[Catalyst] Re: Calling Controller Methods from inside begin or auto.

Alexander Hartmaier alexander.hartmaier at t-systems.at
Wed Sep 30 16:19:04 GMT 2009

Am Mittwoch, den 30.09.2009, 16:30 +0200 schrieb Derek Wueppelmann:
> On Wed, 2009-09-30 at 06:53 -0700, Bill Moseley wrote:
> > Does that approach provide you with enough fine-grained access
> > control?
> > I suppose you can check the action name in auth_required().
> It actually does. Basically either the entire class requires auth or
> not, and if I need to occasionally require auth to specific methods
> that's easy enough to take care of on a case by case basis.
> > There are a number of existing modules to consider, for example:
> >
> > Catalyst::Action::Role::ACL
> > Catalyst::Plugin::Authorization::ACL
> In order to use these I would have to rewrite significant portions of
> the code. At this point it's not worth while doing.
> > I've also used an approach where I check for roles in each
> > controller's auto method, and I've also used method attributes to
> > indicate the access level required for each action (which has the
> > benefit where I can require *every* dispatched action to have an
> > access level specified or be blocked).
> >
> > I also do not detach to a login page, rather I always redirect.  Not
> > sure I remember the details of that choice, but one reason might have
> > been I didn't want a URL for one resource to return a 200 yet not
> > return the response for that URL and instead return a login form.
> I'm actually doing forwards to my login page right now. So that when a
> user logs in they can still see the page they were originally trying to
> view. I capture the URL they were attempting to view in the login
> process.

You should redirect to your login page rather than displaying it under a
different url.
I store the previous url in the session and redirect to it after a
successful login, works like a charm.

best regards, Alex

T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.

More information about the Catalyst mailing list