[Catalyst] Re: fine Authentication
vlad.bazon at gmail.com
Sat Jul 30 22:21:33 CEST 2005
I do this in "list.html" (and not in a controller ...?!) - like:
[% IF (column == 'nume') and ((c.session.user_id == object.$primary)
or (c.session.user_id == object.di_id.id)) %]
<a href= [% c.req.base _ table_name _ "/edit/" _ object.$primary %] >
[% END %]
[% object.$column %]
...... (so, only "user_id" has a "edit/7" action at disposition.)
probably, it is not a good ideea (because the principle of the
separation M/C/V) - but it is so practical ...
On 7/23/05, Vlad Bazon <vlad.bazon at gmail.com> wrote:
> How - as simply, or "best practice" - how I can link a action (like
> 'add'), and also an individual action (like 'edit/7', or 'destroy/5')
> with a kind of authentication?
> Only the user-creator of a group of records, could then operate
> ('edit', 'destroy') on these (by 'edit/7', etc.)!
> May be, I wrong express in CDBI-mysql the relationships of
> 'user_class', 'role_class', 'user_role_class' ...
More information about the Catalyst