[cgiapp] Security, Authentication and Authorization for CGI::App
Brad Van Sickle
bvs7085 at gmail.com
Fri Mar 5 08:22:10 EST 2010
Interesting approach, I've been thinking about doing something similar
to this, but it didn't seem worth the effort to me. Today would handle
that situation like:
my $sql = "select * from view_JobList_Quick WHERE Filter='basic_filter'
$WhereClause";
if ($session->{'UserType') eq 'Publisher')
{$WhereClause .= qq~ AND PublisherID='$session->{"PublisherID"}' ;}
if ($session->{'UserType') eq 'Printer')
{$WhereClause .= qq~ AND PrinterID='$session->{"PrinterID"}' ~;}
Your solution is certainly a bit more elegant, but I'm curious what
benefits you're seeing from abstracting this into an OO infrastructure,
beyond the fact that it hides some of the uglier bits of code.
On 3/5/2010 5:40 AM, Mike Tonks wrote:
> I have two classes that make this a bit easier:
>
> * 'User' class handles permissions e.g. is_superuser or is_publisher
>
> * SearchQuery class handles the dynamic where clauses etc.
>
> so a little code snippet looks like this:
>
> my $query = new SearchQuery( 'select * from view_JobList_Quick',
> $self->param('pageno'));
>
> # Filter viewable jobs unless superuser
> $query->addFilter('PublisherID', $self->user->info->{PublisherID}) if
> $self->user->is_publisher;
> $query->addFilter('PrintCenterID', $self->user->info->{CompanyID}) if
> $self->user->is_printer;
>
> my $rows = $query->DoSearch($self->dbh);
>
>
> I guess my 'user roles' haven't changed that often but I find this
> pretty easy to manage.
>
>
> mike
>
> ##### CGI::Application community mailing list ################
> ## ##
> ## To unsubscribe, or change your message delivery options, ##
> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> ## ##
> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> ## Wiki: http://cgiapp.erlbaum.net/ ##
> ## ##
> ################################################################
>
>
More information about the cgiapp
mailing list