I have some fairly complex user authentication to do - users can be in multiple groups, users in certain groups can legitimately access certain URLs but not others. I've got login working nicely, mostly cribbed from the cookbook, but am now trying to figure out a nice way of handling the different authentication requirements for my different routes. For example, if I am a mafioso I might have these routes ... get '/billing' => sub { ... }; get '/killing' => sub { ... }; Users in the 'Accountants' group should be able to access /billing, but only users in the 'Hitmen' group should be able to access /killing. Of course, the big bad boss should be able to access both. Putting users into groups is trivial, and I already have a 'before' hook that checks that a user is logged in. But what I'd really like to do, in the interests of making it dead simple to add routes later and minimise the places where I have to write authentication code, is to extend that hook so that it can look at the subroutine attributes on the route handlers and compare those to the user's groups: get '/billing' => sub :CapoFamiglia :Accountants { ... }; get '/killing' => sub :CapoFamiglia :Hitmen { ... }; So, my question is ... how can I get at those subroutine references from inside my 'before' hook so that I can attributes::get($route_handler) ? -- David Cantrell | Reality Engineer, Ministry of Information
On Wed, 15 Feb 2012 15:58:15 +0000 David Cantrell <david@cantrell.org.uk> wrote:
get '/billing' => sub :CapoFamiglia :Accountants { ... }; get '/killing' => sub :CapoFamiglia :Hitmen { ... };
So, my question is ... how can I get at those subroutine references from inside my 'before' hook so that I can attributes::get($route_handler) ?
Probably the easiest, and most sane, way, would be for the before hook to get passed the route handler as a parameter. That's a dead simple change to make, and should, I believe, do the job. I'll check none of the other core devs object to this (I can't think why they would), then Make It So. -- David Precious ("bigpresh") <davidp@preshweb.co.uk> http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook www.preshweb.co.uk/cpan www.preshweb.co.uk/github
On 15 February 2012 19:35, David Precious <davidp@preshweb.co.uk> wrote:
Probably the easiest, and most sane, way, would be for the before hook to get passed the route handler as a parameter.
That's a dead simple change to make, and should, I believe, do the job.
I'll check none of the other core devs object to this (I can't think why they would), then Make It So.
That sounds like a good idea to me.
On Wed, 15 Feb 2012 18:35:50 +0000 David Precious <davidp@preshweb.co.uk> wrote:
Probably the easiest, and most sane, way, would be for the before hook to get passed the route handler as a parameter.
That's a dead simple change to make, and should, I believe, do the job.
I'll check none of the other core devs object to this (I can't think why they would), then Make It So.
https://github.com/sukria/Dancer/pull/746 DC: feel free to check out that branch tomorrow and see if it works for you. I'll get this change merged soon assuming there are no objections, and hopefully we can get a new release out soon. FWIW, I had a very brief try at extracting sub attributes from the handler coderef and couldn't get it to work - but I also couldn't get it to work in a brief non-Dancer test case just creating a coderef with attributes then getting the attributes from it - so it's more likely a case of me Doing It Wrong. It's pubtime now, so I'll look again in the morning :) -- David Precious ("bigpresh") <davidp@preshweb.co.uk> http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook www.preshweb.co.uk/cpan www.preshweb.co.uk/github
On Wed, Feb 15, 2012 at 07:51:59PM +0000, David Precious wrote:
FWIW, I had a very brief try at extracting sub attributes from the handler coderef and couldn't get it to work - but I also couldn't get it to work in a brief non-Dancer test case just creating a coderef with attributes then getting the attributes from it - so it's more likely a case of me Doing It Wrong.
Attributes are poorly documented Dark Magic so probably the latter. No doubt it's in there somewhere, but it's carefully hidden. The best explanation I've found of how to create custom attributes is here: http://stackoverflow.com/questions/987059/how-do-perl-method-attributes-work The only thing Dancer-specific that I can imagine getting in the way would be if internally my code-ref gets wrapped in another code-ref. -- David Cantrell | Bourgeois reactionary pig The word "urgent" is the moral of the story "The boy who cried wolf". As a general rule I don't believe it until a manager comes to me almost in tears. I like to catch them in a cup and drink them later. -- Matt Holiab, in the Monastery
On Wed, Feb 15, 2012 at 06:35:50PM +0000, David Precious wrote:
David Cantrell <david@cantrell.org.uk> wrote:
get '/billing' => sub :CapoFamiglia :Accountants { ... }; get '/killing' => sub :CapoFamiglia :Hitmen { ... };
So, my question is ... how can I get at those subroutine references from inside my 'before' hook so that I can attributes::get($route_handler) ? Probably the easiest, and most sane, way, would be for the before hook to get passed the route handler as a parameter.
While we're at it, could we also have the route - eg /killing/:client - as well as the handler? However, once we start passing more than one parameter around, it's probably best to pass them as a single object so maybe decorate Dancer::Request with them, given that request() is already available in 'before' hooks. That would also get rid of the little niggle I would have about specifically passing extra data to 'before' hooks - unless you meant to also pass the data to other hooks too.
I'll check none of the other core devs object to this (I can't think why they would), then Make It So.
Thanks! -- David Cantrell | Official London Perl Mongers Bad Influence What profiteth a man, if he win a flame war, yet lose his cool?
David Cantrell <david@cantrell.org.uk> wrote:
On Wed, Feb 15, 2012 at 06:35:50PM +0000, David Precious wrote:
David Cantrell <david@cantrell.org.uk> wrote:
get '/billing' => sub :CapoFamiglia :Accountants { ... }; get '/killing' => sub :CapoFamiglia :Hitmen { ... };
So, my question is ... how can I get at those subroutine references from inside my 'before' hook so that I can attributes::get($route_handler) ? Probably the easiest, and most sane, way, would be for the before hook to get passed the route handler as a parameter.
While we're at it, could we also have the route - eg /killing/:client - as well as the handler?
As the before handler will receive a Dancer::Route object it should be trivial to find out the path defined for that route - see the POD for that module.
That would also get rid of the little niggle I would have about specifically passing extra data to 'before' hooks - unless you meant to also pass the data to other hooks too.
No, only before hooks would get the route object. What (if anything) gets passed to each hook is documented in the docs for the 'hook' keyword.
I'll check none of the other core devs object to this (I can't think why they would), then Make It So.
Thanks!
-- David Cantrell | Official London Perl Mongers Bad Influence
What profiteth a man, if he win a flame war, yet lose his cool? _______________________________________________ Dancer-users mailing list Dancer-users@perldancer.org http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
participants (3)
-
damien krotkine -
David Cantrell -
David Precious