#!/Perl/bin/perl

package MyAuthorizationTest;

use strict;
use warnings;
use base qw(CGI::Application);

use Data::Dumper qw/Dumper/;
use CGI::Application::Plugin::DBH qw/dbh_config dbh/;
use CGI::Application::Plugin::Authentication;
use CGI::Application::Plugin::Authorization;


=head1 MyAuthorizationTest

Overview Test for CGI::Application::Plugin::Authorization.

=cut


# Configure Authentication
MyAuthorizationTest->authen->config(
	DRIVER => [ 'DBI',
		TABLE       => 'user',
		CONSTRAINTS => {
			'user.name'			=> '__CREDENTIAL_1__',
			'MD5:user.password'	=> '__CREDENTIAL_2__'
		},
	],
	STORE			=> ['Cookie',
		SECRET => 'some_secret',
		NAME => 'CAPAUTH_DATA',
		EXPIRY => '+1y'
	],
);

MyAuthorizationTest->authen->protected_runmodes(qr/^admin_/);

# Configure Authorization (manages runmode authorization)
MyAuthorizationTest->authz->config(
	DRIVER => [ 'DBI',
		TABLES      => ['user', 'usergroup', 'group'],
		JOIN_ON     => 'user.id = usergroup.user_id AND usergroup.group_id = group.id',
		CONSTRAINTS => {
		   'user.username'  => '__USERNAME__',
		   'group.name' 	=> '__GROUP__',
		}
	],
);

MyAuthorizationTest->authz->authz_runmodes(
	[group_restriction => 'user'],
);




=head1 METHODS

=head2 setup()

=cut

sub setup {
	my $self	= shift;
	
	$self->mode_param('rm');
	$self->start_mode('start');
	$self->run_modes({
		start					=> 'select_mode_form',
		select_mode_form		=> 'select_mode_form',
		no_restriction			=> 'no_restriction',
		group_restriction		=> 'group_restriction',
		privilege_restriction	=> 'privilege_restriction',
	});
	
} # /setup




=head2 cgiapp_init()

TODO: retrieve database credentials from config file.

=cut

sub cgiapp_init {
	my $self	= shift;
	$self->dbh_config('DBI:mysql:test:localhost', 'test', 'test', {});
} # /cgiapp_init




=head2 select_mode_form()

Show a form where the user may choose a runmode he wants to execute.

=cut

sub select_mode_form {
	my $self = shift;
	
	my $t_ref = qq~
	<h1>Available runmodes</h1>
	
	<p>Select a runmode and check whenever you can access it or not.</p>
	
	<ul>
		<li><a href="<TMPL_VAR ABS_URL>?rm=no_restriction">no_restriction (should always work)</a></li>
		<li><a href="<TMPL_VAR ABS_URL>?rm=group_restriction">group_restriction (needs user in a specific group)</a></li>
		<li><a href="<TMPL_VAR ABS_URL>?rm=privilege_restriction">privilege_restriction 
(needs user in a specific group and the privilege 
to access this runmode assigned to the group)</a></li>
	</ul>
	~;
	
	my $t = $self->load_tmpl( \$t_ref );
	$t->param(ABS_URL => $self->query()->url(-absolute => 1,));
	return $t->output();
	return 'start';
} # /select_mode_form




=head2 no_restriction()

User always gets here.

=cut

sub no_restriction {
	my $self = shift;

	return 'no_restriction';
} # /no_restriction




=head2 group_restriction()

The user will only get here if they are logged in and belong to the 'user' group.

Fails:
 Premature end of script headers: authorization.cgi
	referer: http://127.0.0.1/cgi-bin/test/authorization.cgi
 Error executing class callback in prerun stage:
 Can't locate object method "authen" via package "CGI::Application::Plugin::Authorization::Driver::DBI"
 at C:/Perl/site/lib/CGI/Application/Plugin/Authorization/Driver/DBI.pm line 229.

=cut

sub group_restriction {
	my $self = shift;

	return 'group_restriction';
} # /group_restriction




=head2 privilege_restriction()

TODO: this method

Privilegue for __PACKAGE__ and __RUNMODE__ are assigned to user, if he is able
to execute this runmode.

=cut

sub privilege_restriction {
	my $self = shift;
	
	# Can this user access this runmode in this package?
	my $runmode = $self->get_current_runmode();
	return $self->authz->forbidden() unless $self->authz('dbaccess')->authorize(MyAuthorizationTest => $runmode);
	
	return 'privilege_restriction';
} # /privilege_restriction

1; # /MyCGIApp



use strict;
use warnings;

my $app = MyAuthorizationTest->new();
$app->run();

exit(0);