Chapter 3.1: Accessors and ACL

In component’s Filter,pm, there are two attributes to be set up using setup_accessors: actions and fks. The former defines features for specific actions, and the later defines Row Level Security (RLS). Here it is

package Myproject::Mycomponent::Filter;

use strict;
use Myproject::Filter;
use vars qw(@ISA);
@ISA=('Myproject::Filter');

__PACKAGE__->setup_accessors(
  actions => {
    'insert' => ACTION_hash,
    'topics' => ACTION_hash,
    ...
  },

  fks => {
    'role1' => RLS_hash,
    'role2' => RLS_hash,
    ...
  }
);
...
 
1;

 

where ACTION_hash is:

{groups => [], aliases => [], upload => {}, validate => [], no_db => 0, no_method => 0}

The keys are:

  • groups: an array reference, to control which roles are allowed to access the action, i.e. Access Control List (ACL)
  • aliases: an array reference, for alias names the action may have.
  • upload: a hash reference, for file uploading explained in Section 3.2.
  • validate: an array reference, for incoming variables that can’t be empty.
  • no_db: 0 or 1, default 0. Genelet opens a database handler for each request by default, which comes with costs in speed and resource. If your action does not need database, just set it no_db=>1.
  • no_method: 0 or 1, default 0. If your action does not have corresponding method in model, set it no_method=>1.

Here are some notes:

groups (ACL)

Roles that are allowed to run the action on Model.pm must be defined in ACL. Those who are not permitted will trigger 404 error.

The roles having admin’s privilege can always run any action, not restricted by the ACL rules.

validate (Form Validation)

You may create your own form validation in preset, but this simply form will help you to avoid a common fatal error in database: “Field not found”.