In our web app we have lots of features that are predicated upon the user's role. For example, a "show" link is available to everyone, but an "edit" link is only available to managers.
Is there a best-practices approach for dealing with this? There are two places where user-role is significant -- controller and view. In the controller we use chaining to bounce a user out of an edit method if they don't have the right role. And in the view we use lots of [% IF c.user.is_mgr %] logic to determine whether or not to display the links. (Using user-friendly urls like /thingy/27/edit makes the URL easy to guess, so checking inside the controller is a good idea.) So right now we're checking for the same thing in the view that we're checking for in the controller. The more features that get added that require role-checking, the more hairy this gets. Is there a way to get all this rolled up into one place? Or at least make the view a bit more elegant? -- Failure is not important. How you overcome it, is. -- Nick Vujicic
_______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
