[Catalyst] Next steps
Andreas Marienborg
omega at palle.net
Fri Dec 23 08:02:17 CET 2005
On 23. des. 2005, at 04.41, Joe Landman wrote:
>
> I am building a main page which serves as the login page for the
> system. I am assuming that it makes more sense to have this go
> through a login/authentication controller than to do this in the
> main module. Is this correct? I think I have seen this both ways
> now (suggestions of using a controller, and the documentation on
> http://search.cpan.org/~sri/Catalyst-5.61/lib/Catalyst/Manual/
> Cookbook.pod#Require_user_logins which suggests doing this in the
> main module).
>
> Basically I want to have all access to the system go through the
> login system (with timed sessions), and implement roles from there
> (end user, admin).
What I would do (and did for Agave for instance), is create a Auth-
controller, that basicly has a Path action (/logout), and some
private actions (login, no_access and other errors). [1]
What this enables me to do, is when I get a request for a protected
section (for intance, everything under the Admin-controller), I can
in Admin.pm do: [2]
unless ($c->user_exists) {
$c->forward('/auth/login');
return 0 unless $c->user_exists;
}
unless ($c->user->user->is_admin) {
$c->forward('/auth/no_admin');
return 0;
}
Perhaps a similar scheme can be deployed in your app. What I find, is
that the main app class generaly only should have as little as
possible. I use it to override some parts of catalyst, and a few
standard actions (auto, default, index etc). [3]
hope some of that clears some questions up
andreas
[1] : http://dev.rawmode.org/file/trunk/lib/Agave/C/Auth.pm
[2] : http://dev.rawmode.org/file/trunk/lib/Agave/C/Admin.pm
[3] : http://dev.rawmode.org/file/trunk/lib/Agave.pm
More information about the Catalyst
mailing list