try something like this... which is basically
1. verify the roles on the controller
2. build a data structure of displayed content based on roles and set to
stash
3. let the view processes whats in the stash without checking for any roles
in the end its 1 controler and 1 view
Controller:
sub render_buttons{
my $buttons => {
managers => {
(if $user->is_mgr) ? ( edit => 'manager_btn_edit.tt2' ) : (),
//OR something like
//edit => { tt_template => 'manager_btn_edit.tt2', href => '/foo/edit', },
},
everyone => {
view => 'manager_btn_view.tt2',
},
}
$c->stash(buttons => $buttons);
}
View:
[% PROCESS $buttons.everyone.view %] [% PROCESS $buttons.managers.edit %]
On Tue, Dec 28, 2010 at 3:35 PM, will trillich
<[email protected]>wrote:
> In our web app we have lots of features that are predicated upon the user's
> role. For example, a "show" link is available to everyone, but an "edit"
> link is only available to managers.
>
> Is there a best-practices approach for dealing with this?
>
> There are two places where user-role is significant -- controller and view.
> In the controller we use chaining to bounce a user out of an edit method if
> they don't have the right role. And in the view we use lots of [% IF
> c.user.is_mgr %] logic to determine whether or not to display the links.
> (Using user-friendly urls like /thingy/27/edit makes the URL easy to guess,
> so checking inside the controller is a good idea.)
>
> So right now we're checking for the same thing in the view that we're
> checking for in the controller. The more features that get added that
> require role-checking, the more hairy this gets.
>
> Is there a way to get all this rolled up into one place? Or at least make
> the view a bit more elegant?
>
> --
> Failure is not important. How you overcome it, is.
> -- Nick Vujicic
>
> _______________________________________________
> List: [email protected]
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/[email protected]/
> Dev site: http://dev.catalyst.perl.org/
>
>
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
