[cgiapp] Security, Authentication and Authorization for CGI::App
Mike Tonks
fluffymike at googlemail.com
Fri Mar 5 05:40:38 EST 2010
I have two classes that make this a bit easier:
* 'User' class handles permissions e.g. is_superuser or is_publisher
* SearchQuery class handles the dynamic where clauses etc.
so a little code snippet looks like this:
my $query = new SearchQuery( 'select * from view_JobList_Quick',
$self->param('pageno'));
# Filter viewable jobs unless superuser
$query->addFilter('PublisherID', $self->user->info->{PublisherID}) if
$self->user->is_publisher;
$query->addFilter('PrintCenterID', $self->user->info->{CompanyID}) if
$self->user->is_printer;
my $rows = $query->DoSearch($self->dbh);
I guess my 'user roles' haven't changed that often but I find this
pretty easy to manage.
mike
More information about the cgiapp
mailing list