package Test::TestController; use Dancer ':syntax'; use strict; use Test::Model::Test; our $VERSION = '0.1'; prefix '/test'; route(); sub route { hook 'before' => sub { if (! session('user') && request->path_info =~ /^\/test\// && request->path_info !~ m{^/login}) { var requested_path => request->path_info; request->path_info('/test/login'); } }; get '/login' => sub { template 'login_test.tt', { }; }; ##log user in. Validate authentication then redirect to user base route post '/login' => sub { session user => {id => 1, role =>{ id => 1} }; redirect '/test/website/get/1'; }; get '/website/get/:id' => sub { ##check we're not being passed non id stuff unless (params->{id} =~ /^[\d]+$/) { redirect '/test/login'; return } my $website = Test::Model::Test::get_website(params->{id}); ##only for admin for all websites ##check that the website is owned by this user otherwise unless (session('user')->{role}->{id} eq Test::Model::Test::ROLE_ADMIN || $website->{created_by} eq session('user')->{id}) { redirect '/login'; } template 'website_test.tt', { 'values' => $website, 'form_url' => '/test/website/edit/'.params->{id}, }; }; post '/website/edit/:id' => sub { ##check we're not being passed non id stuff unless (params->{id} =~ /^[\d]+$/) { redirect '/test/login'; return } my $website = Test::Model::Test::get_website(params->{id}); ##only for admin for all websites ##check that the website is owned by this user otherwise unless (session('user')->{role}->{id} eq Test::Model::Test::ROLE_ADMIN || $website->{created_by} eq session('user')->{id}) { redirect '/login'; } my $param_ref = params; Test::Model::Test::edit_website(session('user'), $param_ref); ##Redirect to add a new website with a flash message #flash message => 'Website successfully edited!'; redirect '/test/website/get/'.params->{id}; }; } true; #### package Test::Model::Test; use Dancer::Plugin::Database; use Dancer::Logger; use constant ROLE_ADMIN => 1; ##Edits a new website sub edit_website($$) { my ($user, $website) = @_; database->quick_update('test_website', {id => $website->{id}}, { name => $website->{name}, url => $website->{url}, }); database->commit(); } ##Return sthe website object . sub get_website($) { my ($id) = @_; my $website = database->quick_select('test_website', { id => $id }); return $website; } true; ####

Edit Website

##
## #### create table if not exists `testdb`.test_website ( id integer primary key auto_increment, name varchar(255) not null, url varchar(255) not null ) ENGINE=INNODB DEFAULT CHARSET=utf8; INSERT INTO `testdb`.test_website(name, url) values ('test1', 'mytest.com');