>>>>> "Randal" == Randal L Schwartz <email@example.com> writes:
Randal> Consider also something like Slashdot, where the templates are loaded
Randal> from a database... I can also see that here. Maybe state-to-class is
Randal> dynamic based on current user ID or other security parameter? Really,
Randal> there's policy there, and it's best to let that be plugged in.
To further this, let's say I had a $big_client that needs to show a
login page if the user isn't logged in, regardless of whatever "state"
the ->get_state returns. They can override ->get_class to simply
return the login page if not logged in, regardless of whatever state
it's asked to show, and yet the old state is preserved for a "return
to FOO link". And then the ->get_state can be changed from hidden
fields to pathinfo without messing up the authorization section.
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
cgi-prototype-users mailing list