[dancer-users] Dancer::Plugin::Auth::Extensible - removing sub attributes - ready to try out

Adam Clarke adam.clarke at strategicdata.com.au
Wed Dec 19 05:24:19 GMT 2012


On 19/12/2012, at 3:09 AM, David Cantrell wrote:

> On 15/12/2012 19:20, David Precious wrote:
> 
>>     get '/foo' => requires_role ['Foo','Bar'] => sub { ... };
>> 
>> (requires_roles could be added as an alias, so code could read better.)
>> 
>> I imagine the common requirement will be to say "any of these roles",
>> not "all of these roles".  I was considering whether requires_role
>> should be for "must have this role" or "must have all of these roles",
>> and e.g. a new requires_any_role keyword would be added to ensure a
>> user had all the specified roles; I'm not sure how valuable that would
>> be, though.
> 
> You definitely need to be able to support any and all. Which is the default doesn't really matter IMO.


I'd go for the most restrictive option (all) being the default. This ensures that someone who mis-guesses or misinterprets the default behaviour is less likely to grant inappropriate access to their content. Accidental denial of access can be un-denied, but disclosed information cannot be un-disclosed.



More information about the dancer-users mailing list