Hi all
I'm looking at refactoring some of my work, and the next thing that I want
to look at is improving the way I handle application roles. At the moment I
do something like this
return $self->output($self->_permission_error())
unless ($self->check_permission(['editor', 'admin']);
in every run mode that is not generally accessible. Note that I don't
usually expect users to access run modes they shouldn't - this is just if
they try to subvert the app by changing the run_mode parameter in the HTML
forms, or if the run-mode accidentally appears in the menu due to programmer
error.
What I'd rather do is create a data structure in one place that maps run
modes to the required application roles, and then raise the error if the
user does not have permissions (probably in the cgiapp_prerun method, I
guess).
It seems to me that the best way to do this is to somehow supplement the
run_modes data structures in the setup method, as I'm defining the modes
there anyway. What's the best way of doing this?
Thanks
Dan
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.