Tomas Doran skrev: > Gunnar Strand wrote: >> The table would then be consulted whenever a resource is accessed, >> and the lookup would be put in a central place, if possible. I've >> implemented a ":Restricted" action which handles authentication, and >> that is where I would try to add the authorization as well. One of >> the tricky things would be to have a generic way to create the >> resource identifier from request input. > > I think that for the complexity of what you're doing with auth, then > the authorization should be in the model layer. > > You should have methods on the model layer which take some form of > 'user', and restrict what can be retrieved by that user. This is > domain logic, so you need to build it into the domain. Thanks, Tom. You are of course correct. Moving authorization to the data model will make it harder to show only authorized functions in the presentation layer, though. I'll have to think about this, but it seems that it is a fairly early design decision if the authorization should be in the control- or model part. And perhaps using ACL or groups will suffice.
KR, Gunnar _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/