[Catalyst-dev] Implementing Authent/Author via attributes (RFC)
Kieren Diment
diment at gmail.com
Sat Apr 4 01:27:49 GMT 2009
On 04/04/2009, at 12:22 PM, Bruce McKenzie wrote:
> Sadly, it was not clear to me that you could have only one
> ActionClass per handler. I finally figured it out after tracing
> things and reading lots of perldoc. <sigh> I'm new to this. It
> worked fine for my paths that were not RESTful also :-)
>
> I see the notes about a proposed patch (http://www.mail-archive.com/catalyst@lists.rawmode.org/msg04135.html
> ) which redirected to a Grand Unified Theory of Rearchitecture
> (instead of applying the patch). Dumb question -- where can I read
> more about the rearchitecture?
>
Evil hack:
use multiple inheritance to create a 'RESTLoginRequired' actionclass
Better solution:
Use Catalyst::Controller::ActionRole to define your own attributes.
>
> Anyways, I have a real issue and a proposal --
>
> So here's what I want to do:
>
> --- Controller ---
> ...
> sub config_element :Path('') ActionClass('REST')
> ActionClass( 'LoginRequired' )
> {
> my ( $self, $c ) = @_;
>
> $c->log->debug("I only get this if I'm logged in!");
> }
> ...
> ------
>
> --- MyApp::Action::LoginRequired ---
> ...
> sub execute
> {
> my $self = shift;
> my ( $controller, $c, @args ) = @_;
>
> if ( ! $c->session->{'logged_in'} )
> {
> $c->detach('/login_required');
> }
>
> my $r = $self->next::method(@_);
>
> return $r;
> }
> ...
> -------
>
> Why? It just seemed way cleaner to me (LoginRequired *is* attribute-
> y to me :-) than repeated:
> ---
> $c->detach('/login_required') unless $c->session-
> >{'logged_in'};
> ---
>
> lines throughout all of my methods. Specifically, I added a "auth
> not required" mode in which login-requirements were temporarily
> defeated, and I had to go edit every path everywhere that had this
> code bit. Sure, I can turn "$c->session->{'logged_in'}" into a app/
> context method call and have the code only there...but it misses the
> point (or *I* miss the point).
>
> Attributes are decorators and meta-behaviours, and access
> requirements seemed like a perfect example of this to me. Obviously
> they don't have to be ActionClass(es).
>
> So (he says, phrasing it in the form of an RFC), would there be any
> traction in pursuing a Auththent/Author/ACL attribute that slots in?
>
> Something like:
>
> sub mypath1 : AllowWhen( 'authenticated' ) { }
> sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if
> user has any of the roles
> sub mypath3 :
> AllowWhen( 'hasallroles(organization1,administration)' ) { } #
> permitted if user has all of the roles
>
> May I have feedback (up to and hopefully not including "please go
> away" :-)
>
> �Thanks very much for your time.
>
> Bruce
>
>
> ---
> Bruce McKenzie
> brucem at dynamicrange.com
>
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
More information about the Catalyst-dev
mailing list