FAQ
In our web app we have lots of features that are predicated upon the user's
role. For example, a "show" link is available to everyone, but an "edit"
link is only available to managers.

Is there a best-practices approach for dealing with this?

There are two places where user-role is significant -- controller and view.
In the controller we use chaining to bounce a user out of an edit method if
they don't have the right role. And in the view we use lots of [% IF
c.user.is_mgr %] logic to determine whether or not to display the links.
(Using user-friendly urls like /thingy/27/edit makes the URL easy to guess,
so checking inside the controller is a good idea.)

So right now we're checking for the same thing in the view that we're
checking for in the controller. The more features that get added that
require role-checking, the more hairy this gets.

Is there a way to get all this rolled up into one place? Or at least make
the view a bit more elegant?

--
Failure is not important. How you overcome it, is.
-- Nick Vujicic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20101228/41f840c5/attachment.htm

Search Discussions

  • Hernan Lopes at Dec 28, 2010 at 5:56 pm
    try something like this... which is basically
    1. verify the roles on the controller
    2. build a data structure of displayed content based on roles and set to
    stash
    3. let the view processes whats in the stash without checking for any roles

    in the end its 1 controler and 1 view

    Controller:

    sub render_buttons{

    my $buttons => {
    managers => {
    (if $user->is_mgr) ? ( edit => 'manager_btn_edit.tt2' ) : (),
    //OR something like
    //edit => { tt_template => 'manager_btn_edit.tt2', href => '/foo/edit', },
    },
    everyone => {
    view => 'manager_btn_view.tt2',
    },
    }

    $c->stash(buttons => $buttons);

    }




    View:

    [% PROCESS $buttons.everyone.view %] [% PROCESS $buttons.managers.edit %]


    On Tue, Dec 28, 2010 at 3:35 PM, will trillich
    wrote:
    In our web app we have lots of features that are predicated upon the user's
    role. For example, a "show" link is available to everyone, but an "edit"
    link is only available to managers.

    Is there a best-practices approach for dealing with this?

    There are two places where user-role is significant -- controller and view.
    In the controller we use chaining to bounce a user out of an edit method if
    they don't have the right role. And in the view we use lots of [% IF
    c.user.is_mgr %] logic to determine whether or not to display the links.
    (Using user-friendly urls like /thingy/27/edit makes the URL easy to guess,
    so checking inside the controller is a good idea.)

    So right now we're checking for the same thing in the view that we're
    checking for in the controller. The more features that get added that
    require role-checking, the more hairy this gets.

    Is there a way to get all this rolled up into one place? Or at least make
    the view a bit more elegant?

    --
    Failure is not important. How you overcome it, is.
    -- Nick Vujicic

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20101228/de0f01b4/attachment.htm

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedDec 28, '10 at 5:35p
activeDec 28, '10 at 5:56p
posts2
users2
websitecatalystframework.org
irc#catalyst

2 users in discussion

Hernan Lopes: 1 post Will Trillich: 1 post

People

Translate

site design / logo © 2022 Grokbase