| DBIx::Class::Schema::RestrictWithObject - Automatically restrict resultsets |
DBIx::Class::Schema::RestrictWithObject - Automatically restrict resultsets
In your the DBIx::Class::Schema manpage class:
__PACKAGE__->load_components(qw/Schema::RestrictWithObject/);
In the the DBIx::Class manpage table class for your users:
#let's pretend a user has_many notes, which are in ResultSet 'Notes'
sub restrict_Notes_resultset {
my $self = shift; #the User object
my $unrestricted_rs = shift;
#restrict the notes viewable to only those that belong to this user
#this will, in effect make the following 2 equivalent
# $user->notes $schema->resultset('Notes')
return $self->related_resultset('notes');
}
#it could also be written like this
sub restrict_Notes_resultset {
my $self = shift; #the User object
my $unrestricted_rs = shift;
return $unrestricted_rs->search_rs( { user_id => $self->id } );
}
Wherever you connect to your database
my $schema = MyApp::Schema->connect(...);
my $user = $schema->resultset('User')->find( { id => $user_id } );
$resticted_schema = $schema->restrict_with_object( $user, $optional_prefix);
In this example we used the User object as the restricting object, but please note that the restricting object need not be a DBIC class, it can be any kind of object that provides the adequate methods.
This the DBIx::Class::Schema manpage component can be used to restrict all resultsets through an appropriately-named method in a user-supplied object. This allows you to automatically prevent data from being accessed, or automatically predefine options and search clauses on a schema-wide basis. When used to limit data sets, it allows simplified security by limiting any access to the data at the schema layer. Please note however that this is not a silver bullet and without careful programming it is still possible to expose unwanted data, so this should not be regarded as a replacement for application level security.
Will restrict resultsets according to the methods available in $restricting_obj and
return a restricted copy of itself. ResultSets will be restricted if methods
in the form of restrict_${ResultSource_Name}_resultset are found in
$restricting_obj. If the optional prefix is included it will attempt to use
restrict_${prefix}_${ResultSource_Name}_resultset, if that does not exist, it
will try again without the prefix, and if that's not available the resultset
will not be restricted.
Restrict the Schema class and ResultSources associated with this Schema
Return the class name for the restricted schema class;
Return the class name for the restricted ResultSource class;
Return an appropriate class name for a restricted class of type $type.
the DBIx::Class manpage, the DBIx::Class::Schema::RestrictWithObject::RestrictComp::Schema manpage, the DBIx::Class::Schema::RestrictWithObject::RestrictComp::Source manpage,
Matt S Trout (mst) <mst@shadowcatsystems.co.uk>
With contributions from Guillermo Roditi (groditi) <groditi@cpan.org>
You may distribute this code under the same terms as Perl itself.
| DBIx::Class::Schema::RestrictWithObject - Automatically restrict resultsets |