Gunnar Strand wrote:
The table would then be consulted whenever a resource is accessed, and
the lookup would be put in a central place, if possible. I've
implemented a ":Restricted" action which handles authentication, and
that is where I would try to add the authorization as well. One of the
tricky things would be to have a generic way to create the resource
identifier from request input.
I think that for the complexity of what you're doing with auth, then the
authorization should be in the model layer.
You should have methods on the model layer which take some form of
'user', and restrict what can be retrieved by that user. This is domain
logic, so you need to build it into the domain.
Does anyone know if this be implemented using ACL or Roles, and what are
the principles for doing so?
If not, what is your experience in solving this problem?
DBIx::Class::Schema::RestrictWithObject is probably the place to start
looking.
Cheers
t0m
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
