[Catalyst] Advanced role-based authorization
jakac
jakac at iprom.si
Tue May 13 08:52:10 BST 2008
Hello!
I am new to Catalyst and I am developing my first web application using =
this really
great framework. I really like the way Catalyst allows me to build my =
application but
now I have a problem which I can not resolve by myself.
I studied the tutorial and I understand the whole concept of "role =
based" authorization
where we have three tables:
- users (list of users with primary key user_id)
- roles (list of roles with primary key role_id)
- users_roles (with user_id - role_id relations)
but for my application I need a bit more advanced system than that =
because every
user has also multiple pages and different roles for each page (he can =
edit some,
only view the others etc.). One user has different permissions for each =
of the pages and
also more users have access (and different permissions) to the same page.
So I need 4 tables:
- users (list of users with primary key user_id)
- roles (list of roles with primary key role_id)
- pages (list of pages with primary key page_id)
- users_pages_roles (with user_id - page_id - role_id relations)
e.g.:
user1 | page1 | edit
user1 | page2 | edit
user2 | page2 | view
user3 | page1 | edit
user3 | page2 | view
etc.
How can I make this kind of authorization using Catalyst? How to build a =
model
and configure "roles" plugin?
Also with simple role based system I can check if user has permission to =
use that part
of application using:
$c->assert_user_roles( qw/rolename/ );
What about with this kind of "advanced" authorization?
Thank you all!
JakaC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20080513/13d19=
8a7/attachment.htm
More information about the Catalyst
mailing list