[Catalyst-dev] Implementing Authent/Author via attributes (RFC)

Bruce McKenzie brucem at dynamicrange.com
Sat Apr 4 01:22:10 GMT 2009 

Sadly, it was not clear to me that you could have only one ActionClass  
per handler. I finally figured it out after tracing things and reading  
lots of perldoc. <sigh> I'm new to this. It worked fine for my paths  
that were not RESTful also :-)

I see the notes about a proposed patch (http://www.mail-archive.com/catalyst@lists.rawmode.org/msg04135.html 
) which redirected to a Grand Unified Theory of Rearchitecture  
(instead of applying the patch). Dumb question -- where can I read  
more about the rearchitecture?


Anyways, I have a real issue and a proposal --

So here's what I want to do:

--- Controller ---
...
sub config_element :Path('')  ActionClass('REST')  
ActionClass( 'LoginRequired' )
{
     my ( $self, $c ) = @_;

    $c->log->debug("I only get this if I'm logged in!");
}
...
------

--- MyApp::Action::LoginRequired ---
...
sub execute
{
     my $self = shift;
     my ( $controller, $c, @args ) = @_;

     if ( ! $c->session->{'logged_in'} )
     {
         $c->detach('/login_required');
     }

     my $r = $self->next::method(@_);

     return $r;
}
...
-------

Why? It just seemed way cleaner to me (LoginRequired *is* attribute-y  
to me :-) than repeated:
---
         $c->detach('/login_required') unless $c->session- 
 >{'logged_in'};
---

lines throughout all of my methods. Specifically, I added a "auth not  
required" mode in which login-requirements were temporarily defeated,  
and I had to go edit every path everywhere that had this code bit.  
Sure, I can turn "$c->session->{'logged_in'}" into a app/context  
method call and have the code only there...but it misses the point (or  
*I* miss the point).

Attributes are decorators and meta-behaviours, and access requirements  
seemed like a perfect example of this to me. Obviously they don't have  
to be ActionClass(es).

So (he says, phrasing it in the form of an RFC), would there be any  
traction in pursuing a Auththent/Author/ACL attribute that slots in?

Something like:

sub mypath1 : AllowWhen( 'authenticated' ) { }
sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { }  # permitted if  
user has any of the roles
sub mypath3 : AllowWhen( 'hasallroles(organization1,administration)' )  
{ }   # permitted if user has all of the roles

May I have feedback (up to and hopefully not including "please go  
away" :-)

Thanks very much for your time.

Bruce


---
Bruce McKenzie
brucem at dynamicrange.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst-dev/attachments/20090403/589ae3c3/attachment-0001.htm

More information about the Catalyst-dev mailing list