in reply to Re: Re: CGI::Application with access control on certain functions/run modes
in thread CGI::Application with access control on certain functions/run modes

I have a User object, which has all the authorization logic built into it. (It also has the authentication logic as well, but that's a separate concern.)

Basically, setup() creates a User object and passes in the value of a cookie. This value can be anything from a userid (insecure) to a session id (secure). The User object knows how to authenticate that cookie value. At that point, I can then look that authenticated user up in some datastore and determine what privileges (or authorities) that user has. Then, a User object is returned. setup() then stores it as a param() of the C::A object.

Then, when you need to determine if a given User has an authority, you ask the User object. It's that simple.

This design principle is called "Separation of Concerns". Basically, it boils down to "Only those who care should know", or "Who cares?"

------
We are the carpenters and bricklayers of the Information Age.

Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

  • Comment on Re: Re: Re: CGI::Application with access control on certain functions/run modes

In Section Seekers of Perl Wisdom