Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Catalyst: Dev Implementing Authent/Author via attributes (RFC)   Index | Next | Previous | View Flat

brucem at dynamicrange Apr 3, 2009, 6:22 PM Views: 585 Permalink Implementing Authent/Author via attributes (RFC) Sadly, it was not clear to me that you could have only one ActionClass per handler. I finally figured it out after tracing things and reading lots of perldoc. <sigh> I'm new to this. It worked fine for my paths that were not RESTful also :-) I see the notes about a proposed patch (http://www.mail-archive.com/catalyst[at]lists.rawmode.org/msg04135.html ) which redirected to a Grand Unified Theory of Rearchitecture (instead of applying the patch). Dumb question -- where can I read more about the rearchitecture? Anyways, I have a real issue and a proposal -- So here's what I want to do: --- Controller --- ... sub config_element :Path('') ActionClass('REST') ActionClass( 'LoginRequired' ) { my ( $self, $c ) = @_; $c->log->debug("I only get this if I'm logged in!"); } ... ------ --- MyApp::Action::LoginRequired --- ... sub execute { my $self = shift; my ( $controller, $c, @args ) = @_; if ( ! $c->session->{'logged_in'} ) { $c->detach('/login_required'); } my $r = $self->next::method(@_); return $r; } ... ------- Why? It just seemed way cleaner to me (LoginRequired *is* attribute-y to me :-) than repeated: --- $c->detach('/login_required') unless $c->session- >{'logged_in'}; --- lines throughout all of my methods. Specifically, I added a "auth not required" mode in which login-requirements were temporarily defeated, and I had to go edit every path everywhere that had this code bit. Sure, I can turn "$c->session->{'logged_in'}" into a app/context method call and have the code only there...but it misses the point (or *I* miss the point). Attributes are decorators and meta-behaviours, and access requirements seemed like a perfect example of this to me. Obviously they don't have to be ActionClass(es). So (he says, phrasing it in the form of an RFC), would there be any traction in pursuing a Auththent/Author/ACL attribute that slots in? Something like: sub mypath1 : AllowWhen( 'authenticated' ) { } sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if user has any of the roles sub mypath3 : AllowWhen( 'hasallroles(organization1,administration)' ) { } # permitted if user has all of the roles May I have feedback (up to and hopefully not including "please go away" :-) Thanks very much for your time. Bruce --- Bruce McKenzie brucem[at]dynamicrange.com

Subject User Time Implementing Authent/Author via attributes (RFC) brucem at dynamicrange Apr 3, 2009, 6:22 PM     Re: Implementing Authent/Author via attributes (RFC) diment at gmail Apr 3, 2009, 6:27 PM

Index | Next | Previous | View Flat   Catalyst     Users     Dev

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.