[Catalyst] Auth with Chained dispatch
Matt S Trout
dbix-class at trout.me.uk
Sat Oct 21 14:44:37 CEST 2006
Jesse Sheidlower wrote:
> On Sat, Oct 21, 2006 at 12:01:42PM +0200, Zbigniew Lukasiak wrote:
>> Hi,
>>
>> I don't know if that is the right solution for you, but you can always
>> put the whole checking into the auto subroutine, just retrieve the
>> action, the item ID and check it there.
>
> Uh...yes, I guess that would be easy and sensible.
>
> For some reason I was imagining the need to split the process
> up into a bunch of different places.
Nah, Chained and auto co-operate just fine.
Personally I tend to do incremental permissions checking at each stage of the
chain mostly - I don't remember the last time I used an auto method. The trick
is to codify your requirements, so for example in a base class
__PACKAGE__->mk_accessors(qw/model_type/);
sub edit :Chained('base') :Args(0) {
my ($self, $c) = @_;
$c->detach('/permission_denied')
unless $c->user->can('edit', $self->model_type);
...
}
then in the subclass for a particular type
__PACKAGE__->config(model_type => 'user');
or similar. I am not, however, recommending this over auto; both work fine, so
as usual with Catalyst pick whatever suits your app best :)
--
Matt S Trout Offering custom development, consultancy and support
Technical Director contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd. mst (at) shadowcatsystems.co.uk for more information
+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +
More information about the Catalyst
mailing list