[Catalyst] Example app showing user to "item" authorization?

Jason Gottshall jgottshall at capwiz.com
Wed Dec 10 14:11:19 GMT 2008

Tomas Doran wrote:
> On 9 Dec 2008, at 04:24, bill hauck wrote:
>> So my question: is there an example application or best practice on 
>> how to implement a check on all calls to see if the user should be 
>> accessing a specific item?  I guess this would apply to any type of 
>> system: blog, auction, cms, etc. -- they all require checking if a 
>> specific user can edit a specific item.
> Assuming that you're using DBIx::Class, then the common way of doing 
> this would be to use ResultSet chaining to limit things.
> What you do is add a 'limit_by_user' method (name is not important - 
> just pick one and stick to it for your entire app) on each ResultSet 
> class which you can pass $c->user, and have it return a filtered result 
> set..
> You then arrange your controllers such that you will call this method on 
> all resultsets before actually searching them. The simplest strategy is 
> to just have code like:
> $c->stash->{project} = 
> $c->model('DB::Project')->limit_by_user($c->user)->find_by_foo($foo);
> whenever you want to do a search.

You might try using DBIx::Class::Schema::RestrictWithObject to do this 
more centrally. Essentially you put all your "limit_by_user" filters 
into one central package, then you just pass $c->user to the schema at 
the beginning of the request. RestrictWithObject will intercept all 
searches and tack on the appropriate filter for the requested resultset 
for you.


Jason Gottshall
jgottshall at capwiz.com

More information about the Catalyst mailing list