Tomas Doran wrote:
On 9 Dec 2008, at 04:24, bill hauck wrote:
So my question: is there an example application or best practice on
how to implement a check on all calls to see if the user should be
accessing a specific item? I guess this would apply to any type of
system: blog, auction, cms, etc. -- they all require checking if a
specific user can edit a specific item.
Assuming that you're using DBIx::Class, then the common way of doing
this would be to use ResultSet chaining to limit things.
What you do is add a 'limit_by_user' method (name is not important -
just pick one and stick to it for your entire app) on each ResultSet
class which you can pass $c->user, and have it return a filtered result
set..
You then arrange your controllers such that you will call this method on
all resultsets before actually searching them. The simplest strategy is
to just have code like:
$c->stash->{project} =
$c->model('DB::Project')->limit_by_user($c->user)->find_by_foo($foo);
whenever you want to do a search.
You might try using DBIx::Class::Schema::RestrictWithObject to do this
more centrally. Essentially you put all your "limit_by_user" filters
into one central package, then you just pass $c->user to the schema at
the beginning of the request. RestrictWithObject will intercept all
searches and tack on the appropriate filter for the requested resultset
for you.
HTH,
Jason
--
Jason Gottshall
[EMAIL PROTECTED]
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
