How to implement user levels in web apps?

techcode has asked for the wisdom of the Perl Monks concerning the following question:

I'm interested in general how do you people do that?

In my case, I'm using CGI::Application, CGI::Application::Dispatch, CGI::Application::Plugin::AutoRunmode and of course CGI::Session (thought it's plug-in for CGI::App) and my idea is :

When user logs in, I write it's user level in his session. As my packages go like this : CGI::App <= My CGI::App (to use CGI::Simple) <= My Main module <= All modules containing RunModes. Where <= means inheritance (use base).

I just realised that I could and probably should move 'My CGI:App' code in 'My Main module' as it only implements one method (query so it would use CGI::Simple instead of CGI.pm)

As I already have implemented cgiapp_init method in 'My Main module' - which is called before any RunMode is executed, I just need to call some method from it, say user_level() which I need to implement/override in each package with RunModes. To ease the things RunModes should be grouped into modules by user level.

Other idea would be to write down in database for each user which 'options' he (or user group he's in) can start. It seems like a better solution, but I'm not sure how to implement that ...

If anyone has better solution I would appreciate to hear it. This also seems like a nice idea for next plug-in for CGI::App - unless I'm the only one who needs this...

Comment on How to implement user levels in web apps?

Replies are listed 'Best First'.
Re: How to implement user levels in web apps? by Zaxo (Archbishop) on Sep 05, 2005 at 01:13 UTC
Not specific to perl or the modules you use, but apache's authentication schemes allow access by user groups. The details are in the httpd manual. After Compline, Zaxo	[reply]
Re: How to implement user levels in web apps? by rruiz (Monk) on Sep 05, 2005 at 04:53 UTC
I use a similar approach to checking the user level. I save it in the user session for future checks, but I do check it from the `cgiapp_prerun()` method, wich gives me the chance to re-direct the user to the front page, where they are given the options available for they level (or to login in case they are not logged in already). Also, there is a recent thread in the mailing list where Cees Hek does a RFC for a plugin module. You can watch it here. It's on the planning stage and will have to go first with authentication and then to authorization, so it may take some time to finish, but it looks like a very nice addition to the CGI::Application plugin line, as it will have a clean interface to follow (from the doc in the refered thread in the m/l). You may want to subscribe to the mailing list to follow up the development of those new plugins. HTH, God bless you rruiz	[reply]
Re: How to implement user levels in web apps? by phaylon (Curate) on Sep 05, 2005 at 11:56 UTC
I'm just using the roles from Catalyst::Plugin::Authentication::CDBI within Catalyst. Ordinary morality is for ordinary people. -- Aleister Crowley	[reply]
Re: How to implement user levels in web apps? by TedPride (Priest) on Sep 05, 2005 at 09:04 UTC
The best way imho is to have group info stored in a database table. Depending on your needs, you can either have a one-to-one setup: USER GROUP1 (bool) GROUP2 (bool) etc. Or a one-to-many setup: USER GROUPID The advantage of the former system is there's only one record for each user. This means that selects should be slightly faster, though only if the number of groups is low - space requirements increase and efficiency drops if not. The advantage of the latter system is it's modular - new groups can be added without heavily modifying the table - and it takes up very little space even when the number of groups is huge. However, it can become inefficient if most people are in most groups.	[reply]