I'm in the process of adding custom access control for actions. I've been looking over C::P::Authorization::ACL. It overrides execute() which is run for every method called by the dispatcher, which includes begin, auto, the action itself, and end. Depending on how the ACLs are specified, the plugin wll block access to the actual action, but begin, auto, and end will still run.
I'm trying to decide if this is the best approach, or if would be better to test the ACL before dispatching. The issue is if the request is for /foo/bar, and an ACL rule blocks that, should Foo::(begin|end|auto) still run? Or should it act as if the /foo/bar action doesn't exist and not run any begin, auto, or end in the Foo controller? -- Bill Moseley [email protected] _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
