FAQ
Sadly, it was not clear to me that you could have only one ActionClass
per handler. I finally figured it out after tracing things and reading
lots of perldoc. <sigh> I'm new to this. It worked fine for my paths
that were not RESTful also :-)

I see the notes about a proposed patch (http://www.mail-archive.com/catalyst@lists.rawmode.org/msg04135.html
) which redirected to a Grand Unified Theory of Rearchitecture
(instead of applying the patch). Dumb question -- where can I read
more about the rearchitecture?


Anyways, I have a real issue and a proposal --

So here's what I want to do:

--- Controller ---
...
sub config_element :Path('') ActionClass('REST')
ActionClass( 'LoginRequired' )
{
my ( $self, $c ) = @_;

$c->log->debug("I only get this if I'm logged in!");
}
...
------

--- MyApp::Action::LoginRequired ---
...
sub execute
{
my $self = shift;
my ( $controller, $c, @args ) = @_;

if ( ! $c->session->{'logged_in'} )
{
$c->detach('/login_required');
}

my $r = $self->next::method(@_);

return $r;
}
...
-------

Why? It just seemed way cleaner to me (LoginRequired *is* attribute-y
to me :-) than repeated:
---
$c->detach('/login_required') unless $c->session-
{'logged_in'};
---

lines throughout all of my methods. Specifically, I added a "auth not
required" mode in which login-requirements were temporarily defeated,
and I had to go edit every path everywhere that had this code bit.
Sure, I can turn "$c->session->{'logged_in'}" into a app/context
method call and have the code only there...but it misses the point (or
*I* miss the point).

Attributes are decorators and meta-behaviours, and access requirements
seemed like a perfect example of this to me. Obviously they don't have
to be ActionClass(es).

So (he says, phrasing it in the form of an RFC), would there be any
traction in pursuing a Auththent/Author/ACL attribute that slots in?

Something like:

sub mypath1 : AllowWhen( 'authenticated' ) { }
sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if
user has any of the roles
sub mypath3 : AllowWhen( 'hasallroles(organization1,administration)' )
{ } # permitted if user has all of the roles

May I have feedback (up to and hopefully not including "please go
away" :-)

Thanks very much for your time.

Bruce


---
Bruce McKenzie
brucem@dynamicrange.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst-dev/attachments/20090403/589ae3c3/attachment-0001.htm

Search Discussions

  • Kieren Diment at Apr 4, 2009 at 2:27 am

    On 04/04/2009, at 12:22 PM, Bruce McKenzie wrote:

    Sadly, it was not clear to me that you could have only one
    ActionClass per handler. I finally figured it out after tracing
    things and reading lots of perldoc. <sigh> I'm new to this. It
    worked fine for my paths that were not RESTful also :-)

    I see the notes about a proposed patch (http://www.mail-archive.com/catalyst@lists.rawmode.org/msg04135.html
    ) which redirected to a Grand Unified Theory of Rearchitecture
    (instead of applying the patch). Dumb question -- where can I read
    more about the rearchitecture?
    Evil hack:

    use multiple inheritance to create a 'RESTLoginRequired' actionclass

    Better solution:

    Use Catalyst::Controller::ActionRole to define your own attributes.


    Anyways, I have a real issue and a proposal --

    So here's what I want to do:

    --- Controller ---
    ...
    sub config_element :Path('') ActionClass('REST')
    ActionClass( 'LoginRequired' )
    {
    my ( $self, $c ) = @_;

    $c->log->debug("I only get this if I'm logged in!");
    }
    ...
    ------

    --- MyApp::Action::LoginRequired ---
    ...
    sub execute
    {
    my $self = shift;
    my ( $controller, $c, @args ) = @_;

    if ( ! $c->session->{'logged_in'} )
    {
    $c->detach('/login_required');
    }

    my $r = $self->next::method(@_);

    return $r;
    }
    ...
    -------

    Why? It just seemed way cleaner to me (LoginRequired *is* attribute-
    y to me :-) than repeated:
    ---
    $c->detach('/login_required') unless $c->session-
    {'logged_in'};
    ---

    lines throughout all of my methods. Specifically, I added a "auth
    not required" mode in which login-requirements were temporarily
    defeated, and I had to go edit every path everywhere that had this
    code bit. Sure, I can turn "$c->session->{'logged_in'}" into a app/
    context method call and have the code only there...but it misses the
    point (or *I* miss the point).

    Attributes are decorators and meta-behaviours, and access
    requirements seemed like a perfect example of this to me. Obviously
    they don't have to be ActionClass(es).

    So (he says, phrasing it in the form of an RFC), would there be any
    traction in pursuing a Auththent/Author/ACL attribute that slots in?

    Something like:

    sub mypath1 : AllowWhen( 'authenticated' ) { }
    sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if
    user has any of the roles
    sub mypath3 :
    AllowWhen( 'hasallroles(organization1,administration)' ) { } #
    permitted if user has all of the roles

    May I have feedback (up to and hopefully not including "please go
    away" :-)

    Thanks very much for your time.

    Bruce


    ---
    Bruce McKenzie
    brucem@dynamicrange.com



    _______________________________________________
    Catalyst-dev mailing list
    Catalyst-dev@lists.scsys.co.uk
    http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst-dev @
categoriescatalyst, perl
postedApr 4, '09 at 2:22a
activeApr 4, '09 at 2:27a
posts2
users2
websitecatalystframework.org
irc#catalyst

2 users in discussion

Kieren Diment: 1 post Bruce McKenzie: 1 post

People

Translate

site design / logo © 2021 Grokbase