=head1 DESCRIPTION
This chapter of the tutorial adds role-based authorization to the
-existing authentication implemented in Chapter 5. It provides simple
-examples of how to use roles in both TT templates and controller
+existing authentication implemented in
+L<Chapter 5|Catalyst::Manual::Tutorial::05_Authentication>. It provides
+simple examples of how to use roles in both TT templates and controller
actions. The first half looks at basic authorization concepts. The
second half looks at how moving your authorization code to your model
can simplify your code and make things easier to maintain.
-You can checkout the source code for this example from the catalyst
-subversion repository as per the instructions in
+Source code for the tutorial in included in the F</root/Final> directory
+of the Tutorial Virtual machine (one subdirectory per chapter). There
+are also instructions for downloading the code in
L<Catalyst::Manual::Tutorial::01_Intro>.
Session
Session::Store::File
Session::State::Cookie
+
+ StatusMessage
/;
Once again, include this additional plugin as a new dependency in the
way to demonstrate that TT templates will not be used if the response
body has already been set. In reality you would probably want to use a
technique that maintains the visual continuity of your template layout
-(for example, using the "status" or "error" message feature added in
-Chapter 3 or C<detach> to an action that shows an "unauthorized" page).
+(for example, using L<Catalyst::Plugin::StateMessage> as shown in the
+L<last chapter|Catalyst::Manual::Tutorial::05_Authentication> to
+redirect to an "unauthorized" page).
B<TIP>: If you want to keep your existing C<url_create> method, you can
create a new copy and comment out the original by making it look like a
return any(map { $_->role } $self->roles) eq $role;
}
-Let's also add Perl6::Junction to the requirements listed in
+Let's also add C<Perl6::Junction> to the requirements listed in
Makefile.PL:
requires 'Perl6::Junction';
+B<Note:> Feel free to use C<grep> in lieu of C<Perl6::Junction::any> if
+you prefer. Also, please don't let the use of the C<Perl6::Junction>
+module above lead you to believe that Catalyst is somehow dependent on
+Perl 6... we are simply using that module for its
+L<easy-to-read|http://blogs.perl.org/users/marc_sebastian_jakobs/2009/11/my-favorite-module-of-the-month-perl6junction.html>
+C<any> function.
+
Now we need to add some enforcement inside our controller. Open
C<lib/MyApp/Controller/Books.pm> and update the C<delete> method to
match the following code:
# with related 'book_authors' entries
$c->stash->{object}->delete;
- # Use 'flash' to save information across requests until it's read
- $c->flash->{status_msg} = "Book deleted";
-
# Redirect the user back to the list page
- $c->response->redirect($c->uri_for($self->action_for('list')));
+ $c->response->redirect($c->uri_for($self->action_for('list'),
+ {mid => $c->set_status_msg("Deleted book $id")}));
}
Here, we C<detach> to an error page if the user is lacking the
projects / catagits/Catalyst-Manual.git / blobdiff