected              => { story => ['edit'] },
                delete_categories             => { story => ['edit'] },
                add_category                  => { story => ['edit'] },
                set_primary_category          => { story => ['edit'] },
                copy                          => { story => ['edit'] },
                db_save                       => { story => ['edit'] },
                db_save_and_stay              => { story => ['edit'] },
                save_and_jump                 => { story => ['edit'] },
                save_and_add                  => { story => ['edit'] },
                save_and_publish              => { story => ['edit'] },
                save_and_view                 => { story => ['edit'] },
                save_and_view_log             => { story => ['edit'] },
                save_and_edit_contribs        => { story => ['edit'] },
                save_and_edit_schedule        => { story => ['edit'] },
                save_and_go_up                => { story => ['edit'] },
                save_and_bulk_edit            => { story => ['edit'] },
                save_and_leave_bulk_edit      => { story => ['edit'] },
                save_and_change_bulk_edit_sep => { story => ['edit'] },
                save_and_find_story_link      => { story => ['edit'] },
                save_and_find_media_link      => { story => ['edit'] },
              },
        }
    )->run();

Please see Krang Permissions System for more information on the different permissions available.


METHODS

Run Modes

This base class provides four runmodes:

access_forbidden

This runmode logs an unauthorized access attempt and passes $msg to $pkg-redirect_to_login($msg)>.

If not provided, the message defaults to You do not have permissions to access that portion of the site.

redirect_to_login

This runmode deletes the user's session and redirects to the login screen, where $msg will be shown.

redirect_to_workspace

This runmode redirects the user to his or her workspace. Optionally passing a message to be displayed when they get there.

cancel_edit

Returns object to the state it was in previous to Edit (though a new version may have been written to disk via Save & Stay)

Helper Methods

The following methods are also provided to help with common tasks:

script_name

The name of the script being run.

update_nav

Tell the Front-End UI that whatever action we just took could alter the Navigation of the current user, so it should update the Navigation after this request.

add_to_query

Add a parameter to the given URL (reference)

    $self->add_to_query(\$uri, "ajax=$ajax")

json_messages

Return any messages or alerts that were added via Krang::Message as JSON request body. Any extra parameters passed in will be part of the JSON data structure returned.

    return $self->json_messages();
    return $self->json_messages(success => 1);