[Catalyst] Catalyst::Plugin::Prototype: current state?

Oliver Gorwits oliver.gorwits at oucs.ox.ac.uk
Mon Mar 22 12:28:50 GMT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Charlie,

I'm the author of AutoCRUD, and fully support the route Ovid has
taken, indeed it's how we use AutoCRUD at my workplace: under its
own Apache <Location> with specific Apache ACLs for admin staff.

On 22/03/2010 11:32, Charlie Garrison wrote:
> What part of AutoCRUD is accessed outside the /autocrud path?

You might be misunderstanding how AutoCRUD works. The "/autocrud"
base is just a default - you can set this to something else or even
"". That means I cannot tell you what paths to protect, you need to
work it out for yourself, although they will be self-contained.

If you want to control access on a per-table basis, then your ACLs
are based on path parts which are constructed on the fly from your
DB schema and table names, and there is a risk you will get it
wrong. It's not even easy for me to document, because schema and
table names are not transposed literally into the path.

> To me, *having* to run a separate app
> indicates a design flaw. And if that's the case then I need to look at
> alternate solutions.
>
> I'm somewhat baffled
> that a tool which effectively allows full access to the DBIC model
> doesn't at least consider authz as part of the design.

I think you're a little wide of the mark here. There are many CRUD
solutions for Catalyst/DBIC, each with strengths and weaknesses. As
t0m put it very well in another thread:

   "AutoCRUD is very simple and easy to use, works like a charm and
also gives you absolutely no configurability."

If you want tight control over how your CRUD works then build the
CRUD yourself using one of the other frameworks[1]. Please don't
criticize AutoCRUD for not addressing a given feature - there are
any number of use cases where the plugin is perfectly adequate.

regards,
oliver.

[1] e.g. CatalystX::CRUD, CatalystX::CRUD::YUI or Catalyst::Manual
- -- 
Oliver Gorwits, Network and Telecommunications Group,
Oxford University Computing Services
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkunYoIACgkQ2NPq7pwWBt5IcwCdE24XYlBpYzDF3oBJsnhcJw6Y
jY0AoOTN/N6JXedk+qNjWmtQoxgW1ljy
=FY4w
-----END PGP SIGNATURE-----

More information about the Catalyst mailing list