WeBWorK::Authz

NAME

WeBWorK::Authz - check user permissions.

SYNOPSIS

 
# create new authorizer -- $c is a WeBWorK::Controller object.
my $authz = new WeBWorK::Authz($c);

# tell authorizer to cache permission level of user spammy.
$authz->setCachedUser("spammy");

# this call will use the cached data.
if ($authz->hasPermissions("spammy", "eat_breakfast")) {
       eat_breakfast();
}

# this call will not use the cached data, and will cause a database lookup.
if ($authz->hasPermissions("hammy", "go_to_bed")) {
       go_to_bed();
}

DESCRIPTION

WeBWorK::Authen determines if a user is authorized to perform a specific activity, based on the user's PermissionLevel record in the WeBWorK database and the contents of the %permissionLevels hash in the course environment.

Format of the %permissionLevels hash

%permissionLevels maps text strings describing activities to numeric permission levels. The definitive list of activities is contained in the default version of %permissionLevels, in the file conf/defaults.config.

A user is able to engage in an activity if their permission level is greater than or equal to the level associated with the activity. If the level associated with an activity is undefiend, then no user is permitted to perform the activity, regardless of their permission level.

CONSTRUCTOR
WeBWorK::Authz->new($c)

Creates a new authorizer instance. $c is a WeBWorK::Controller object. It must already have its ce and db fields set.

METHODS
setCachedUser($userID)

Caches the PermissionLevel of the user $userID in an existing authorizer. If a user's PermissionLevel is cached, it will be used whenever hasPermissions() is called on the same user. Only one user can be cached at a time. This is used by WeBWorK to cache the "real" user.

hasPermissions($userID, $activity)

Checks the %permissionLevels hash in the course environment to determine if the user $userID has permission to engage in the activity $activity. If the user's permission level is greater than or equal to the level associated with $activty, a true value is returned. Otherwise, a false value is returned.

If $userID has been cached using the setCachedUser() call, the cached data is used. Otherwise, the user's PermissionLevel is looked up in the WeBWorK database.

If the user does not have a PermissionLevel record, the permission level record is empty, or the activity does not appear in %permissionLevels, hasPermissions() assumes that the user does not have permission.

AUTHOR

Written by Dennis Lambe, malsyned at math.rochester.edu. Modified by Sam Hathaway, sh002i at math.rochester.edu.