On 9/12/07, Micah Jaffe <[EMAIL PROTECTED]> wrote: > > I'm trying to figure out the best[*] way to validate Chained actions > at various points along the action chain. By validate, I mean "check > if the action should proceed or bomb out." Validation is not the > same as authentication; I may be logged in but I may not have > permissions to do certain things. It may also mean proceeding is not > possible because there is some bad data introduced in one of the > links. Let's take a simple chain where I want to check whether or > not a user can perform basic CRUD type things on our data. > Given two paths: > > /bigthing/<id> > /bigthing/<id>/edit > > I was building this chain as: > > load-bigthing-data -> check_read -> view > -> check_update -> edit > > Now this gets convoluted when I want to act on sub part of bigthing. > Say we have action paths that resemble something like: > > /bigthing/<id>/smallthing/<id_2> > /bigthing/<id>/smallthing/<id_2>/edit > > So presumably, I'd try to chain like: > > load-bigthing-data -> check_read -> load-smallthing-data -> view > (that's ok) > -> > check_update -> edit (bad) > > check_update is chained between check_read and edit, so I either need > to create a new (duplicated) check_update for smallthing edit or > preferably come up with something better. > > I wasn't very happy with the permissions validation being wedged in > as a link in this action chain. I think a better solution might be > to use attributes and custom Actions, but I'm still trying to wrap my > head around that possibility. The best solution would bomb out > before doing any more processing in further actions (i.e. doing it as > part of an 'end' action is not preferable). > > Thoughts? > > thanks, > Micah > > [*] Best = laziest to code + cleanest to extent + easiest to understand > > > _______________________________________________ > List: Catalyst@lists.rawmode.org > Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.rawmode.org/ > Dev site: http://dev.catalyst.perl.org/ >
Sounds like you want Authorization (Catalyst::Plugin::Authorization) http://search.cpan.org/search?query=Catalyst%3A%3APlugin%3A%3AAuthorization Easy to extend and implement :) -J -- J. Shirley :: [EMAIL PROTECTED] :: Killing two stones with one bird... http://www.toeat.com
_______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/