FAQ
In the app I'm writing, I've thus far been able to implement authz
code---not based on any of the existing plugins, as I'm using some
pre-existing model code---in an auto method. This has worked well.

There is generally one method in each of my controllers that has less
stringent authz needs---it's listing things the user might then try to
manipulate---and it's got a by-name exception in the auto code. I
thought for a while that I had a couple of other methods that needed
exceptions, but I realized that what this was really telling me was
that they belonged elsewhere.

Before I had that realization, though, one thing I contemplated as a
way to avoid ending up with a list of special cases in my auto method
was using custom attributes to mark a routine as to what it required.

So, for instance, you could mark a method as "NoAuthz" and the auto
code could skip checks that didn't apply when that routine was being
called.

Except, I realized, despite the nice Private -> Class mapping table
that is output in debug mode suggesting that this information exists
somewhere, I didn't see any way to easily go from request->action to
&$class::method or such.

And yet, I'm sure that mapping must be somewhere---is there any
official API to get that information?

Mike
--
Speak in extremes, it will save you time -- Tin Machine

Search Discussions

  • Sebastian Riedel at Aug 18, 2005 at 2:08 am

    Am 18.08.2005 um 00:59 schrieb Michael Alan Dorman:

    In the app I'm writing, I've thus far been able to implement authz
    code---not based on any of the existing plugins, as I'm using some
    pre-existing model code---in an auto method. This has worked well.

    There is generally one method in each of my controllers that has less
    stringent authz needs---it's listing things the user might then try to
    manipulate---and it's got a by-name exception in the auto code. I
    thought for a while that I had a couple of other methods that needed
    exceptions, but I realized that what this was really telling me was
    that they belonged elsewhere.

    Before I had that realization, though, one thing I contemplated as a
    way to avoid ending up with a list of special cases in my auto method
    was using custom attributes to mark a routine as to what it required.

    So, for instance, you could mark a method as "NoAuthz" and the auto
    code could skip checks that didn't apply when that routine was being
    called.

    Except, I realized, despite the nice Private -> Class mapping table
    that is output in debug mode suggesting that this information exists
    somewhere, I didn't see any way to easily go from request->action to
    &$class::method or such.

    And yet, I'm sure that mapping must be somewhere---is there any
    official API to get that information?
    No there is not, we actually translate attributes to Catalysts
    internal format, ignoring all non supported attribues, so it's
    useless for you.
    All we have is reflect_actions() in Catalyst::Utils, which returns a
    coderef and its attributes.


    --
    sebastian

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedAug 18, '05 at 12:55a
activeAug 18, '05 at 2:08a
posts2
users2
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2021 Grokbase