Instead of assert_user_roles, you could use check_user_roles, to verify if the user is manager _first_. If he is, assert_user_roles doesn't get called, and the manager proceeds with the task. If he isn't, assert_user_roles is called as before.
Of course, it might be worth changing the authorization::Roles plugin with an additional assert_any_role (and check_any_role) which suceeds if the user has at least one of the roles required (i.e. an OR of roles instead of an and). Considering how often a managerial override is needed in today's web applications, I think that would be worth it... _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
