[Catalyst] What's the best way to exclude static requests from needing user to log in?

J. Shirley jshirley at gmail.com
Sun Apr 19 00:52:42 GMT 2009


On Sun, Apr 19, 2009 at 9:06 AM, <kakimoto at tpg.com.au> wrote:

>
> hi, all
>
>   what's the best way to exclude static requests from needing the user
> to log in?
> Some parts of my site are open to general public. For example, the
> 'contact us', 'services portfolio' and so forth pages.
>
>  At the moment, I have put in codes in my MyApp::Controller::Root->auto
> and it seems to want every request to be logged on.
>
>  Hence, identifying which path requests are for my static pages, I have
> put in a filter in the  MyApp::Controller::Root->auto method to return a
> 1 and not go further.
>
>
>  Any better way around this? Another way is to have specific methods in
> controllers themselves (any CRUD method)  checking if the user was
> logged on each time they request a controller action that requires
> authentication.
>
>
> Anyway, here's the source code. Hope it makes sense and thanks, everyone!
>
>
> ------------------ extract - MyApp::Controller::Root->auto method
> (start) --------------
>
> sub auto : Private {
>    my ($self, $c) =3D @_;
>
>    # filter out the static requsts
>    if ( $c->request->path() =3D~
>
> m{^(sign_up|subscription_plans|services_portfolio|company_profile|contact=
_us)$}smx
> )
>    {
>        return 1;
>    }
>    elsif ($c->controller eq $c->controller('Login') or
>           $c->controller eq $c->controller('Logout')) {
>        return 1;
>    }
>    else{
>        unless ($c->user_exists())
>        {
>            $c->log->debug(" Root.pm -> auto  - USER's not logged in.
> Forcing login and setting 'requested_page' =3D ". $c->req->path() );
>            myApp::Controller::Shared->store_in_session ($c,
>                { 'requested_page' =3D> $c->req->path(), }
>            );
>            $c->response->redirect($c->uri_for('/login'));
>
>            return 0;
>        }
>
>
>      return 1;
>    }
>
> ------------------ extract - MyApp::Controller::Root->auto method (end)
> --------------
>
>
>
>
I can think of several ways, the best being to use the ACL plugin, since
this is what it is for.  Drop the auto action determining what is necessary
and catch the auth errors in /end and handle accordingly.

Or, you could use Chained and have a root chain that requires authentication
(or, conversely, one that doesn't) and link that way.  This would be the
second best, in my opinion, but seeing that you aren't building your
application with Chained you probably aren't going to switch.

The way with your current code that I would do it is to define a
configuration key in your controller, like __PACKAGE__->config({
require_login =3D> 0 });

Then you can modify your Root::auto method, and add in something like this:
if ( defined $c->controller->{require_login} and
$c->controller->{require_login} =3D=3D 0 ) {
    return 1;
}

This, by default, would assume the user is required to login but then would
look at the controllers for the individual requirements.

Still a bit dirty, but not that intrusive.

-J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090419/eae35=
a5d/attachment.htm


More information about the Catalyst mailing list