X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=b330fd70aec9185601f22a8e1f7b381d1fbe71f2;hb=f2c10d65222a90ee666a98daeff0120508061b52;hp=27464f9797da89b65d7fd5b5e04d2f4a5f81ac94;hpb=8112f93129b5c90c215ac22135b1172ed710a125;p=catagits%2FCatalyst-Runtime.git diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index 27464f9..b330fd7 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -21,7 +21,7 @@ L =item 3 -L +L =item 4 @@ -59,12 +59,9 @@ Part 5). This part of the tutorial is divided into two main sections: 1) basic, cleartext authentication and 2) hash-based authentication. -B: Note that all of the code for this part of the tutorial can be -pulled from the Catalyst Subversion repository in one step with the -following command: - - svn co http://dev.catalyst.perl.org/repos/Catalyst/tags/examples/Tutorial/MyApp/5.7/Authentication MyApp - +You can checkout the source code for this example from the catalyst +subversion repository as per the instructions in +L =head1 BASIC AUTHENTICATION @@ -544,11 +541,17 @@ the following method: # Note that 'auto' runs after 'begin' but before your actions and that # 'auto' "chain" (all from application path to most specific class are run) + # See the 'Actions' section of 'Catalyst::Manual::Intro' for more info. sub auto : Private { my ($self, $c) = @_; - # Allow unauthenticated users to reach the login page - if ($c->request->path =~ /login/) { + # Allow unauthenticated users to reach the login page. This + # allows anauthenticated users to reach any action in the Login + # controller. To lock it down to a single action, we could use: + # if ($c->action eq $c->controller('Login')->action_for('index')) + # to only allow unauthenticated access to the C action we + # added above. + if ($c->controller eq $c->controller('Login')) { return 1; } @@ -586,9 +589,18 @@ C, C, and C. =item * +With C, C, C, C private actions, only the +most specific action of each type will be called. For example, if you +define a C action in your controller it will I a +C action in your application/root controller -- I the +action in your controller will be called. + +=item * + Unlike the other actions where only a single method is called for each request, I auto action along the chain of namespaces will be -called. +called. Each C action will be called I. =back @@ -609,7 +621,7 @@ lines to the bottom of the file: # This code illustrates how certain parts of the TT # template will only be shown to users who have logged in %] - [% IF Catalyst.user %] + [% IF Catalyst.user_exists %] Please Note: You are already logged in as '[% Catalyst.user.username %]'. You can logout here. [% ELSE %] @@ -689,8 +701,7 @@ still transmits the passwords in cleartext to your application. We are just avoiding the I of cleartext passwords in the database by using a SHA-1 hash. If you are concerned about cleartext passwords between the browser and your application, consider using SSL/TLS, made -easy with the Catalyst plugin -L. +easy with the Catalyst plugin Catalyst::Plugin:RequireSSL. =head2 Get a SHA-1 Hash for the Password @@ -751,7 +762,8 @@ C are new, everything else is the same): # This is the model object created by Catalyst::Model::DBIC from your # schema (you created 'MyAppDB::User' but as the Catalyst startup # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User'). - # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66 + # NOTE: Omit 'MyApp::Model' here just as you would when using + # '$c->model("MyAppDB::User)' user_class: MyAppDB::User # This is the name of the field in your 'users' table that contains the user's name user_field: username @@ -785,6 +797,71 @@ of this module on your system: perl -MCatalyst::Plugin::Authorization::ACL -e 'print $Catalyst::Plugin::Authorization::ACL::VERSION, "\n";' +=head1 USING THE SESSION FOR FLASH + +As discussed in Part 3 of the tutorial, C allows you to set +variables in a way that is very similar to C, but it will +remain set across multiple requests. Once the value is read, it +is cleared (unless reset). Although C has nothing to do with +authentication, it does leverage the same session plugins. Now that +those plugins are enabled, let's go back and improve the "delete +and redirect with query parameters" code seen at the end of the +C part of the tutorial. + +First, open C and modify C +to match the following: + + =head2 delete + + Delete a book + + =cut + + sub delete : Local { + # $id = primary key of book to delete + my ($self, $c, $id) = @_; + + # Search for the book and then delete it + $c->model('MyAppDB::Book')->search({id => $id})->delete_all; + + # Use 'flash' to save information across requests util it's read + $c->flash->{status_msg} = "Book deleted"; + + # Redirect the user back to the list page with status msg as an arg + $c->response->redirect($c->uri_for('/books/list')); + } + +Next, open C update the TT code to pull from flash +vs. the C query parameter: + + + +
+ [% status_msg || Catalyst.flash.status_msg %] + [% error_msg %] + [% content %] +
+ + + + +=head2 Try Out Flash + +Restart the development server and point your browser to +L to create an extra +book. Click the "Return to list" link and delete this "Test" book. +The C mechanism should retain our "Book deleted" status message +across the redirect. + +B While C will save information across multiple requests, +it does get cleared the first time it is read. In general, this is +exactly what you want -- the C message will get displayed on +the next screen where it's appropriate, but it won't "keep showing up" +after that first time (unless you reset it). Please refer to +L for additional +information. + + =head1 AUTHOR Kennedy Clark, C