[Catalyst] ACL Error: deny_access_unless
Dear List Has anyone have any issues with: Catalyst::Plugin::Authorization::ACL 0.11 | Catalyst::Plugin::Authorization::Roles 0.07 i am adding some access control to my catalyst application. When I start up my application I see the following: Class Catalyst::Dispatcher is calling the deprecated method Catalyst::Dispatcher::tree, this will be removed in Catalyst 5.9X at /usr/local/share/perl/5.8.8/Catalyst/Dispatcher.pm line 713. The access control section: __PACKAGE__->deny_access_unless( "/admin/user", [ 'Admin' ] ); fails every time, regardless if the user has the right or not. The same code works on catalyst 5.7012. There also does not seam to be any documentation for using Catalyst 5.80002. Can any one help in resolving this issue I am facing. Regards Gordon ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ACL Error: deny_access_unless
Dear List Does anyone know where in the catalyst code it contacts the database to check if a user has the rights in question? I have looked into the catalyst code (Catalyst/Plugin/Authorization/ACL/Engine.pm )and found out that the function in question is returning "Denied" without contacting the database. I know it is not contacting the database because I have turn on the Mysql logs and see no sql query. I am running the most up to date version of the catalyst code (5.8004). Has any one got roles and ACL working in Catalyst 5.8004 Regards Gordon Stewart -Original Message- From: gor...@gorste.plus.com [mailto:gor...@gorste.plus.com] Sent: 23 May 2009 17:22 To: catalyst@lists.scsys.co.uk Subject: [Catalyst] ACL Error: deny_access_unless Dear List Has anyone have any issues with: Catalyst::Plugin::Authorization::ACL 0.11 | Catalyst::Plugin::Authorization::Roles 0.07 i am adding some access control to my catalyst application. When I start up my application I see the following: Class Catalyst::Dispatcher is calling the deprecated method Catalyst::Dispatcher::tree, this will be removed in Catalyst 5.9X at /usr/local/share/perl/5.8.8/Catalyst/Dispatcher.pm line 713. The access control section: __PACKAGE__->deny_access_unless( "/admin/user", [ 'Admin' ] ); fails every time, regardless if the user has the right or not. The same code works on catalyst 5.7012. There also does not seam to be any documentation for using Catalyst 5.80002. Can any one help in resolving this issue I am facing. Regards Gordon ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ACL Error: deny_access_unless
Gordon Stewart wrote: Does anyone know where in the catalyst code it contacts the database to check if a user has the rights in question? It should be calling $c->user->roles, and this gets the list of roles for the user in question. How this lookup is performed will vary depending on which authentication store you're using, how it's configured etc. I have looked into the catalyst code (Catalyst/Plugin/Authorization/ACL/Engine.pm )and found out that the function in question is returning "Denied" without contacting the database. I know it is not contacting the database because I have turn on the Mysql logs and see no sql query. I am running the most up to date version of the catalyst code (5.8004). Has any one got roles and ACL working in Catalyst 5.8004 There have been a few people having problems with this. I know that I fixed ACL to work with Catalyst 5.80 specifically, in that I had to do some work to make it pass all of it's tests. However, obviously, as people are having issues - the tests may not be comprehensive enough.. So I guess we need to produce a minimal TestApp demonstrating the issue, and then we can either fix ACL, or fix core Catalyst as appropriate to sort the issue out. This minimal test app would use the minimal authentication store (so no DB needed), and just demonstrate the issue (i.e. t/01app.t fails). If you can produce such a TestApp, then I'll be more than happy to take a look, or beat someone else into doing so ;) Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ACL Error: deny_access_unless
Tomas I have am not using an authentication store, I am just using: Authentication Authorization::Roles Authorization::ACL Session Session::Store::FastMmap Session::State::Cookie If I include the store: Authentication::Store::DBIC Then I just get the following: You must provide a user_class at /usr/local/share/perl/5.8.8/Catalyst.pm line 1140 But I am passing the user_class though my yml file: authorization: dbic: user_class: DnsEmail::Rights #role_class: DnsEmail::Rights role_field: description role_rel: accesses user_role_user_field: user_id Regards Gordon -Original Message- From: Tomas Doran [mailto:bobtf...@bobtfish.net] Sent: 26 May 2009 12:25 To: The elegant MVC web framework Subject: Re: [Catalyst] ACL Error: deny_access_unless Gordon Stewart wrote: > Does anyone know where in the catalyst code it contacts the database to > check if a user has the rights in question? It should be calling $c->user->roles, and this gets the list of roles for the user in question. How this lookup is performed will vary depending on which authentication store you're using, how it's configured etc. I have looked into the catalyst > code (Catalyst/Plugin/Authorization/ACL/Engine.pm )and found out that the > function in question is returning "Denied" without contacting the database. > I know it is not contacting the database because I have turn on the Mysql > logs and see no sql query. > > I am running the most up to date version of the catalyst code (5.8004). > > Has any one got roles and ACL working in Catalyst 5.8004 There have been a few people having problems with this. I know that I fixed ACL to work with Catalyst 5.80 specifically, in that I had to do some work to make it pass all of it's tests. However, obviously, as people are having issues - the tests may not be comprehensive enough.. So I guess we need to produce a minimal TestApp demonstrating the issue, and then we can either fix ACL, or fix core Catalyst as appropriate to sort the issue out. This minimal test app would use the minimal authentication store (so no DB needed), and just demonstrate the issue (i.e. t/01app.t fails). If you can produce such a TestApp, then I'll be more than happy to take a look, or beat someone else into doing so ;) Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ACL Error: deny_access_unless
On 26 May 2009, at 21:07, Gordon Stewart wrote: Tomas I have am not using an authentication store, I am just using: Authentication Authorization::Roles Authorization::ACL Session Session::Store::FastMmap Session::State::Cookie No, you are using an authentication store. Catalyst::Plugin::Authentication loads and instantiates one store and one credential instance perl realm in your authentication configuration. Note that this is wy more flexible than the session configuration (where you can only have 1 session store and 1 session state per app) - session will move in this direction also at some point to be more flexible. Anyway, back to the point - rather than using the DBIC authentication store (or DBIC at all), your test application would be using Catalyst::Authentication::Store::Minimal (see the POD for a config example). Hope that makes it clearer what I'm rambling about? Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ACL Error: deny_access_unless
Tomas I have created a test application to use Catalyst::Authentication::Store::Minimal But I am still having the same issue. I am using perl 5.8.8 and ubuntu 8.04 if that has a bearing on why roles are broken. How easy is it to downgrade catalyst 5.7012, which I know will work? Gordon ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ACL Error: deny_access_unless
Gordon if you really want to downgrade, it's a matter of doing locate Catalyst.pm (if you're on a *nix system) and rm -rf-ing from there. From there you'd obviously have to reinstall 5.7012, be it from source or specifying a version on CPAN. However, I think it'd be much more beneficial to get your issue worked out on your current build (5.8 i'm assuming). hth, Devin On Wed, May 27, 2009 at 1:18 PM, Gordon Stewart wrote: > > Tomas > > I have created a test application to use > >Catalyst::Authentication::Store::Minimal > > But I am still having the same issue. > > I am using perl 5.8.8 and ubuntu 8.04 if that has a bearing on why roles > are > broken. > > How easy is it to downgrade catalyst 5.7012, which I know will work? > > Gordon > > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > -- Devin Austin http://www.codedright.net http://www.dreamhost.com/r.cgi?326568/hosting.html - Host with DreamHost! ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ACL Error: deny_access_unless
Gordon Stewart wrote: I have created a test application to use Catalyst::Authentication::Store::Minimal But I am still having the same issue. Well, yes, I'd expect you would :) The point of making a minimal test app was so you could show us, and we could download / play with something without having to setup a database etc to run your 'real' app, or wade through lots of code. So, please show us? Either throw it on github, or stick a tarball online.. How easy is it to downgrade catalyst 5.7012, which I know will work? Just install it :) Either download the tarball and perl Makefile.PL && make test && make install as usual, or you can ask the CPAN shell for AUTHORNAME/Package-X.YY.tgz and it'll install it. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ACL Error: deny_access_unless
Tom I have created a test app tar ball and put it online. The link is: http://www.gordonstewart.co.uk/MyApp.tar I have taken the test app that is online and changed it to use mason and the most up to date version of catalyst. Is it using the test database, I also allowed it to use Catalyst::Authentication::Store::Minimal. It can be configured in the yml file. I am using the following plugin modules, which I believe to be the most up to date: Catalyst::Plugin::Authentication 0.10011 Catalyst::Plugin::Authorization::ACL 0.11 Catalyst::Plugin::Authorization::Roles 0.07 Catalyst::Plugin::ConfigLoader 0.23 Catalyst::Plugin::Session 0.22 Catalyst::Plugin::Session::State::Cookie 0.11 Catalyst::Plugin::Session::Store::FastMmap 0.10 Catalyst::Plugin::StackTrace 0.10 Catalyst::Plugin::Static::Simple 0.21 Thank you for your help Regards Gordon -Original Message- From: Tomas Doran [mailto:bobtf...@bobtfish.net] Sent: 28 May 2009 13:26 To: The elegant MVC web framework Subject: Re: [Catalyst] ACL Error: deny_access_unless Gordon Stewart wrote: > I have created a test application to use > > Catalyst::Authentication::Store::Minimal > > But I am still having the same issue. Well, yes, I'd expect you would :) The point of making a minimal test app was so you could show us, and we could download / play with something without having to setup a database etc to run your 'real' app, or wade through lots of code. So, please show us? Either throw it on github, or stick a tarball online.. > How easy is it to downgrade catalyst 5.7012, which I know will work? Just install it :) Either download the tarball and perl Makefile.PL && make test && make install as usual, or you can ask the CPAN shell for AUTHORNAME/Package-X.YY.tgz and it'll install it. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ACL Error: deny_access_unless
On 30 May 2009, at 16:32, Gordon Stewart wrote: I am using the following plugin modules, which I believe to be the most up to date: Your Makefile.PL doesn't say this. I tried to fix this, but something in the dependency stack of DBIx::Class::HTMLWidget fails to install for me. Can you trim this down a bit more - for example I don't see why you need a view at all (the action you want to get to could just set $c- >req->body('OK')), or a database - given you're already using the minimal auth store so users aren't being authenticated from the database.. I appreciate that there appear to be some fairly good tests in t/ live_app01.t, but I think you can cut these (and the app) down a lot to just demonstrating the issue you're having.. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ACL Error: deny_access_unless
Tom > I tried to fix this, but something in the dependency stack of > DBIx::Class::HTMLWidget fails to install for me. I have removed this > I appreciate that there appear to be some fairly good tests in t/ > live_app01.t, but I think you can cut these (and the app) down a lot > to just demonstrating the issue you're having.. I have removed the tests that do not show off the problem I am facing, the tests shows it is falling around request 14/15 as user test01 has admin rights. The new tar ball is at http://www.gordonstewart.co.uk/MyApp_v2.tar Regards Gordon ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ACL Error: deny_access_unless
On 30 May 2009, at 23:17, Gordon Stewart wrote: Tom I tried to fix this, but something in the dependency stack of DBIx::Class::HTMLWidget fails to install for me. I have removed this Ok, that wasn't much better: , Makefile.PL in your tarball is still fucked (i.e. missing most of your dependencies). . The config you've shipped with the app is pointed at your local mysql, not at sqlite. . Your password credential config is asking for cleartext passwords, but the passwords in the sqlite DB (which is what the app was configured for) was encrypted. . There are failing tests which aren't ever going to pass, like t/ controller_Admin.t which checks for /admin without logging in.. . The tests in t/live_app01.t fail incorrectly, and don't actually test the issue you described. I have fixed all of this and got your app working, but I can't reproduce the bug you originally described. http://omni.state51.co.uk/~t0m/MyApp.tgz - there is your tarball back, with git history of everything I did for your perusal. However, I think I may have guessed what your issue is.. Going back to your original email: The access control section: __PACKAGE__->deny_access_unless( "/admin/user", [ 'Admin' ] ); And in your template, you had: > User has admin : <% $c->check_user_roles('Admin') %> However, your sqlite DB looked like this: sqlite3 myapp.db SQLite version 3.6.11 Enter ".help" for instructions Enter SQL statements terminated with a ";" sqlite> select * from roles; 1|user 2|admin sqlite> The cases don't match, and I had to correct these before things would work. Do you have a real issue which you can replicate by flicking backwards and forwards between Catalyst 5.80 and 5.70, or did you just break things around the same time as upgrading? I am happy to help out if their is a genuine bug here, but given I'm having to wade in and make loads of changes to any code you give me to make it work at all, I'm not confident you're not just getting yourself confused, or that I haven't stomped on your bug on the way past. If there is still an issue, please try for a *working*, *self contained* app, with *correct dependencies* and tests which *fail on 5.80 and pass on 5.7X*. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ACL Error: deny_access_unless
> http://omni.state51.co.uk/~t0m/MyApp.tgz - there is your tarball > back, with git history of everything I did for your perusal. I cannot seem to download the tarball from your site. Did you give me an internal website? Regards Gordon ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ACL Error: deny_access_unless
On 3 Jun 2009, at 20:18, Gordon Stewart wrote: http://omni.state51.co.uk/~t0m/MyApp.tgz - there is your tarball back, with git history of everything I did for your perusal. I cannot seem to download the tarball from your site. Did you give me an internal website? No, that's my workstation. And I managed to break the apache on it last night. Sorry about that, fixed now! Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/