An Attribute-Based Authorization Script
Now we can proceed, in a portable manner, to build an access-control application that correlates docbase attributes with user attributes. Example 12.3 focuses on the part of the solution that compares a docbase attribute to a database of subscriptions.
Example 12-3. Authorizing Users by a Docbase Attribute
use strict;
use DBI;
my $dbh = DBI->connect('DBI:Solid:Subscriptions','dba','dba') # connect to subs db
or die ("connect, $DBI::errstr");
my $http_authorization_header = $ENV{HTTP_AUTHORIZATION}; # extract auth header
sub isBasicAuthUserForCompany
{
my ($http_authorization, $dbh) = @_;
$http_authorization_header = m/Basic (.+)/i; # isolate credentials
my $http_authorization = $1;
my ($user, $password) = split (':', $1); # get name/pw
my ($st) = # make query
"select count(*) from cmp_users where cmp = '$company' and user = '$user'";
return (
isAuthenticated($user,$password) and # authenticate (not shown)
dbSqlReturnValue ($dbh, $st) # authorize
);
}
sub dbSqlReturnValue
{
my ($dbh,$st) = @_;
my $sth = $dbh->prepare($st); # prepare sql
my $value;
$sth->execute; # execute sql
$sth->bind_col(1, \$value); # bind result to value
$sth->finish; # finish sql
return $value;
}In this fragment, $http_authorization gets the
value of the CGI environment variable
$ENV{HTTP_AUTHORIZATION}. This is the
Authorization: header sent from a browser in
response to a prior challenge issued by this (or another) script.
We’ll assume that $company was extracted ...
Get Practical Internet Groupware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
