[Catalyst] Numerous Authorization queries

Stuart Dodds stuart at doddsweb.co.uk
Thu Nov 13 11:09:04 GMT 2008


I have a Catalyst app using the general Authentication and Authorization 
setup which is in most tutorials. The Authentication part is working 
fine...the user logs in and is stored in the Session....sorted.

The Authorization is also working to the extent that it does what its 
supposed to do. So if i call:


it returns false for any user which does not have an entry in the 
user_roles table with the role 'editor'.

Okay so far...

However, I came across what seems to be a problem when i wanted to debug 
the SQL for a query being generated by DBIC. When i saw the SQL output I 
found that there were hundreds of the same (authorization) queries being 
generated on a page load. eg:

SELECT me.role FROM roles me LEFT JOIN user_roles map_user_role ON ( 
map_user_role.role_id = me.id ) WHERE ( map_user_role.user_id = ? AND 
me.role IN ( ? ) ), '6', 'editor'

this is because on that particular page there is a list of links...if 
the user has 'editor' rights they should be able to see the link + 
content otherwise the 'viewer' role should only be able to view the 
content without the link.

That means every iteration the check_user_roles() sub is being called to 
display the link and hence the db is being hit every time.

First of all is this behavior supposed to happen? Or am i not supposed 
to use the sub this way? I thought perhaps once you called 
check_user_roles() the first time the data it got back could be stored 
somewhere in the Catalyst/User/someother object so it only hits the db 
once per page load (for that particular query).

Any information on this would be greatly appreciated, thanks.


More information about the Catalyst mailing list