[Catalyst] Auth with Chained dispatch
Jesse Sheidlower
jester at panix.com
Fri Oct 20 19:40:28 CEST 2006
I'm finally considering writing something with the Chained
dispatch type, and before I start I want to clarify how I'll
do the auth stuff.
I'm trying to refactor to simplify repeated code. What I want
to do is have something like /item/edit/23 and /user/edit/87
(repeated over many different actions and perhaps even tables,
like /catalog/user/edit/23 vs. /phonelist/user/edit/23), so
that instead of totally separate but almost identical methods
(like I have now), I'll have one thing that goes to "item"
or "user" (and/or "catalog" or "phonelist") and fills the
stash with any relevant things, so that I can have one "edit"
that does the work, but with whatever sort of table info is
appropriate.
However, I still need to have separate access levels:
/item/edit and /item/view have different needs, as do
/item/edit and /user/edit (and certainly /catalog/anything
vs. /phonelist/anything). But if I make "edit" general,
what's the good way to restrict people based on the entire
chain?
Right now I have a Root auto method making sure people are
in the system and logged in, auto methods at each controller
to make sure people are allowed to do that general thing
(e.g., deal with "item"s or "user"s), and then further checks
in each method as necessary (e.g. OK, he's logged in and he
can deal with "item"s, but can he edit them? Or, does he
own item 23 so he can edit this one item?). When my methods
become generic, how do I keep doing this?
Thanks.
Jesse Sheidlower
More information about the Catalyst
mailing list