Re: [Maypole] authorization with Maypole

From: Jesse Sheidlower (jester at panix.com)
Date: Mon Aug 30 2004 - 14:34:37 BST


On Mon, Aug 30, 2004 at 09:17:09AM -0400, Dennis Sutch wrote:
> Hi,
>
> Has anyone implemented authorization in Maypole? Does anyone have any
> ideas how to setup authorization such that authorization to individual
> objects (database records) are restricted to specific users (or users
> within a group)?

I have a 'user' table that has an 'access_level' column. I do authentication
generally as set up in Maypole::Authentication::UserSessionCookie, so after
logging in, $r->{user} is populated with a User object, which will contain
the access_level for a given user.

Then I can test for things in my templates as needed. For example, if I
want to set editing access for a particular table to "5", I'll add to the
relevant package something like

  MyDB->config->{library}{edit_access_level} = 5;

and then I can have a template like

  [% IF request.user.access_level >= request.config.library.edit_access_level %]
     [% button(item, "edit") %]
  [% END %]

Or something like that. I don't know what you want to do to restrict users
to _specific_ individual records, if that's what you mean, but if you can
test for something, yo ucan set it up more or less as above.

HTH.

Jesse Sheidlower

_______________________________________________
maypole mailing list
maypole at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole



This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:56 GMT