[Catalyst] Re: Calling Controller Methods from inside begin or
auto.
Derek Wueppelmann
dwueppel at gmail.com
Wed Sep 30 14:30:15 GMT 2009
On Wed, 2009-09-30 at 06:53 -0700, Bill Moseley wrote:
> Does that approach provide you with enough fine-grained access
> control?
> I suppose you can check the action name in auth_required().
It actually does. Basically either the entire class requires auth or
not, and if I need to occasionally require auth to specific methods
that's easy enough to take care of on a case by case basis.
> There are a number of existing modules to consider, for example:
>
> Catalyst::Action::Role::ACL
> Catalyst::Plugin::Authorization::ACL
In order to use these I would have to rewrite significant portions of
the code. At this point it's not worth while doing.
> I've also used an approach where I check for roles in each
> controller's auto method, and I've also used method attributes to
> indicate the access level required for each action (which has the
> benefit where I can require *every* dispatched action to have an
> access level specified or be blocked).
>
> I also do not detach to a login page, rather I always redirect. Not
> sure I remember the details of that choice, but one reason might have
> been I didn't want a URL for one resource to return a 200 yet not
> return the response for that URL and instead return a login form.
I'm actually doing forwards to my login page right now. So that when a
user logs in they can still see the page they were originally trying to
view. I capture the URL they were attempting to view in the login
process.
--
o) Derek Wueppelmann (o
(D . dwueppel at gmail.com D).
((` http://www.monkeynet.ca ( ) `
More information about the Catalyst
mailing list