Just to give you a taste of what I am doing and why, here's a (heavily edited) version of the dispatch code.
my %page_control = (
edit => {
product => {
page => 'ps-main-product-edit.tmpl',
function => \&edit_product
},
},
default => {
page => 'ps-main.tmpl',
function => ''
}
);
# not worried about auto-vivification because false entries will g
+o to defaults
my ( $page, $function );
if ( $action and $type ) {
$page = $page_control{ $action }{ $type }{ page };
$function = $page_control{ $action }{ $type }{ function };
}
$page ||= $page_control{ default }{ page }
my $permissions = $sec->get_permissions( $section );
if ( $action and $page =~ /^$secured/ ) {
if ( exists $page_control{ $action }
and exists $page_control{ $action }{ $permType }
and ! $permissions->{ $type }{ $action } )
{
my $article = $type =~ /^[aeiouAEIOU]/ ? 'an' : 'a';
$sec->force_logout( "$user tried to $action $article $type
+." );
}
}
# call correct function
my ( $template_data, $new_page ) = $function->( $query, $db, $mod,
+ $sec )
if defined $function and $function;
$page = $new_page if defined $new_page and $new_page;
$template->process( $page, $template_data ) or dienice $template->
+error();
Basically, I use the hash to assign pages and functions for each action (permission) and type (section). We then call the function with all the data that it will need and it returns template data and, if necessary, a new page to send the user to. All functions have the same inputs and outputs.
The problem, as I see it, is how the permissions model is set up to prevent people from gaining access to something that they shouldn't. If I start building in a bunch of special cases into the dispatch code, I'm concerned that now, or in maintenance, we'll overlook something in the security portion. Since that's relatively stable, I really want all changes to occur after security has been nicely wrapped up.
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.