[Catalyst] Effective user id ?
Matija Grabnar
matija at literal.si
Mon Jul 10 11:22:53 CEST 2006
Instead of assert_user_roles, you could use check_user_roles, to verify
if the user
is manager _first_. If he is, assert_user_roles doesn't get called, and
the manager
proceeds with the task. If he isn't, assert_user_roles is called as before.
Of course, it might be worth changing the authorization::Roles plugin
with an additional
assert_any_role (and check_any_role) which suceeds if the user has at
least one of the roles
required (i.e. an OR of roles instead of an and).
Considering how often a managerial override is needed in today's web
applications, I think that
would be worth it...
More information about the Catalyst
mailing list