[Catalyst] Auth with Chained dispatch
Zbigniew Lukasiak
zzbbyy at gmail.com
Sat Oct 21 12:01:42 CEST 2006
Hi,
I don't know if that is the right solution for you, but you can always
put the whole checking into the auto subroutine, just retrieve the
action, the item ID and check it there.
--
Zbyszek
On 10/20/06, Jesse Sheidlower <jester at panix.com> wrote:
>
> I'm finally considering writing something with the Chained
> dispatch type, and before I start I want to clarify how I'll
> do the auth stuff.
>
> I'm trying to refactor to simplify repeated code. What I want
> to do is have something like /item/edit/23 and /user/edit/87
> (repeated over many different actions and perhaps even tables,
> like /catalog/user/edit/23 vs. /phonelist/user/edit/23), so
> that instead of totally separate but almost identical methods
> (like I have now), I'll have one thing that goes to "item"
> or "user" (and/or "catalog" or "phonelist") and fills the
> stash with any relevant things, so that I can have one "edit"
> that does the work, but with whatever sort of table info is
> appropriate.
>
> However, I still need to have separate access levels:
> /item/edit and /item/view have different needs, as do
> /item/edit and /user/edit (and certainly /catalog/anything
> vs. /phonelist/anything). But if I make "edit" general,
> what's the good way to restrict people based on the entire
> chain?
>
> Right now I have a Root auto method making sure people are
> in the system and logged in, auto methods at each controller
> to make sure people are allowed to do that general thing
> (e.g., deal with "item"s or "user"s), and then further checks
> in each method as necessary (e.g. OK, he's logged in and he
> can deal with "item"s, but can he edit them? Or, does he
> own item 23 so he can edit this one item?). When my methods
> become generic, how do I keep doing this?
>
> Thanks.
>
> Jesse Sheidlower
>
> _______________________________________________
> List: Catalyst at lists.rawmode.org
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/[email protected]/
> Dev site: http://dev.catalyst.perl.org/
>
--
Zbigniew Lukasiak
http://brudnopis.blogspot.com/
More information about the Catalyst
mailing list