Implement disable_roles in plugin closes GH #38.

Author: SysPete

MANIFEST

@@ -1,7 +1,9 @@
 README
 t/00-load.t
 t/01-role-provider.t
+t/disable_roles.t
 t/plugin-provider-config.t
+t/lib/environments/disable-roles.yml
 t/lib/environments/provider-config.yml
 t/lib/Provider/ConfigExtended.pm
 t/lib/views/.placeholder

lib/Dancer2/Plugin/Auth/Extensible.pm

@@ -487,11 +487,17 @@ sub password_reset_send {
 }
 
 sub require_all_roles {
-    return _build_wrapper( @_, 'all' );
+    my $plugin = shift;
+    croak "Cannot use require_all_roles since roles are disabled by disable_roles setting"
+      if $plugin->disable_roles;
+    return $plugin->_build_wrapper( @_, 'all' );
 }
 
 sub require_any_role {
-    return _build_wrapper( @_, 'any' );
+    my $plugin = shift;
+    croak "Cannot use require_any_role since roles are disabled by disable_roles setting"
+      if $plugin->disable_roles;
+    return $plugin->_build_wrapper( @_, 'any' );
 }
 
 sub require_login {
@@ -521,7 +527,10 @@ sub require_login {
 }
 
 sub require_role {
-    return _build_wrapper( @_, 'single' );
+    my $plugin = shift;
+    croak "Cannot use require_role since roles are disabled by disable_roles setting"
+      if $plugin->disable_roles;
+    return $plugin->_build_wrapper( @_, 'single' );
 }
 
 sub update_current_user {
@@ -555,6 +564,8 @@ sub update_user {
 
 sub user_has_role {
     my $plugin = shift;
+    croak "Cannot call user_has_role since roles are disabled by disable_roles setting"
+      if $plugin->disable_roles;
 
     my ( $username, $want_role );
     if ( @_ == 2 ) {
@@ -661,6 +672,8 @@ sub user_password {
 
 sub user_roles {
     my ( $plugin, $username, $realm ) = @_;
+    croak "Cannot call user_roles since roles are disabled by disable_roles setting"
+      if $plugin->disable_roles;
 
     $username = $plugin->app->session->read('logged_in_user')
       unless defined $username;
@@ -1721,6 +1734,9 @@ In your application's configuation file:
     plugins:
         Auth::Extensible:
             # Set to 1 if you want to disable the use of roles (0 is default)
+            # If roles are disabled then any use of role-based route decorators
+            # will cause app to croak on load. Use of 'user_roles' and
+            # 'user_has_role' will croak at runtime.
             disable_roles: 0
             # After /login: If no return_url is given: land here ('/' is default)
             user_home_page: '/user'

t/disable_roles.t

@@ -0,0 +1,99 @@
+use Test::More;
+use Test::Fatal;
+use Plack::Test;
+use HTTP::Request::Common;
+
+BEGIN {
+    $ENV{DANCER_CONFDIR} = 't/lib';
+    $ENV{DANCER_ENVIRONMENT} = 'disable-roles';
+}
+
+like exception {
+    package RequireAllRoles;
+    use Dancer2;
+    use Dancer2::Plugin::Auth::Extensible;
+
+    get '/require_all_roles' => require_all_roles [qw(Foo Bar)] => sub {
+        return 1;
+    };
+},
+  qr/roles are disabled by disable_roles setting/,
+  "App using require_all_roles dies during route setup";
+
+
+like exception {
+    package RequireAnyRole;
+    use Dancer2;
+    use Dancer2::Plugin::Auth::Extensible;
+
+    get '/require_any_role' => require_any_role [qw(Foo Bar)] => sub {
+        return 1;
+    };
+},
+  qr/roles are disabled by disable_roles setting/,
+  "App using require_any_role dies during route setup";
+
+like exception {
+    package RequireRole;
+    use Dancer2;
+    use Dancer2::Plugin::Auth::Extensible;
+
+    get '/require_role' => require_role Foo => sub {
+        return 1;
+    };
+},
+  qr/roles are disabled by disable_roles setting/,
+  "App using require_role dies during route setup";
+
+{
+    package TestApp;
+    use Dancer2;
+    use Dancer2::Plugin::Auth::Extensible;
+
+    set logger => 'capture';
+    set log => 'error';
+
+    get '/user_has_role' => sub {
+        user_has_role('Foo');
+        return 1;
+    };
+
+    get '/user_roles' => sub {
+        user_roles;
+        return 1;
+    };
+}
+
+my $app = TestApp->to_app;
+is( ref $app, 'CODE', 'Got app' );
+
+my $test = Plack::Test->create($app);
+my $trap = TestApp->dancer_app->logger_engine->trapper;
+
+my ($log, $res);
+
+$res = $test->request(GET "/user_has_role");
+
+ok !$res->is_success, "GET /user_has_role request does not return success";
+
+is $res->code, 500, "... and the error code is 500";
+
+$log = $trap->read->[0];
+like $log->{message},qr/Cannot call user_has_role since roles are disabled/,
+ "... and we have a log message saying that roles are disabled";
+
+is $log->{level}, 'error', "... and the log level is error.";
+
+$res = $test->request(GET "/user_roles");
+
+ok !$res->is_success, "GET /user_roles request does not return success";
+
+is $res->code, 500, "... and the error code is 500";
+
+$log = $trap->read->[0];
+like $log->{message},qr/Cannot call user_roles since roles are disabled/,
+ "... and we have a log message saying that roles are disabled";
+
+is $log->{level}, 'error', "... and the log level is error.";
+
+done_testing;

t/lib/environments/disable-roles.yml

@@ -0,0 +1,38 @@
+plugins:
+    Auth::Extensible:
+        disable_roles: 1
+        realms:
+            config1:
+                provider: Config
+                users:
+                    - user: dave
+                      pass: beer
+                      name: "David Precious"
+                      roles:
+                          - BeerDrinker
+                          - Motorcyclist
+                    - user: bob
+                      pass: cider
+                      name: "Bob Smith"
+                      roles:
+                          - CiderDrinker
+                    - user: mark
+                      pass: wantscider
+                      name: "Update here"
+            config2:
+                provider: Config
+                priority: 10
+                users:
+                    - user: burt
+                      pass: bacharach
+                    - user: hashedpassword
+                      pass: "{SSHA}+2u1HpOU7ak6iBR6JlpICpAUvSpA/zBM"
+                    - user: mark
+                      pass: wantscider
+                      name: "Update here"
+            config3:
+                provider: Config
+                priority: 2
+                users:
+                    - user: bananarepublic
+                      pass: whatever