[Catalyst] Best way to validate Chained actions?

J. Shirley jshirley at gmail.com
Thu Sep 13 05:34:18 GMT 2007


On 9/12/07, Micah Jaffe <micah at affinitycircles.com> wrote:
>
> I'm trying to figure out the best[*] way to validate Chained actions
> at various points along the action chain.  By validate, I mean "check
> if the action should proceed or bomb out."  Validation is not the
> same as authentication; I may be logged in but I may not have
> permissions to do certain things.  It may also mean proceeding is not
> possible because there is some bad data introduced in one of the
> links.  Let's take a simple chain where I want to check whether or
> not a user can perform basic CRUD type things on our data.
> Given two paths:
>
> /bigthing/<id>
> /bigthing/<id>/edit
>
> I was building this chain as:
>
> load-bigthing-data -> check_read -> view
>                                   -> check_update -> edit
>
> Now this gets convoluted when I want to act on sub part of bigthing.
> Say we have action paths that resemble something like:
>
> /bigthing/<id>/smallthing/<id_2>
> /bigthing/<id>/smallthing/<id_2>/edit
>
> So presumably, I'd try to chain like:
>
> load-bigthing-data -> check_read -> load-smallthing-data -> view
> (that's ok)
>                                                           ->
> check_update -> edit (bad)
>
> check_update is chained between check_read and edit, so I either need
> to create a new (duplicated) check_update for smallthing edit or
> preferably come up with something better.
>
> I wasn't very happy with the permissions validation being wedged in
> as a link in this action chain.  I think a better solution might be
> to use attributes and custom Actions, but I'm still trying to wrap my
> head around that possibility.  The best solution would bomb out
> before doing any more processing in further actions (i.e. doing it as
> part of an 'end' action is not preferable).
>
> Thoughts?
>
> thanks,
> Micah
>
> [*] Best =3D laziest to code + cleanest to extent + easiest to understand
>
>
> _______________________________________________
> List: Catalyst at lists.rawmode.org
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/
>


Sounds like you want Authorization (Catalyst::Plugin::Authorization)

http://search.cpan.org/search?query=3DCatalyst%3A%3APlugin%3A%3AAuthorizati=
on

Easy to extend and implement :)

-J

-- =

J. Shirley :: jshirley at gmail.com :: Killing two stones with one bird...
http://www.toeat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070912/cd9ae=
b41/attachment.htm


More information about the Catalyst mailing list