Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Catalyst>
  3. Dev
Implementing Authent/Author via attributes (RFC)
brucem at dynamicrange
Apr 3, 2009, 6:22 PM
Post #1 of 2 (1803 views)
Permalink
Sadly, it was not clear to me that you could have only one ActionClass
per handler. I finally figured it out after tracing things and reading
lots of perldoc. <sigh> I'm new to this. It worked fine for my paths
that were not RESTful also :-)

I see the notes about a proposed patch (http://www.mail-archive.com/catalyst@lists.rawmode.org/msg04135.html
) which redirected to a Grand Unified Theory of Rearchitecture
(instead of applying the patch). Dumb question -- where can I read
more about the rearchitecture?


Anyways, I have a real issue and a proposal --

So here's what I want to do:

--- Controller ---
...
sub config_element :Path('') ActionClass('REST')
ActionClass( 'LoginRequired' )
{
my ( $self, $c ) = @_;

$c->log->debug("I only get this if I'm logged in!");
}
...
------

--- MyApp::Action::LoginRequired ---
...
sub execute
{
my $self = shift;
my ( $controller, $c, @args ) = @_;

if ( ! $c->session->{'logged_in'} )
{
$c->detach('/login_required');
}

my $r = $self->next::method(@_);

return $r;
}
...
-------

Why? It just seemed way cleaner to me (LoginRequired *is* attribute-y
to me :-) than repeated:
---
$c->detach('/login_required') unless $c->session-
>{'logged_in'};
---

lines throughout all of my methods. Specifically, I added a "auth not
required" mode in which login-requirements were temporarily defeated,
and I had to go edit every path everywhere that had this code bit.
Sure, I can turn "$c->session->{'logged_in'}" into a app/context
method call and have the code only there...but it misses the point (or
*I* miss the point).

Attributes are decorators and meta-behaviours, and access requirements
seemed like a perfect example of this to me. Obviously they don't have
to be ActionClass(es).

So (he says, phrasing it in the form of an RFC), would there be any
traction in pursuing a Auththent/Author/ACL attribute that slots in?

Something like:

sub mypath1 : AllowWhen( 'authenticated' ) { }
sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if
user has any of the roles
sub mypath3 : AllowWhen( 'hasallroles(organization1,administration)' )
{ } # permitted if user has all of the roles

May I have feedback (up to and hopefully not including "please go
away" :-)

Thanks very much for your time.

Bruce


---
Bruce McKenzie
brucem@dynamicrange.com
Re: Implementing Authent/Author via attributes (RFC) [ In reply to ]
diment at gmail
Apr 3, 2009, 6:27 PM
Post #2 of 2 (1702 views)
Permalink
On 04/04/2009, at 12:22 PM, Bruce McKenzie wrote:

> Sadly, it was not clear to me that you could have only one
> ActionClass per handler. I finally figured it out after tracing
> things and reading lots of perldoc. <sigh> I'm new to this. It
> worked fine for my paths that were not RESTful also :-)
>
> I see the notes about a proposed patch (http://www.mail-archive.com/catalyst@lists.rawmode.org/msg04135.html
> ) which redirected to a Grand Unified Theory of Rearchitecture
> (instead of applying the patch). Dumb question -- where can I read
> more about the rearchitecture?
>

Evil hack:

use multiple inheritance to create a 'RESTLoginRequired' actionclass

Better solution:

Use Catalyst::Controller::ActionRole to define your own attributes.



>
> Anyways, I have a real issue and a proposal --
>
> So here's what I want to do:
>
> --- Controller ---
> ...
> sub config_element :Path('') ActionClass('REST')
> ActionClass( 'LoginRequired' )
> {
> my ( $self, $c ) = @_;
>
> $c->log->debug("I only get this if I'm logged in!");
> }
> ...
> ------
>
> --- MyApp::Action::LoginRequired ---
> ...
> sub execute
> {
> my $self = shift;
> my ( $controller, $c, @args ) = @_;
>
> if ( ! $c->session->{'logged_in'} )
> {
> $c->detach('/login_required');
> }
>
> my $r = $self->next::method(@_);
>
> return $r;
> }
> ...
> -------
>
> Why? It just seemed way cleaner to me (LoginRequired *is* attribute-
> y to me :-) than repeated:
> ---
> $c->detach('/login_required') unless $c->session-
> >{'logged_in'};
> ---
>
> lines throughout all of my methods. Specifically, I added a "auth
> not required" mode in which login-requirements were temporarily
> defeated, and I had to go edit every path everywhere that had this
> code bit. Sure, I can turn "$c->session->{'logged_in'}" into a app/
> context method call and have the code only there...but it misses the
> point (or *I* miss the point).
>
> Attributes are decorators and meta-behaviours, and access
> requirements seemed like a perfect example of this to me. Obviously
> they don't have to be ActionClass(es).
>
> So (he says, phrasing it in the form of an RFC), would there be any
> traction in pursuing a Auththent/Author/ACL attribute that slots in?
>
> Something like:
>
> sub mypath1 : AllowWhen( 'authenticated' ) { }
> sub mypath2 : AllowWhen( 'hasanyrole(foo,bar)' ) { } # permitted if
> user has any of the roles
> sub mypath3 :
> AllowWhen( 'hasallroles(organization1,administration)' ) { } #
> permitted if user has all of the roles
>
> May I have feedback (up to and hopefully not including "please go
> away" :-)
>
> Thanks very much for your time.
>
> Bruce
>
>
> ---
> Bruce McKenzie
> brucem@dynamicrange.com
>
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal