Perhaps I'm missing something but... "how requires_login/requires_role would store the fact that the provided sub requires auth" Simple implementation: # given has_role is calculable sub requires_role { my ($role, $code, $handle_exception) = @_; return sub { if (has_role($role)){ $code->(@_); } else{ if (defined $handle_exception){ $handle_exception->($role, @_) } else { default_403_no_role($role, @_) } } } } Complex implementation: requires_login and requires_role return objects which have metadata about their requirements and exception handling which can be changed easily, but that overload as coderefs to something like the code above. From: David Precious <davidp@preshweb.co.uk> To: dancer-users@dancer.pm Date: 11/12/2012 11:25 Subject: [dancer-users] Dancer::Plugin::Auth::Extensible - possible backwards-incompatible change Sent by: dancer-users-bounces@dancer.pm Hi all, Whilst I really like the (ab)use of subroutine attributes for denoting which routes require authentication/specific roles, some people (whose opinions I respect) have tried to convince me that this is a Bad Idea, and is likely to be fragile. One particularly good point made is that the current implementation stores the attributes for a given route handler by the refaddr, which could be problematic if run under threads (not sure if anyone really does that, though). Classes can provide a CLONE method to work around this, but I don't think that'll work in this case. One suggestion was to provide a new keyword, e.g. requires_auth, which would work something like: get '/secret' => requires_login(sub { .... }); get '/beer' => requires_role('BeerDrinker', sub { ... }); (Something along those lines, at least.) I'm certain how I would implement it, though - i.e. how requires_login/requires_role would store the fact that the provided sub requires auth, without the same thread safety issues of using refaddr. Perhaps detecting the use of threads and refusing to continue would be one way of dealing with it :) Opinions on this would be very welcome. -- David Precious ("bigpresh") <davidp@preshweb.co.uk> http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook www.preshweb.co.uk/cpan www.preshweb.co.uk/github _______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users