[Catalyst] Paradigm question: how to use ResultSet level security
based on $c->user?
Tomas Doran
bobtfish at bobtfish.net
Fri Oct 21 18:35:31 GMT 2011
On 11 Oct 2011, at 17:57, will trillich wrote:
>
> Is this Kosher?
Yes, this is entirely fine!
You may however want to look at
Catalyst::TraitFor::Model::DBIC::Schema::WithCurrentUser, which will
help your DBIC schema 'magically' get hold of the user if available,
and DBIx::Class::Schema::RestrictWithObject, which will allow you to
use that user to restrict your resultsets to the stuff that user can
see...
So basically, you're on completely the right lines - the 'right' thing
to do is to just handle this at the DBIC layer (so that you tell DBIC
your user, and then all resultsets you get back are things that user
is allowed to see)..
Hope this helps!
Cheers
t0m
More information about the Catalyst
mailing list