NAME
    Mojolicious::Plugin::ContextAuth - Role-based access with context
VERSION
    version 0.01
SYNOPSIS
        # Mojolicious::Lite app
        app->plugin(
            'ContextAuth' => {
                dsn => 'sqlite:' . $db,
            },
        );
    
        # Mojolicious app in sub startup
        $self->plugin(
            'ContextAuth' => {
                dsn => 'sqlite:' . $db,
            },
        );
    
        # in your controller
        my $has_permission = $c->auth->has_permission(
            $session_id, 
            context    => 'project_a',
            permission => 'title.update',
        )
DESCRIPTION
    This addon implements a role based authorization with contexts. There
    are systems where the user can have different roles in different
    contexts: e.g. in a company that develops software, one user can have
    the projectmanager role in one project, but not in an other project.
    With this module it is easy to implement it. It creates the database
    and provides some methods to do the authentication and authorization.
DATABASE
           .---------------.         .---------------------------.              .---------------------.
           | corbac_users  |         | corbac_user_context_roles |              |   corbac_contexts   |
           |---------------|         |---------------------------|              |---------------------|
           | user_id       |<--------| user_id                   |------------->| context_id          |
           | username      |         | context_id                |              | context_name        |
           | user_password |         | role_id                   |              | context_description |
           '---------------'         '---------------------------'              '---------------------'
                   ^                               ^                                       ^
                   |                               |                                       |
                   |                               |                                       |
                   |                               |                                       |
                   |                               |                                       |
       .----------------------.          .------------------.                              |
       | corbac_user_sessions |          |   corbac_roles   |                              |
       |----------------------|          |------------------|                              |
       | user_id              |          | role_id          |                              |
       | session_id           |          | role_name        |------------------------------'
       | access_tree          |          | role_description |
       | session_started      |          | context_id       |
       '----------------------'          | is_valid         |
                                         '------------------'
                                                   ^
                                                   |
                                      .-------------------------.
                                      | corbac_role_permissions |
                                      |-------------------------|
                      .---------------| role_id                 |------------.
                      |               | permission_id           |            |
                      |               | resource_id             |            |
                      |               '-------------------------'            |
                      |                                                      |
                      v                                                      v
         .------------------------.                              .----------------------.
         |   corbac_permissions   |                              |   corbac_resources   |
         |------------------------|                              |----------------------|
         | permission_id          |                              | resource_id          |
         | permission_name        |----------------------------->| resource_name        |
         | permission_label       |                              | resource_label       |
         | permission_description |                              | resource_description |
         | resource_id            |                              '----------------------'
         '------------------------'
    Currently only SQLite is supported.
ENTITIES
    We use some entities that are described in the subsequent paragraphs.
    But one example might describe it as well:
      Mr Johnson can update the project description in project A as he is the project manager
       ^            ^               ^                     ^                     ^
       |            |               |                     |                     |
      user        permission     resource              context                 role
 User
    The user of the system
 Context
    The context the user does an action. In a project management software
    this could be "system", "project a", "project b". You can define any
    context you want.
 Role
    The role an user has in the given context. A user can be the project
    manager in one project, but a developer in an other project.
 Resource
    This is any resource you have in your system. This could be "title" and
    "members" for a project.
 Permission
    Any permission is bind to a resource. You can define whatever
    permissions you want. For the project name this could be "update", for
    the project members it coule be "add", "delete", "set_role".
METHODS
 register
    Configuration:
      * dsn
      Required.
      This is a dsn used for Mojo::SQLite, Mojo::mysql or Mojo::Pg.
      * prefix
      Optional (default: 'auth').
      Used to name the helpers (see below)
HELPERS
    Those helpers are defined by the plugin:
 <prefix>
    Returns a Mojolicious::Plugin::ContextAuth::Auth object.
 <prefix>_db
    Returns a Mojolicious::Plugin::ContextAuth::DB object.
AUTHOR
    Renee Baecker <reneeb@cpan.org>
COPYRIGHT AND LICENSE
    This software is Copyright (c) 2020 by Renee Baecker.
    This is free software, licensed under:
      The Artistic License 2.0 (GPL Compatible)