Re: [Maypole] role based authentication

From: Sebastian Riedel (sri at oook.de)
Date: Wed Jan 12 2005 - 15:39:19 GMT


Marcello:
> I am developing and application using maypole, and I would like to
> discuss role based authentication.
>
> The main uses I see for roles in maypole are:
>
> 1) Check if the current user is allowed to call a particular
> tagle/action couple.
> For example, we could have a "role" table and a "user" table which
> should be visible to "administrators" (i.e. users who belong to role
> "administrator") but not to "customers" (i.e. users who belong to role
> "customer"); or, we could limit customers' access to their data to be
> read-only, so a user with role "customer" could call customerdata/list
> but not customerdata/delete; and so on.

In Catalyst it's the other way around.

You just do something like this directly in your actions, i personally
find this much more simple and maintainable.

    __PACKAGE__->action(
        'sign-in.html' => sub {
            my ( $self, $c ) = @_;
            $c->stash->{template} = 'sign-in.tt';

            # ...do sign-in stuff...

        },
        'index.html' => sub {
            my ( $self, $c ) = @_;
            $c->roles('customer')
              ? $c->stash->{template} = 'index.tt'
              : $c->forward('sign-in.html');
        }
    );

>
> 2.a) Build a menu template which displays only the allowed actions for
> the current user.
>
> 2.b) Each button, hyperlink or form pointing to a particular
> table/action combination should be displayed only if the current user is
> allowed to call that combination.
>
> 3) Write role-specific templates.

Why are you guys always trying to exploit the built in actions?
They're just to get you started!

I would even vote to reduce them to a minimum and get them out of
Maypole::Model::CDBI...but i already said that many times in the past!

And again a glimpse at how i do it in Catalyst. ;)

Everything in Catalyst, Model, View and Controller are components,
represented as object classes.

Finding .pm's and instantiating them is all automatically done by
Catalyst, you just write a MyApp/Model/CDBI.pm and begin to use it.

    package MyApp::Model::CDBI;

    use base 'Catalyst::Model::CDBI';

    __PACKAGE__->config(
        dsn => 'dbi:Pg:dbname=petstore',
        password => '',
        user => 'postgres',
        options => { AutoCommit => 1 },
        relationships => 1
    );

    package MyApp;

    use Catalyst;

    # ... actions and stuff ...

Now if you want CRUD, you just replace Catalyst::Model::CDBI with
Catalyst::Model::CDBI::CRUD, and define an action for every table where
you forward processing to the built-in crud method, which redispatches
to list/add/delete/edit...

    __PACKAGE__->action(
        tablename => sub {
            my ( $self, $c ) = @_;
            $c->forward(/MyApp::Model::CDBI crud/);
        }
    );

-- 
sebastian

_______________________________________________ maypole mailing list maypole at lists.netthink.co.uk http://lists.netthink.co.uk/listinfo/maypole



This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:57 GMT