Am Mittwoch, den 30.09.2009, 16:30 +0200 schrieb Derek Wueppelmann: > On Wed, 2009-09-30 at 06:53 -0700, Bill Moseley wrote: > > > Does that approach provide you with enough fine-grained access > > control? > > I suppose you can check the action name in auth_required(). > > It actually does. Basically either the entire class requires auth or > not, and if I need to occasionally require auth to specific methods > that's easy enough to take care of on a case by case basis. > > > There are a number of existing modules to consider, for example: > > > > Catalyst::Action::Role::ACL > > Catalyst::Plugin::Authorization::ACL > > In order to use these I would have to rewrite significant portions of > the code. At this point it's not worth while doing. > > > I've also used an approach where I check for roles in each > > controller's auto method, and I've also used method attributes to > > indicate the access level required for each action (which has the > > benefit where I can require *every* dispatched action to have an > > access level specified or be blocked). > > > > I also do not detach to a login page, rather I always redirect. Not > > sure I remember the details of that choice, but one reason might have > > been I didn't want a URL for one resource to return a 200 yet not > > return the response for that URL and instead return a login form. > > I'm actually doing forwards to my login page right now. So that when a > user logs in they can still see the page they were originally trying to > view. I capture the URL they were attempting to view in the login > process.
You should redirect to your login page rather than displaying it under a different url. I store the previous url in the session and redirect to it after a successful login, works like a charm. -- best regards, Alex *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
