[Catalyst] fine Authentication

luke saunders luke.saunders at gmail.com
Sat Jul 23 13:35:10 CEST 2005


The best way to do this this type of fine grained authentication is to
write a plugin which watches where the users are going within the
controllers and forwards the request elsewhere if necessary (to
/page/denied for example). To do this I wrote a plugin which overloads
the execute method of Catalyst::Engine and makes the checks before the
action is executed. This is better than having the controllers 'ask'
some authenticator if user x is allowed access to that action.

If you're interested I can email you the code but not until Tuesday as
I won't have access to it until then.

Alternatively you can just put some code in the auto method of your
controller(s) which makes the checks.

-Luke

On 7/23/05, Vlad Bazon <vlad.bazon at gmail.com> wrote:
> Hi,
> 
> How - as simply, or "best practice" - how I can link a action (like
> 'add'), and also an individual action (like 'edit/7', or 'destroy/5')
> with a kind of authentication?
> 
> Only the user-creator of a group of records, could then operate
> ('edit', 'destroy') on these (by 'edit/7', etc.)!
> 
> May be, I wrong express in CDBI-mysql the relationships of
> 'user_class', 'role_class', 'user_role_class' ...
> 
> Thanks!
> 
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
>



More information about the Catalyst mailing list