On Tue, 18 Dec 2012 16:09:47 +0000 David Cantrell <david@cantrell.org.uk> wrote:
On 15/12/2012 19:20, David Precious wrote:
get '/foo' => requires_role ['Foo','Bar'] => sub { ... };
(requires_roles could be added as an alias, so code could read better.)
I imagine the common requirement will be to say "any of these roles", not "all of these roles". I was considering whether requires_role should be for "must have this role" or "must have all of these roles", and e.g. a new requires_any_role keyword would be added to ensure a user had all the specified roles; I'm not sure how valuable that would be, though.
You definitely need to be able to support any and all. Which is the default doesn't really matter IMO.
Indeed - the overhauled version provides require_any_role and require_all_roles keywords.
I suggest also letting the user supply their own authentication sub so that they can implement exotica like "must be cleared for Case Nightmare Green and be ranked Major or higher".
Hmm - I could handle that with a hook that fires, and whose return value can indicate whether the request is OK, possibly. Or, I could add a require_custom_auth (or similarly-named) keyword which would take a coderef which is used to decide if the route should be allowed, so you could say e.g.: sub check_auth { my %has_role = map { $_ => 1 } user_roles(); return ($has_role{Drinker} && !$has_role{Lightweight}); }; get '/shot' => require_custom_auth \&check_auth, sub { ... }; Ta for the suggestion, oh bearded one. -- David Precious ("bigpresh") <davidp@preshweb.co.uk> http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook www.preshweb.co.uk/cpan www.preshweb.co.uk/github