Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Passing Data Back From Mason template

by Joost (Canon)
on Jun 02, 2006 at 02:07 UTC ( #553203=note: print w/replies, xml ) Need Help??


in reply to Passing Data Back From Mason template

Access checks should be handled by the controller/model- not the view. Depending on your situation (and I haven't used Catalyst), you might be able to move certain restricted actions to specific urls (i.e. /$role/$action) and have an "authentication-controller" catch all unauthorized acces, edit: before referring to the "actual" controller.

I don't recommend binding views to roles directly, since I at least tend to end up using re-using views for different actions, and the actions that take place before showing the view should determine the type of access.

update: also, this makes views simpler, which is a good thing.

Joost.

  • Comment on Re: Passing Data Back From Mason template

Replies are listed 'Best First'.
Re^2: Passing Data Back From Mason template
by water (Deacon) on Jun 04, 2006 at 00:29 UTC
    Hmmm... don't like embedding roles in URLS -- we often need to change who can do what, create new roles, etc -- would be mess if necessitated remapping urls.

    so basically each action (method) in the controller needs a role-list, and jumps off to confirm current user is a member of at least one allowed role, else redirects off to a not-enough-access-to-do-that page, yes?

      The url mapping isn't going to be useful to you then :-)

      Yes, I would suggest mapping role-lists against actions. If you do that in the database or whatever storage system you use, or use a consisten interface in your action classes, you can still do a generic access control system after request to action mapping and before dispatching to the action.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://553203]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2020-01-19 02:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?