[Catalyst-dev] RFC: Secure attribute for actions (patch inside)
Ido Rosen
ido at cpan.org
Sat Oct 21 07:24:33 CEST 2006
Hi folks,
Below is a diff for a Secure attribute for actions.
Synopsis:
# forward to 'myaction' if insecure, then don't match foo.
sub foo : ... Secure('myaction') {
... secure only code here ...
}
# just don't match bar if insecure.
sub bar : ... Secure {
... secure only code here ...
}
...whether or not we are "secure" is determined by $c->req->secure.
Seeing as there is already a "secure" accessor for C::Request, I
think this is a logical next step if we want to remain consistent
with the DRY philosophy.
Ido
Index: lib/Catalyst/Base.pm
===================================================================
--- lib/Catalyst/Base.pm (revision 5192)
+++ lib/Catalyst/Base.pm (working copy)
@@ -322,6 +322,13 @@
return ( 'ActionClass', $value );
}
+# Secure attribute: do not let this action match unless $c->req->secure.
+sub _parse_Secure_attr {
+ my ( $self, $c, $name, $value ) = @_;
+ $value ||= '';
+ return ( 'Secure', $value );
+}
+
=head2 $self->_application
=head2 $self->_app
Index: lib/Catalyst/Action.pm
===================================================================
--- lib/Catalyst/Action.pm (revision 5192)
+++ lib/Catalyst/Action.pm (working copy)
@@ -78,6 +78,13 @@
sub match {
my ( $self, $c ) = @_;
+ if ( exists $self->attributes->{Secure} && !$c->req->secure ) {
+ # forward to argument if it is provided.
+ # otherwise don't forward anywhere if insecure, just don't match.
+ if ( length $self->attributes->{Secure} )
+ $c->forward( $self->attributes->{Secure} );
+ return 0; # don't match if Secure action && insecure pipe.
+ }
return 1 unless exists $self->attributes->{Args};
my $args = $self->attributes->{Args}[0];
return 1 unless defined($args) && length($args);
More information about the Catalyst-dev
mailing list