[Catalyst] Re: fine Authentication
David Storrs
dstorrs at dstorrs.com
Wed Aug 3 16:25:10 CEST 2005
> On 7/30/05, Vlad Bazon <vlad.bazon at gmail.com> wrote:
>
>> I do this in "list.html" (and not in a controller ...?!) - like:
>> ......
>> <td>
>> [% IF (column == 'nume') and ((c.session.user_id == object.$primary)
>> or (c.session.user_id == object.di_id.id)) %]
>> <a href= [% c.req.base _ table_name _ "/edit/" _ object.
>> $primary %] >
>> [% END %]
>> [% object.$column %]
>> </td>
>> ...... (so, only "user_id" has a "edit/7" action at disposition.)
>>
>> probably, it is not a good ideea (because the principle of the
>> separation M/C/V) - but it is so practical ...
On Aug 3, 2005, at 2:30 AM, Vlad Bazon wrote:
> A very bad solution!
> <Any> user could type "http://.../edit/7" manually!
> I'am sorry ...
Actually, it's a good solution--just not to the problem of
authentication. This isn't an authentication technique, this is a
user-interface technique: it helps to present the user with a
simple, uncluttered interface that includes only the elements they
need/can use. Authentication should be done via checking credentials,
as you imply above.
--Dks
More information about the Catalyst
mailing list