hi,John, Good arvo. Thanks for the comments. My replies are as per below:
Quoting John Romkey <[email protected]>: > On Apr 18, 2009, at 8:06 PM, [email protected] wrote: > > hi, all > > > > what's the best way to exclude static requests from needing the > user > > to log in? > > The best way to exclude static requests from needing the user to log > > in is to not run them through Catalyst at all. Configure your web > server so that static files are served directly by the server. This > > will greatly improve performance as well as simplify your Catalyst > code. K. akimoto: You have a very good point and I think I will consider this. > > Unless that's not what you mean by static. > > If you by static you still mean some dynamic content, I would > strongly > avoid putting all the logic for access control in Root's auto method. > > Root's auto method then knows too much about the implementation > details of each controller. Instead put the access control logic > where > it belongs - with the stuff it's controlling access to. > - john romkey > http://www.romkey.com/ > > K. akimoto: this is interesting. All requests would have to go through Root->auto before any other actions in controllers Hence, whilst the Root->auto method does hold implementation details of all controllers in the application, it certainly makes future maintaince of the application ( in terms of controlling all controller access ) easier because the configuration is found in one spot rather than all across the many controllers. Is doing so a bad practice? I would really like to hear some good discussions here.. Thank you again, John :) K. akimoto _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
