[Catalyst] Re: Calling Controller Methods from inside begin or auto.

Derek Wueppelmann dwueppel at gmail.com
Wed Sep 30 14:30:15 GMT 2009

On Wed, 2009-09-30 at 06:53 -0700, Bill Moseley wrote:

> Does that approach provide you with enough fine-grained access
> control?
> I suppose you can check the action name in auth_required().

It actually does. Basically either the entire class requires auth or
not, and if I need to occasionally require auth to specific methods
that's easy enough to take care of on a case by case basis.

> There are a number of existing modules to consider, for example:
> Catalyst::Action::Role::ACL
> Catalyst::Plugin::Authorization::ACL

In order to use these I would have to rewrite significant portions of
the code. At this point it's not worth while doing.

> I've also used an approach where I check for roles in each
> controller's auto method, and I've also used method attributes to
> indicate the access level required for each action (which has the
> benefit where I can require *every* dispatched action to have an
> access level specified or be blocked).
> I also do not detach to a login page, rather I always redirect.  Not
> sure I remember the details of that choice, but one reason might have
> been I didn't want a URL for one resource to return a 200 yet not
> return the response for that URL and instead return a login form.

I'm actually doing forwards to my login page right now. So that when a
user logs in they can still see the page they were originally trying to
view. I capture the URL they were attempting to view in the login

 o)   Derek Wueppelmann           (o
(D .   dwueppel at gmail.com          D).
((`     http://www.monkeynet.ca   ( ) `

More information about the Catalyst mailing list