On 30 Aug 2009, at 21:17, Bill Moseley wrote:
I'm trying to decide if this is the best approach, or if would be
better to test the ACL before dispatching. The issue is if the
request is for /foo/bar, and an ACL rule blocks that, should
Foo::(begin|end|auto) still run? Or should it act as if the /foo/bar
action doesn't exist and not run any begin, auto, or end in the Foo
controller?
I think that either would be a valid design decision.
I don't think that entirely shortcutting dispatch gives you as much
flexibility, and I tend to do the 'hard' part of the hit in the
terminus action anyway, so running the begin action isn't a big deal
for me.
I personally prefer it to be done on a per-action basis, as I _want_
begin / end / auto to run even in the case where the action itself is
denied (as this gives you the chance to 'whitelist' the action given
special conditions for one example, or to use the end action to
serialize an 'access denied' REST response back in a site with an API
for another example).
Cheers
t0m
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
