Re: [cgiapp] Sessions and Permissions

Tue, 02 Apr 2002 13:17:18 -0800 

Greg,

   You rule.  I had not thought of adding the permissions error message 
to the Admin module until you
 gave me the idea.  I rewrote my check permissions module to handle it 
by redirecting to an error template and I only have to add one line of 
code for each mode.  Thank you very much.  You just saved me 2000 lines 
of code .

Greg Marr wrote:

> At 02:17 PM 04/02/2002, Kenny Pyatt wrote:
>
>> The decision has been made (although I can change it) to use a 
>> user-type/run-mode permission scheme.  I created a database that 
>> handles which users are which type and which types have access to 
>> which mode.  I even have it working :-)
>
>
> This sounds like exactly what I've done.  I like this style, because 
> then the run modes are responsible for determining what kind of access 
> they need, and I don't have to maintain a separate list.  I can also 
> just look at each run mode and see that it has the proper access, 
> rather than having to refer back to some master list somewhere.
>
>> The modes are given unique ids that are hard coded in.  Each run-mode 
>> looks like this:
>>
>> sub Mode
>> {
>>    my $self = shift;
>>    my $admin = $self->param('admin');
>>
>>    # Check for permission.
>>    if ($admin->checkPermission('ModuleName_Mode '))
>>    {
>>            # The have permission so go ahead
>>    }
>>    else
>>    {
>>            # They do not have permission so tell them.
>>    }
>
>
> Mine's a little simpler though:
>
> sub Mode
>     {
>     my $self = shift;
>     $self->CheckAccess('Mode');
>
>     # If execution gets to this point, they have permission
> [...]
>
> and then CheckAccess looks like this:
>
> sub CheckAccess($)
>     {
>     my ($self, $module) = @_;
>
>     # Not providing a module is always fatal
>     defined($module) or die "CheckAccess: module not defined";
>
>     # Perform the authentication stuff here
>
>     # If access was granted, return.
>     return(1) if $access_was_granted;
>
>     # Access denied, report the error to the user, and die.
>     warn "Refusing access to $module for $username\n";
>     die "You do not have permission to perform this operation.\n";
>     }
>

-- 
Thanks,
Kenny Pyatt
President
Design Shack
www.dshack.com




---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/[email protected]/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to