[dancer-users] Dancer::Plugin::Auth::Extensible - possible backwards-incompatible change

David Precious davidp at preshweb.co.uk
Tue Dec 11 12:43:09 GMT 2012


On Tue, 11 Dec 2012 13:47:28 +0200
"Octavian Rasnita" <orasnita at gmail.com> wrote:

> Hi,
> 
> Maybe is a stupid suggestion that might not even be possible to do,
> but I think the syntax would look nicer if would be something like:
> 
> get '/secret' => sub {
>     requires_login;
>     ...
> };
> 
> get '/beer' => sub {
>     requires_role 'BeerDrinker';
>     ...
> };

Should be possible!  I'm not a big fan of that approach as it seems a
little... manual; it feels only a step away from doing all the checking
yourself :)

My other objection is that it would be easy to forget to add the
appropriate requires_* keyword call to a route, and thus have that
route unprotected; one of the options I'd been planning with the
current attributes-based approach was a setting to require all routes
to have attributes set (and adding a new NoLoginNeeded one), so that
you could optionally protect yourself against accidentally forgetting
to protect newly-added routes.

Having said that, though, it would be quite easy that way.


-- 
David Precious ("bigpresh") <davidp at preshweb.co.uk>
http://www.preshweb.co.uk/     www.preshweb.co.uk/twitter
www.preshweb.co.uk/linkedin    www.preshweb.co.uk/facebook
www.preshweb.co.uk/cpan        www.preshweb.co.uk/github




More information about the dancer-users mailing list