[Catalyst] fine Authentication
luke.saunders at gmail.com
Sat Jul 23 13:35:10 CEST 2005
The best way to do this this type of fine grained authentication is to
write a plugin which watches where the users are going within the
controllers and forwards the request elsewhere if necessary (to
/page/denied for example). To do this I wrote a plugin which overloads
the execute method of Catalyst::Engine and makes the checks before the
action is executed. This is better than having the controllers 'ask'
some authenticator if user x is allowed access to that action.
If you're interested I can email you the code but not until Tuesday as
I won't have access to it until then.
Alternatively you can just put some code in the auto method of your
controller(s) which makes the checks.
On 7/23/05, Vlad Bazon <vlad.bazon at gmail.com> wrote:
> How - as simply, or "best practice" - how I can link a action (like
> 'add'), and also an individual action (like 'edit/7', or 'destroy/5')
> with a kind of authentication?
> Only the user-creator of a group of records, could then operate
> ('edit', 'destroy') on these (by 'edit/7', etc.)!
> May be, I wrong express in CDBI-mysql the relationships of
> 'user_class', 'role_class', 'user_role_class' ...
> Catalyst mailing list
> Catalyst at lists.rawmode.org
More information about the Catalyst