Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

Just to give you a taste of what I am doing and why, here's a (heavily edited) version of the dispatch code.

my %page_control = ( edit => { product => { page => 'ps-main-product-edit.tmpl', function => \&edit_product }, }, default => { page => 'ps-main.tmpl', function => '' } ); # not worried about auto-vivification because false entries will g +o to defaults my ( $page, $function ); if ( $action and $type ) { $page = $page_control{ $action }{ $type }{ page }; $function = $page_control{ $action }{ $type }{ function }; } $page ||= $page_control{ default }{ page } my $permissions = $sec->get_permissions( $section ); if ( $action and $page =~ /^$secured/ ) { if ( exists $page_control{ $action } and exists $page_control{ $action }{ $permType } and ! $permissions->{ $type }{ $action } ) { my $article = $type =~ /^[aeiouAEIOU]/ ? 'an' : 'a'; $sec->force_logout( "$user tried to $action $article $type +." ); } } # call correct function my ( $template_data, $new_page ) = $function->( $query, $db, $mod, + $sec ) if defined $function and $function; $page = $new_page if defined $new_page and $new_page; $template->process( $page, $template_data ) or dienice $template-> +error();

Basically, I use the hash to assign pages and functions for each action (permission) and type (section). We then call the function with all the data that it will need and it returns template data and, if necessary, a new page to send the user to. All functions have the same inputs and outputs.

The problem, as I see it, is how the permissions model is set up to prevent people from gaining access to something that they shouldn't. If I start building in a bunch of special cases into the dispatch code, I'm concerned that now, or in maintenance, we'll overlook something in the security portion. Since that's relatively stable, I really want all changes to occur after security has been nicely wrapped up.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.


In reply to (Ovid) Re: Re: Would you use 'goto' here? by Ovid
in thread Would you use 'goto' here? by Ovid

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (1)
As of 2021-08-01 00:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?