Re^6: HTML::Template and authenticated sessions

[% IF $user->auth(A) && $user->auth(B) && $user->auth(C) %]

To me, this is hardly better than the HTML::Template example. It's shorter but it's no easier on the poor HTML designer that has to maintain your templates. I'd boil that down to:

  <tmpl_if can_foo>foo</tmpl_if>
[download]

Then I'd move all that complex AND logic into Perl where it belongs. There's no reason your security policy should be embedded in your templates!

I may have jumped the gun a little when I suggested TT as my first reply, but sessions and session management imply, to me, a security model with authorities and roles and ... So, I overthink things a little ... is that a crime??

It's not a crime, merely a disservice. The poster sounds like a novice to me and it's not nice to stear him towards a complex solution that he probably doesn't need. Just because he wants sessions doesn't mean he needs an overly complex authority system like you!

-sam

Comment on Re^6: HTML::Template and authenticated sessions Select or Download Code

Replies are listed 'Best First'.
Re^7: HTML::Template and authenticated sessions by ghettofinger (Monk) on May 12, 2005 at 16:35 UTC
Sam, you have become my new hero. I am sticking with HTML::Template. You rule!	[reply]
Re^7: HTML::Template and authenticated sessions by dragonchild (Archbishop) on May 11, 2005 at 17:21 UTC
(We might be getting a bit further afield than needs done in this thread, but ...) Then I'd move all that complex AND logic into Perl where it belongs. There's no reason your security policy should be embedded in your templates! The security policy shouldn't be; the logic determining what gets displayed where should. That the latter implements a portion of the former is no fault of the templating system - it's a fault of management stupidity, but that's still a reality for too many developers. cues up "Let My People Go" In general, if you think something isn't in Perl, try it out, because it usually is. :-) "What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?"	[reply]
Re^8: HTML::Template and authenticated sessions by samtregar (Abbot) on May 11, 2005 at 22:00 UTC
The security policy shouldn't be; the logic determining what gets displayed where should. I disagree. The template isn't the right place to decided what to display, it's the right place to decide how to display it. This is fundamental MVC theory. it's a fault of management stupidity You may be given retarded, rapidly changing requirements, but that's no excuse for inflicting them on your HTML designers! -sam	[reply]