Hi.
I'm relatively new to Catalyst. Also, since I'm not a programmer by trade I
only get to spend a few hours a week on code so I'm a bit rusty on some stuff.
I've built a basic project / task system. User creates project then creates
tasks for that project. The tasks can be assigned to other users for
completion. However, the next bit of logic I need to build is to only allow
users assigned to the task to edit that task. I've setup two tables in the
database (MySQL) to store the relationships:
project_user (project_id, user_id)
task_user (task_id, user_id)
I've code written for authenticating users against MySQL so only people who
register can access the system, but right now any authenticated user can access
any project or task. I've found the Authorization::Roles & Authorization::ACL
modules, but they seem to only be for higher level access. Perhaps I'm missing
something.
So my question: is there an example application or best practice on how to
implement a check on all calls to see if the user should be accessing a
specific item? I guess this would apply to any type of system: blog, auction,
cms, etc. -- they all require checking if a specific user can edit a specific
item.
Thanks!
Cheers,
chunk
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
