I'm finally considering writing something with the Chained dispatch type, and before I start I want to clarify how I'll do the auth stuff.
I'm trying to refactor to simplify repeated code. What I want to do is have something like /item/edit/23 and /user/edit/87 (repeated over many different actions and perhaps even tables, like /catalog/user/edit/23 vs. /phonelist/user/edit/23), so that instead of totally separate but almost identical methods (like I have now), I'll have one thing that goes to "item" or "user" (and/or "catalog" or "phonelist") and fills the stash with any relevant things, so that I can have one "edit" that does the work, but with whatever sort of table info is appropriate. However, I still need to have separate access levels: /item/edit and /item/view have different needs, as do /item/edit and /user/edit (and certainly /catalog/anything vs. /phonelist/anything). But if I make "edit" general, what's the good way to restrict people based on the entire chain? Right now I have a Root auto method making sure people are in the system and logged in, auto methods at each controller to make sure people are allowed to do that general thing (e.g., deal with "item"s or "user"s), and then further checks in each method as necessary (e.g. OK, he's logged in and he can deal with "item"s, but can he edit them? Or, does he own item 23 so he can edit this one item?). When my methods become generic, how do I keep doing this? Thanks. Jesse Sheidlower _______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
