[Catalyst] Re: fine Authentication
Vlad Bazon
vlad.bazon at gmail.com
Wed Aug 3 08:30:43 CEST 2005
A very bad solution!
<Any> user could type "http://.../edit/7" manually!
I'am sorry ...
On 7/30/05, Vlad Bazon <vlad.bazon at gmail.com> wrote:
> I do this in "list.html" (and not in a controller ...?!) - like:
> ......
> <td>
> [% IF (column == 'nume') and ((c.session.user_id == object.$primary)
> or (c.session.user_id == object.di_id.id)) %]
> <a href= [% c.req.base _ table_name _ "/edit/" _ object.$primary %] >
> [% END %]
> [% object.$column %]
> </td>
> ...... (so, only "user_id" has a "edit/7" action at disposition.)
>
> probably, it is not a good ideea (because the principle of the
> separation M/C/V) - but it is so practical ...
>
> Regards,
> Vlad
>
> On 7/23/05, Vlad Bazon <vlad.bazon at gmail.com> wrote:
> > Hi,
> >
> > How - as simply, or "best practice" - how I can link a action (like
> > 'add'), and also an individual action (like 'edit/7', or 'destroy/5')
> > with a kind of authentication?
> >
> > Only the user-creator of a group of records, could then operate
> > ('edit', 'destroy') on these (by 'edit/7', etc.)!
> >
> > May be, I wrong express in CDBI-mysql the relationships of
> > 'user_class', 'role_class', 'user_role_class' ...
> >
> > Thanks!
> >
>
More information about the Catalyst
mailing list