[Catalyst] Restricting access to the model
Matt S Trout
dbix-class at trout.me.uk
Mon Jul 3 16:00:09 CEST 2006
Will Hawes wrote:
> Andreas Marienborg wrote:
>> If the Order has a user field, why not just relationships?
>>
>> package My::Model::User;
>>
>> __PACKAGE__->has_many(orders and so on);
>>
>> then you always do $user->orders to get a users orders for instance.
>>
>> If you need it for more complex things, I would say it belongs in the
>> model.
>
> "Restricting access" was probably not the best term to use - it's not so
> much "which orders belong to user X?" that I'm trying to answer (I
> already use the approach you describe for that).
>
> It's "can user X access this order?". IMO it does seem to fit better in
> the model - I just can't see for the moment how I could implement
> different access rules in different apps if I'm using common model
> classes. That's what makes me wonder about putting this in a controller
> instead.
I tend to just modify the relevant ACCEPT_CONTEXT to return a resultset that
already has (e.g.) "WHERE order.user_id = $current_uid" applied to it, at
which point I can just do $c->model('DBIC::Orders') in my controller code and
it Does The Right Thing.
--
Matt S Trout Offering custom development, consultancy and support
Technical Director contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd. mst (at) shadowcatsystems.co.uk for more information
+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +
More information about the Catalyst
mailing list