[Catalyst] "Dynamic" authorization

Tomas Doran bobtfish at bobtfish.net
Thu Jul 9 12:50:50 GMT 2009

Gunnar Strand wrote:
> The table would then be consulted whenever a resource is accessed, and 
> the lookup would be put in a central place, if possible. I've 
> implemented a ":Restricted" action which handles authentication, and 
> that is where I would try to add the authorization as well. One of the 
> tricky things would be to have a generic way to create the resource 
> identifier from request input.

I think that for the complexity of what you're doing with auth, then the 
authorization should be in the model layer.

You should have methods on the model layer which take some form of 
'user', and restrict what can be retrieved by that user. This is domain 
logic, so you need to build it into the domain.

> Does anyone know if this be implemented using ACL or Roles, and what are 
> the principles for doing so?
> If not, what is your experience in solving this problem?

DBIx::Class::Schema::RestrictWithObject is probably the place to start 


More information about the Catalyst mailing list