[Catalyst] How to do pass-through login?
Gunnar Strand
gunnarstrand at yahoo.com
Sun Jul 12 07:49:32 GMT 2009
Tomas Doran skrev:
>
> On 10 Jul 2009, at 21:09, Gunnar Strand wrote:
>
>>
>> Thanks to all who answered my post regarding pass-through login! It put
>> me on the right track and it works like a charm now.
>>
>> In my solution I have an action, Catalyst::Action::Restricted, which I
>> put on the subroutines which require a logged-in user
>> (:ActionClass('Restricted')). If no user is logged in, then the request
>> state is saved and the user forwarded to the login page.
>>
>> I think it would be helpful to the next guy to improve the Cookbook with
>> a more elaborate example on how to implement this. The current paragraph
>> is a little thin, IMHO.
>
>
> Don't write how to implement it in the cookbook, implement the generic
> version and put it on CPAN.. Except, that actually already happened
> (Catalyst::Action::Role::ACL)
>
> However - this is a bit silly, it's better implemented as an action
> role.. (ala Catalyst::Controller::ActionRole) in my opinion, otherwise
> it won't play nicely with things such as Catalyst::Action::REST.
>
> Having spoken to the the author of the above mentioned module, I've
> gone ahead and converted it to an ActionRole:
>
> http://github.com/bobtfish/catalyst-actionrole-acl/tree/master
>
> This will hopefully be seen on a CPAN near you soon, patches are
> obviously welcome if it wasn't quite what you were thinking of.. ;)
That's great!
Still, I think the Manual::Cookbook page need clarification concerning
pass-through login because it's not obvious how it's implemented. Or
have it permanently implemented on CPAN and then have the Cookbook
updated. I am not entirely sure where it should be put. Currently I've
added a Myapp::State class which encapsulates save and restore of the
request state, but it should perhaps either be part of Session (as a
generic request state save/restore) or Request (as request->pause/resume
or request->delay/continue or some such).
It seems on the borderland of authenticate/authorization when a user
only need to be authenticated to be authorized to do some actions.
Authentication should probably offer similar support,
Catalyst::ActionRole::Authenticated (eg. sub list_member :Local
:RequireAuthenticatedUser () { ...} )?
KR,
Gunnar
More information about the Catalyst
mailing list