[Catalyst] Re: action_for with user_id removed ...
Aristotle Pagaltzis
pagaltzis at gmx.de
Sat Feb 6 19:24:17 GMT 2010
* Kiffin Gish <kiffin.gish at planet.nl> [2010-02-06 11:25]:
> I'm not so sure that I agree, though I can appreciate your
> point of view.
>
> All I'm doing in fact is using the $user->id saved in the
> session, there being nothing papered over for authorization
> which is accomplished via the usual login mechanism.
I’m talking about the fact that you don’t want users to know
their account ID. Why would it be any problem if they do know it?
* Bill Moseley <moseley at hank.org> [2010-02-06 17:35]:
> Plus, it sure is handy in documentation to say:
>
> To update your personal profile go to: http://example.com/myprofile
True.
My first inclination would be to handle that with a redirect.
* Oliver Charles <oliver.g.charles at googlemail.com> [2010-02-06 18:15]:
> We have to points in urls for this:
>
> * /user/<id>/<foo>
> "Public" viewing of user stuff (public may mean only
> a restricted set of users can view it, but it's not private)
>
> * /account/<action>
> For doing stuff that only you can do to your own account
> (change password etc)
++
I’ve found this to be a generally good idea, not only to reduce
the amount of conditional checks in server code and templates,
but also from the user’s point of view, as it makes it readily
possible to access all the different views to a resource.
Basically: URIs are cheap. Don’t be afraid to have more of them.
HTTP infrastructure suffers much more where there are too few
URIs than where there are too many.
Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>
More information about the Catalyst
mailing list