Replying to my own email to document what I have done, and seek further advice. Please see below --
On Mon, Aug 10, 2009 at 3:35 PM, P Kishor<[email protected]> wrote: > I am experiencing a problem with C::A::P::Routes, and I think I know > what is going wrong, but I don’t know why or how to fix it. > > Background: I have implemented my application with C::A::Dispatch and > C::A::P::Authentication, and it works well. For various reasons I like > C::A::P::Routes, and would like to use it instead of C::A::Dispatch. > However, C::A::P::Routes doesn’t seem to respect the protected modes > set up by C::A::P::Authentication, and shows the protected modes > without letting the login form kick in. > > So, I investigated and discovered that C::A::P::Routes has a > disconnect between what it thinks is the runmode and the value of > $self->get_current_runmode. Here is my test -- > > sub setup { > my $self = shift; > > $self->start_mode('welcome'); > $self->routes([ > > # unprotected runmodes > '/welcome' => 'welcome', > '/login' => 'login', > > # protected runmodes > '/mainpage'=> 'mainpage', > ]); > > $self->param(protected_runmodes => ['mainpage']); > } > > sub cgiapp_prerun { > my $self = shift; > > $self->session->param('__RUN_MODE1', $self->get_current_runmode()); > my $protected_runmodes = $self->param('protected_runmodes'); > foreach my $rm (@$protected_runmodes) { > if ($self->get_current_runmode() eq $rm) { > $self->prerun_mode('login') > unless($self->session->param('__LOGGED_IN')); > last; > } > } > #$self->prerun_mode('login'); > $self->session->param('__RUN_MODE2', $self->get_current_runmode()); > } > In cgiapp_prerun, I changed the following line foreach my $rm (@$protected_runmodes) { > if ($self->get_current_runmode() eq $rm) { $self->prerun_mode('login') unless($self->session->param('__LOGGED_IN')); last; } to if ($self->prerun_mode() eq $rm) { and now it works as expected. Looking at the code of C::A::P::Routes, it seems to be setting the prerun_mode() correctly, but there doesn't seem to be any method for updating the value of get_current_runmode(). In fact, in the code for CGI::Application itself there doesn't seem to be any easy facility for changing the value of get_current_runmode() which seems to get its value from $self->{__CURRENT_RUNMODE} which seems to be set in sub run { .. # Set get_current_runmode() for access by user later $self->{__CURRENT_RUNMODE} = $rm; } To me, C::A::P::Routes seems more in the spirit of CGI::Application than C::A::D is, and I would rather use Routes, but something needs to be changed somewhere for it to work properly. > sub mainpage { > my $self = shift; > > my $tmpl = $self->load_tmpl('mainpage.html'); > $tmpl->param(runmode1 => $self->session->param('__RUN_MODE1')); > $tmpl->param(runmode2 => $self->session->param('__RUN_MODE2')); > $tmpl->param(debug => $self->routes_dbg); #dumps all the > C::A::P::Routes info > return $tmpl->output; > } > > And, when I point my browser to ‘http://<myapp>/mainpage’ this is what I get > > Main Page! > > You are now logged in! > > Runmode1: welcome > > Runmode2: welcome > > Debug: $VAR1 = { 'rule_matched: ' => '/mainpage', 'parsed_params: ' => > {}, 'path_received: ' => '/mainpage', 'runmode: ' => 'mainpage' }; > > See what is going on -- C::A::P::Routes correctly thinks the runmode > is ‘mainpage’ as per the URL. However, $self->get_current_runmode() > returns ‘welcome’ in cgiapp_prerun(), and as a result, the mainpage is > not protected. Now, it could be that C::A::P::Routes is firing *after* > my cgiapp_prerun() protected_mode logic is run. To test that, I > uncommented the #$self->prerun_mode('login'); line in cgiapp_prerun(), > and lo and behold, the runmode is changed to login. > > The remedy seems to be that once it has figured out the runmode > correctly, C::A::P::Routes should set the value of > $self->get_current_runmode() to it. > > If I have diagnosed the problem correctly, please help me find a fix. > If not, please help me diagnose correctly. > > Many thanks, > > > -- > Puneet Kishor http://www.punkish.org > Carbon Model http://carbonmodel.org > Charter Member, Open Source Geospatial Foundation http://www.osgeo.org > Science Commons Fellow, http://sciencecommons.org/about/whoweare/kishor > Nelson Institute, UW-Madison http://www.nelson.wisc.edu > ----------------------------------------------------------------------- > Assertions are politics; backing up assertions with evidence is science > ======================================================================= > Sent from Madison, WI, United States > ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
