Re: Passing Data Back From Mason template

Access checks should be handled by the controller/model- not the view. Depending on your situation (and I haven't used Catalyst), you might be able to move certain restricted actions to specific urls (i.e. /$role/$action) and have an "authentication-controller" catch all unauthorized acces, edit: before referring to the "actual" controller.

I don't recommend binding views to roles directly, since I at least tend to end up using re-using views for different actions, and the actions that take place before showing the view should determine the type of access.

update: also, this makes views simpler, which is a good thing.

Joost.

"What should it profit a man, if he should win a flame war, yet lose his cool?"

Comment on Re: Passing Data Back From Mason template

Replies are listed 'Best First'.
Re^2: Passing Data Back From Mason template by water (Deacon) on Jun 04, 2006 at 00:29 UTC
Hmmm... don't like embedding roles in URLS -- we often need to change who can do what, create new roles, etc -- would be mess if necessitated remapping urls. so basically each action (method) in the controller needs a role-list, and jumps off to confirm current user is a member of at least one allowed role, else redirects off to a not-enough-access-to-do-that page, yes?	[reply]
Re^3: Passing Data Back From Mason template by Joost (Canon) on Jun 04, 2006 at 23:46 UTC
The url mapping isn't going to be useful to you then :-) Yes, I would suggest mapping role-lists against actions. If you do that in the database or whatever storage system you use, or use a consisten interface in your action classes, you can still do a generic access control system after request to action mapping and before dispatching to the action. "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]