Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Catalyst: Dev

Implementing Authent/Author via attributes (RFC)

  

 
Catalyst dev RSS feed   Index | Next | Previous | View Threaded


brucem at dynamicrange

Apr 3, 2009, 6:22 PM

Post #1 of 2 (569 views)
Permalink
Implementing Authent/Author via attributes (RFC)
Sadly, it was not clear to me that you could have only one ActionClass
per handler. I finally figured it out after tracing things and reading
lots of perldoc. <sigh> I'm new to this. It worked fine for my paths
that were not RESTful also :-)

I see the notes about a proposed patch (http://www.mail-archive.com/catalyst[at]lists.rawmode.org/msg04135.html
) which redirected to a Grand Unified Theory of Rearchitecture
(instead of applying the patch). Dumb question -- where can I read
more about the rearchitecture?


Anyways, I have a real issue and a proposal --

So here's what I want to do:

--- Controller ---
...
sub config_element :Path('') ActionClass('REST')
ActionClass( 'LoginRequired' )
{
my ( $self, $c ) = @_;

$c->log->debug("I only get this if I'm logged in!");
}
...
------

--- MyApp::Action::LoginRequired ---
...
sub execute
{
my $self = shift;
my ( $controller, $c, @args ) = @_;

if ( ! $c->session->{'logged_in'} )
{
$c->detach('/login_required');
}

my $r = $self->next::method(@_);

return $r;
}
...
-------

Why? It just seemed way cleaner to me (LoginRequired *is* attribute-y
to me :-) than repeated:
---
$c->detach('/login_required') unless $c->session-
>{'logged_in'};
---

lines throughout all of my methods. Specifically, I added a "auth not
required" mode in which login-requirements were temporarily defeated,
and I had to go edit every path everywhere that had this code bit.
Sure, I can turn "$c->session->{'logged_in'}" into a app/context
method call and have the code only there...but it misses the point (or
*I* miss the point).

Attributes are decorators and meta-behaviours, and access requirements
seemed like a perfect example of this to me. Obviously they don't have
to be ActionClass(es).

So (he says, phrasing it in the form of an RFC), would there be any
traction in pursuing a Auththent/Author/ACL attribute that slots in?

Something like:

sub mypath1 : AllowWhen( 'authenticated' ) { }
sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if
user has any of the roles
sub mypath3 : AllowWhen( 'hasallroles(organization1,administration)' )
{ } # permitted if user has all of the roles

May I have feedback (up to and hopefully not including "please go
away" :-)

Thanks very much for your time.

Bruce


---
Bruce McKenzie
brucem[at]dynamicrange.com


diment at gmail

Apr 3, 2009, 6:27 PM

Post #2 of 2 (518 views)
Permalink
Re: Implementing Authent/Author via attributes (RFC) [In reply to]
On 04/04/2009, at 12:22 PM, Bruce McKenzie wrote:

> Sadly, it was not clear to me that you could have only one
> ActionClass per handler. I finally figured it out after tracing
> things and reading lots of perldoc. <sigh> I'm new to this. It
> worked fine for my paths that were not RESTful also :-)
>
> I see the notes about a proposed patch (http://www.mail-archive.com/catalyst[at]lists.rawmode.org/msg04135.html
> ) which redirected to a Grand Unified Theory of Rearchitecture
> (instead of applying the patch). Dumb question -- where can I read
> more about the rearchitecture?
>

Evil hack:

use multiple inheritance to create a 'RESTLoginRequired' actionclass

Better solution:

Use Catalyst::Controller::ActionRole to define your own attributes.



>
> Anyways, I have a real issue and a proposal --
>
> So here's what I want to do:
>
> --- Controller ---
> ...
> sub config_element :Path('') ActionClass('REST')
> ActionClass( 'LoginRequired' )
> {
> my ( $self, $c ) = @_;
>
> $c->log->debug("I only get this if I'm logged in!");
> }
> ...
> ------
>
> --- MyApp::Action::LoginRequired ---
> ...
> sub execute
> {
> my $self = shift;
> my ( $controller, $c, @args ) = @_;
>
> if ( ! $c->session->{'logged_in'} )
> {
> $c->detach('/login_required');
> }
>
> my $r = $self->next::method(@_);
>
> return $r;
> }
> ...
> -------
>
> Why? It just seemed way cleaner to me (LoginRequired *is* attribute-
> y to me :-) than repeated:
> ---
> $c->detach('/login_required') unless $c->session-
> >{'logged_in'};
> ---
>
> lines throughout all of my methods. Specifically, I added a "auth
> not required" mode in which login-requirements were temporarily
> defeated, and I had to go edit every path everywhere that had this
> code bit. Sure, I can turn "$c->session->{'logged_in'}" into a app/
> context method call and have the code only there...but it misses the
> point (or *I* miss the point).
>
> Attributes are decorators and meta-behaviours, and access
> requirements seemed like a perfect example of this to me. Obviously
> they don't have to be ActionClass(es).
>
> So (he says, phrasing it in the form of an RFC), would there be any
> traction in pursuing a Auththent/Author/ACL attribute that slots in?
>
> Something like:
>
> sub mypath1 : AllowWhen( 'authenticated' ) { }
> sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if
> user has any of the roles
> sub mypath3 :
> AllowWhen( 'hasallroles(organization1,administration)' ) { } #
> permitted if user has all of the roles
>
> May I have feedback (up to and hopefully not including "please go
> away" :-)
>
> Thanks very much for your time.
>
> Bruce
>
>
> ---
> Bruce McKenzie
> brucem[at]dynamicrange.com
>
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev[at]lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev[at]lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

Catalyst dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.