FAQ

Andreas Marienborg wrote:
If the Order has a user field, why not just relationships?

package My::Model::User;

__PACKAGE__->has_many(orders and so on);

then you always do $user->orders to get a users orders for instance.

If you need it for more complex things, I would say it belongs in the
model.
"Restricting access" was probably not the best term to use - it's not so
much "which orders belong to user X?" that I'm trying to answer (I
already use the approach you describe for that).

It's "can user X access this order?". IMO it does seem to fit better in
the model - I just can't see for the moment how I could implement
different access rules in different apps if I'm using common model
classes. That's what makes me wonder about putting this in a controller
instead.

andreas
On 3. jul. 2006, at 12.54, Will Hawes wrote:

I need to restrict access to certain model classes based on which user
is logged in to my app. For example, users should not be able to view
orders belonging to other users. Possibly due to thinking about it too
much, I can't decide whether it makes sense to put this
functionality in
the Controller or Model layer of the app. My initial thought was to
add
subs to model classes something like:

package My::Model::Order;

sub can_view {
my ( $self, $user ) = @_;
if( $user->id ne $self->user->id ) {
return 0;
}
return 1;
}

The thing I don't particularly like about this is that if I want to
use
the same functionality in another app sharing this model (fairly
likely)
then they will have to agree about the specific rules for who can
access
which model classes, which may not always be desirable.

Instead I thought about using a dedicated controller class to add the
aforementioned subs to model classes instead, i.e. only for that
controller's application. This seems to make sense but I'm not sure if
I've overlooked any problems it may introduce.

I imagine similar functionality must be a reasonably common
requirement,
so my question is, how have others implemented it?

_______________________________________________
List: Catalyst at lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/
catalyst at lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

_______________________________________________
List: Catalyst at lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst at lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 3 of 10 | next ›
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedJul 3, '06 at 10:54a
activeJul 18, '06 at 5:44p
posts10
users6
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2021 Grokbase