[Catalyst] Re: Calling Controller Methods from inside begin or auto.

Bill Moseley moseley at hank.org
Wed Sep 30 18:06:01 GMT 2009

On Wed, Sep 30, 2009 at 10:13 AM, Aristotle Pagaltzis <pagaltzis at gmx.de>wro=

> I detach. My login action sets status 403 and pragma no-cache
> (etc) when it=92s not requested directly. I=92d love to be able to
> just send 401 instead and let the user agent take care of
> everything (which would transparently and securely deal with
> POSTs sent with expired auth credentials) =96 unfortunately the
> HTTP Auth UI in browsers is universally shoddy. If I felt the
> need, I could also check for browser vs automated agent and send
> either form + 403 to browsers and just a 401 to other clients.

Looking at my code I also return 401 for API requests.  I have a note in the
code that there was problems returning 403 on some browsers although maybe
that was just old IE when the content body was too short and it would
display its own message.

And looking at old svn logs I found another reason I redirect -- which might
be how my code grew over time.

At one point I added a "remember me" feature.  So I have code in the
controller's auto() which is basically "return unless $c->test_role( @roles
);" That test_role() method first checks if logged in, and if not logged in
then does the redirect.  But, before doing the redirect it attempts an
automatic login via the "remember me" feature.

The problem there was then the action's auto() and begin() methods were not
run with the user logged in, which was important for other reasons.

I would have expected to do the "remember me" login earlier (e.g. in root's
auto() ) and avoided that issue, but mabye I had a reason otherwise.
Anyway, the redirect does allow the login action to be called as a normal
request (with login's auto and begin methods run).

Granted, now there's $c->go to do a full dispatch, but redirect seems
cleaner at the expense of a redirect.

-- =

Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090930/17a98=

More information about the Catalyst mailing list