[Catalyst] Catalyst::Plugin::Prototype: current state?

[Ovid]

________________________________
From: Charlie Garrison <garrison at zeta.org.au>


> The fix is given in the warning message, eg:
>
> __PACKAGE__->config(default_view => 'TT'); # or whatever the name of your view is.
> 
> Then you have a 'default' view for your app and Catalyst doesn't need to choose one at 
> random. AutoCRUD is adding another view and Catalyst doesn't know which one to use by default.


Many thanks to you and Denny for clearing this up for me.

> > I'm using Catalyst::Controller::ActionRole and a custom role to ensure
> > that certain urls can only be accessed by those with admin privileges. I can't tell how to hook this into AutoCRUD. I suppose I could write a
> > custom subclass of the plugin, so this is the least of my issues.
>
> How about using C::P::Authorization::ACL, eg:
>
> __PACKAGE__->deny_access_unless(
>     "/autocrud",
>     [qw/admin/], # user must have role 'admin'
> );


Actually, after some discussion with the AutoCRUD author, it was generally agreed it would be safer to not integrate AutoCRUD directly into my app.  A different app running on a different domain/subdomain and setting security at the server level seems more appropriate. This is because the author made it clear that authz was not a design concern and the internal URLs vary widely.  Rather than risk opening up a hole to the database, separating this is much safer.

Cheers,
Ovid

 --
Buy the book         - http://www.oreilly.com/catalog/perlhks/
Tech blog            - http://blogs.perl.org/users/ovid/
Twitter              - http://twitter.com/OvidPerl
Official Perl 6 Wiki - http://www.perlfoundation.org/perl6