# Mojolicious::Plugin::SimpleAuthorization [![Build Status](https://travis-ci.org/kwakwaversal/mojolicious-plugin-simpleauthorization.svg?branch=master)](https://travis-ci.org/kwakwaversal/mojolicious-plugin-restify) Simple role-based authorization for the [Mojolicious](http://mojolicio.us) web framework ```perl # Mojolicious example package SimpleApp; use Mojo::Base 'Mojolicious'; sub startup { my $self = shift; $self->plugin( 'SimpleAuthorization' => { 'on_assert_failure' => sub { # assert failure hook my ($self, $tests) = @_; $self->render(text => 'Permission denied.'); }, } ); # Add route not requiring authentication/authorization my $r = $self->routes; $r->get('/')->to(cb => sub { shift->render(text => "I am public. Hi.") }); # Add authentication under (which populates stash with the user/roles) # # In your under, set the user and user's roles C every request. # The user can contain any arbitrary data. Roles should contain key/value # pairs, where allocated roles evaluate to true. my $auth = $r->under->to( cb => sub { my $self = shift; #if ($user_is_authenticated) { $self->stash(roles => {'user.delete' => 0, 'user.search' => 1}); $self->stash(user => {username => 'paul', administrator => 0}); #} } ); # Search user controller - success! $auth->get('/user/search')->to( cb => sub { my $self = shift; return unless $self->assert_user_roles([qw/user.search/]); $self->render(text => "Success! Let's do some searching!"); } ); # Delete user controller - oh noes! (Will execute C.) $auth->get('/user/delete')->to( cb => sub { my $self = shift; return unless $self->assert_user_roles([qw/user.delete/]); $self->render(text => "Damn! Not authorized so won't see this!"); } ); } 1; ``` [Mojolicious::Plugin::SimpleAuthorization](https://metacpan.org/release/Mojolicious-Plugin-SimpleAuthorization) is a simple role-based authorization plugin for [Mojolicious](http://mojolicio.us). It attempts to keep a sane control flow by not croaking or dying if the user does not have the relevant roles/permissions. As such, `check_user_roles` or `assert_user_roles` should be called at the beginning of your controllers. [Mojolicious::Plugin::SimpleAuthorization](https://metacpan.org/release/Mojolicious-Plugin-SimpleAuthorization) does offer the hook `on_assert_failure` if you want to render a permission denied response or similar for every request that isn't authorized. (Or if you would prefer to croak/die.)