[Catalyst] Applying a global SQL filter on REST controller.
Rajesh Kumar Mallah
mallah at redgrape.tech
Mon Feb 6 06:12:46 GMT 2017
Ok it did work out and i am able achieve what i wanted.
I created the below subroutine in:
ControllerBase/REST.pm
sub list_munge_parameters {
my ( $self, $c ) = @_;
$c->log->debug(" ***** list_munge_parameters callled!");
$c->req->_set_search_parameters( { society_id =>
$c->user->society_id() } );
}
But is it ok to use "PROTECTED METHODS" ?
Regds
Mallah
>
>
> Ok i do see some light! that I am exploring.
> Sorry for the noise i shall post again if i find a
> solution or otherwise even.
>
>
>
http://search.cpan.org/~abraxxa/Catalyst-Controller-DBIC-API-2.006002/lib/Catalyst/Controller/DBIC/API.pm
>
> list_munge_parameters
>
> list_munge_parameters is a noop by default. All arguments will be passed
> through without any manipulation. In order to successfully manipulate the
> parameters before the search is performed, simply access
> $c->req->search_parameters|search_attributes (ArrayRef and HashRef
> respectively), which correspond directly to ->search($parameters,
> $attributes). Parameter keys will be in already-aliased form. To store the
> munged parameters call $c->req->_set_search_parameters($newparams) and
> $c->req->_set_search_attributes($newattrs).
>
>
>
>> Dear Catalyst Experts/Users/Hackers,
>>
>> Please guide for the below situation,
>> I have put reasonable effort by searching on online
>> resources.
>>
>>
>> We have an application backed by SQL tables that stores
>> data of multiple customers in same table . We have
>> many such tables and all of them bear a column customer_id
>> for separating the records of one customer to another.
>>
>>
>> The security isolation requirement is that one customer should
>> not get to see records of other customer. What i have in mind
>> is to append an SQL filter customer_id = << customer_id of logged in
>> customer >>
>> at a global level . The controller modules for each database table are
>> being (auto)generated by the helper
>> Catalyst::Helper::Controller::DBIC::API::REST The dataset is being
>> exposed
>> via REST utilising
>> Catalyst::Controller::DBIC::API
>>
>> Can anyone please guide where such a constraint can be put ?
>>
>> Regds
>> Rajesh Kumar Mallah.
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>
>
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
More information about the Catalyst
mailing list