[Catalyst] RFC: Authentication & Authorization Tutorial

hkclark at gmail.com hkclark at gmail.com
Wed Apr 12 03:00:38 CEST 2006

Hi Daniel,

Excellent input, thank you.  This sort of detailed feedback is
extremely helpful.

Some of the things you commented on were things I thought about
adding, but left out in the interest of trying to keep the size
manageable.  I'll do through your comments in more detail and updated
to v.92 as soon as I catch my breath from an insanely busy last couple
of weeks, but some initial comments are inline below...

On 4/11/06, Daniel McBrearty <danielmcbrearty at gmail.com> wrote:
> Nice work Kennedy! I just started taking a look at this. Very helpful. A few
> notes:
> 1. after being run through pod2html, some links are to non-existent (well,
> for me) local files, where I guess they should be to the relevant CPAN page.
>  - in the Intro, for DBIx::Class::Manual
>  - in "Include Auth and Session Plugins", to Session::Store plugin

Yeah, I thought about hard-coding the links to point straight to CPAN,
but that didn't seem to be "the POD way".  Any "POD old timers" got
any advice for me here?  Is it better to leave links as L<Blah::Blah>
or go with L<Blah::Blah|http://cpan.uwinnipeg.ca/dist/Blah-Blah>??  I
know that if this was on CPAN, the the L<Blah::Blah> would "just
work."  But given that this is an "offline tutorial", the links are
"just broken."

>  2. Really, this covers a lot more ground than just Auth/Auth. I actually
> stopped and took a tour of DBIx (which is also new to me) before digging in
> to this. (I'm actually wondering how I managed to write anything much
> without these tools ... but anyhow ...) I think that could be reflected in
> the title, or at least the first few paras ... something like :
>  "Along the way you'll find out (if you didn't already know) how to use the
> SQLite db with the DBIx library for painless interactions with your catalyst
> app. Also we'll show you the TTSite feature of Template Toolkit ... "
> (another thing I was blind ignorant of - where does this stuff all come from
> ...?)

Yeah, I sorta lost sight of my original goal. :-)  I'll beef up the
intro a bit (and maybe tweak the title, although I'm worried about
making it too verbose).

>  3. When I got the app to fire up, I didn't get the db queries ion debug at
> first - I had teh env variable wrong. Is there an easier way of turning this
> debug feature on? (lIke in the config file maybe ...?)

Yes, you can use:
I came close to including that (as well as mentioning the options to
send to file vs the "dev server debug stuff").  Maybe I'll try to
include a brief mention and then include a link to

>  3 1/2. I didn't get the thing about trimming newlines in the TT comment -
> why is that done?

Good point.  It's totally not visible in your browser; but, if you do
a "view source" it prevents blank links in the HTML source.  I really
like it because it's something that always annoyed me in JSP (if
anyone out there knows a way to cleanly do something similar in JSP
and I have just be stupid about it all this time please let me know!),
but it only matters if you are obsessive about how your HTML source
looks.  BUT, back to your point, I should explain that better. Thanks.

>  4. from the perspective of a cat newb who has only worked throgh the
> existing tutorial beforehand ... some discontinuties that come up going from
> that to this ...
>   - why are we now using tt2 extensions for our templates? does this mean
> anything or is it just personal choice?

Yeah, I thought that was a little weird when I first used TTSite too
(like the "c" vs "Catalyst" thing).  I came *sooo* close to mentioning
this, but I thought I might be the only one who thought it was "odd". 
I'll add a note about that and explain that it's just "convention".

>   - how does TT know that the path to templates is now root/src ? this had
> to be explicitly set (in MyApp.pm IIRC) in the other tut.

I sorta mention the settings in MyApp::View::TT.pm that TTSite sets
up, but I'll expand that some.

>  5. is there any reason for seperate controllers for login, logout? why not
> group them as actions under a single controller like user/login,
> user/logout? (or is it just a matter of taste ...?)

Good point.  I went with the 2 because this started with the example
Carl Franks added to the Cookbook (in the "daily build of docs" area
on wiki).  But you are right, it could be one.  I might change that to
one controller, but if not I'll add a note reminding users that it can
go either way.

>  6. (I'm down at the "Try out authentication" section now. this is starting
> to look really neat.) There is a lot going on in the debug info now - the
> session id's have magically started happening, and the looking up of the
> user ... it would be quite cool to pull some of this apart here and look at
> what is really happening. I guess a lot of this was also the case in the
> other tut, but it was a bit too much and didn't really sink in at the time
> ...

Hmmm, I'll think about trying to get into that... but I'm a little
concerned about it getting so long people don't read it.  I'm also
thinking about some follow-on tutorials, so that could be a good thing
for one of those.

>  7. the stuff about TT multiline comments in login.tt2 seemed a bit
> irrelevant TBH - I changed the code their to be a TT "IF/ELSE/END" so that
> you don't see the login form at all if you are already logged in, and felt a
> small sense of achievement ...
>  8. I got to the part where you add the two login buttons, but now something
> isn't flying right with me ... it seems that $c->user->roles is empty. Dunno
> why ... it's late and I can't figure it right now. I checked teh database is
> ok, the config file and teh modules ... all seems to be good. Will have to
> look at it another day, maybe d/l the example code and see what that does
> for me ...

yeah, I'm not thrilled with that part... but it's a challenge
demonstrating both roles and authentication without pulling in loads
of templates and controller actions.

>  it looks like a great tutorial, what's very good is that it hits exactly on
> things that I need to do for my project. It also follows on very well from
> the existing Manual::Tutorial, in that it seems to build on that stuff quite
> well. If you would all put these things together and smooth over the seams a
> bit, you'd basically have teh catalyst book ... or e-book or whatever ...
>  thanks a lot for this. it is pretty helpful
>  Daniel
> On 4/11/06, Yuval Kogman < nothingmuch at woobling.org> wrote:
> >
>  On Sun, Apr 09, 2006 at 00:06:27 -0400, hkclark at gmail.com wrote:
> > I split authentication and authorization into two different
> > phases/sections and added some more specific examples of
> > authorization, especially in the controller.  Again, it's intended
> > to be a learning tool more than a real-world example -- hopefully
> > the examples illustrate the concepts without getting into too much
> > complexity.
> You can also introduce the ACL plugin real quick, right before phase
> 5 if you think it's appropriate.
> --
>   Yuval Kogman < nothingmuch at woobling.org >
> http://nothingmuch.woobling.org  0xEBD27418
> _______________________________________________
> Catalyst mailing list
>  Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
> --
> Daniel McBrearty
> email : danielmcbrearty at gmail.com
>  www.engoi.com : the multi - language vocab trainer
> BTW : 0873928131
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst

More information about the Catalyst mailing list