[Catalyst] What's the best way to exclude static requests from
needing user to log in?
Matt S Trout
dbix-class at trout.me.uk
Mon Apr 20 13:13:05 GMT 2009
On Sun, Apr 19, 2009 at 05:53:42PM +0400, Nickolay Platonov wrote:
> and I'm using this to implicitly specify which actions in controllers
> require authorization:
>
> #==================
> #Controller
>
> sub update :Local :ActionClass('+Travel::Action::AuthorizationRequired') {
> my ( $self, $c ) = @_;
>
> my $token = $c->req->params->{'token'};
> ..........
> }
>
> #==================
> #AuthorizationRequired Action
>
> sub execute {
> my $self = shift;
> my ( $controller, $c ) = @_;
>
> if ( !$c->user_exists() ) {
>
> $c->stash->{template} = "auth_required.tt2";
>
> $c->detach('View::TT');
> }
>
> $self->NEXT::execute( @_ );
> };
That's a lot of complexity compared to:
sub update :Local :AuthorizationRequired {
...
}
sub auto :Private { # in Root.pm (or use a root chain part to do the same)
my ($self, $c) = @_;
if ($c->action->attributes->{AuthorizationRequired} && $c->user_exists) {
$c->forward('auth_required');
return 0;
}
}
sub auth_required :Private {
my ($self, $c) = @_;
$c->stash(template => 'auth_required.tt2');
}
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director http://www.shadowcat.co.uk/catalyst/
Shadowcat Systems Ltd. Want a managed development or deployment platform?
http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/
More information about the Catalyst
mailing list