[Catalyst] Advice for Catalyst::Plugin::Authentication::Store::DBIC needed
Bernhard Graf
catalyst at augensalat.de
Thu Oct 5 13:29:26 CEST 2006
Kiki wrote:
> This looks more like an authorization check than an authentication
> check to me,
> since the purpose of authentication is just to establish an identity,
> while it is the
> purpose of authorization to determine if that identity is allowed to
> proceed
> (in your case, the identity is not allowed to do anything if it is
> not active).
The difference between role and status is, that a user can have many
roles and besides has exactly one status.
Status tells if the user can login at all while role decides what the
user is allowed to do.
As administrator you can revoke access by changing status to one of a
few options without touching the basic login credentials. This is
superior to techniques like changing username or password.
--
Bernhard Graf
More information about the Catalyst
mailing list