try something like this... which is basically<br>1. verify the roles on the controller<br>2. build a data structure of displayed content based on roles and set to stash<br>3. let the view processes whats in the stash without checking for any roles<br>
<br>in the end its 1 controler and 1 view<br><br>Controller:<br><br>sub render_buttons{ <br><br>my $buttons => {<br> managers => {<br> (if $user->is_mgr) ? ( edit => 'manager_btn_edit.tt2' ) : (),<br>
//OR something like<br>//edit => { tt_template => 'manager_btn_edit.tt2', href => '/foo/edit', },<br> },<br> everyone => {<br> view => 'manager_btn_view.tt2',<br> },<br>}<br><br>
$c->stash(buttons => $buttons);<br><br>}<br><br><br><br><br>View:<br><br>[% PROCESS $buttons.everyone.view %] [% PROCESS $buttons.managers.edit %]<br><br><br><div class="gmail_quote">On Tue, Dec 28, 2010 at 3:35 PM, will trillich <span dir="ltr"><<a href="mailto:will.trillich@serensoft.com">will.trillich@serensoft.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">In our web app we have lots of features that are predicated upon the user's role. For example, a "show" link is available to everyone, but an "edit" link is only available to managers.<div>
<br></div>
<div>Is there a best-practices approach for dealing with this?</div><div><br></div><div>There are two places where user-role is significant -- controller and view. In the controller we use chaining to bounce a user out of an edit method if they don't have the right role. And in the view we use lots of [% IF c.user.is_mgr %] logic to determine whether or not to display the links. (Using user-friendly urls like /thingy/27/edit makes the URL easy to guess, so checking inside the controller is a good idea.)</div>
<div><br></div><div>So right now we're checking for the same thing in the view that we're checking for in the controller. The more features that get added that require role-checking, the more hairy this gets.</div>
<div><br></div><div>Is there a way to get all this rolled up into one place? Or at least make the view a bit more elegant?<br clear="all"><br>-- <br>Failure is not important. How you overcome it, is.<br>-- Nick Vujicic<br>
</div>
<br>_______________________________________________<br>
List: <a href="mailto:Catalyst@lists.scsys.co.uk">Catalyst@lists.scsys.co.uk</a><br>
Listinfo: <a href="http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst" target="_blank">http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst</a><br>
Searchable archive: <a href="http://www.mail-archive.com/catalyst@lists.scsys.co.uk/" target="_blank">http://www.mail-archive.com/catalyst@lists.scsys.co.uk/</a><br>
Dev site: <a href="http://dev.catalyst.perl.org/" target="_blank">http://dev.catalyst.perl.org/</a><br>
<br></blockquote></div><br>