X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2F06_Authorization.pod;h=5ef7ac4bcf453fb953795e3ded42e7629119c0fa;hp=10debada32ea8dae214358034f11551aa54ac7db;hb=959ce3943cd4e2afe02b93824a8da610f9ad10d7;hpb=333f9299012b2bafa32a49bf8fc7e26dbdcbd693 diff --git a/lib/Catalyst/Manual/Tutorial/06_Authorization.pod b/lib/Catalyst/Manual/Tutorial/06_Authorization.pod index 10debad..5ef7ac4 100644 --- a/lib/Catalyst/Manual/Tutorial/06_Authorization.pod +++ b/lib/Catalyst/Manual/Tutorial/06_Authorization.pod @@ -64,8 +64,9 @@ actions. The first half looks at basic authorization concepts. The second half looks at how moving your authorization code to your model can simplify your code and make things easier to maintain. -You can checkout the source code for this example from the catalyst -subversion repository as per the instructions in +Source code for the tutorial in included in the F +directory of the Tutorial Virtual machine (one subdirectory per +chapter). There are also instructions for downloading the code in L. @@ -192,7 +193,7 @@ message. Note that we intentionally chose to display the message this way to demonstrate that TT templates will not be used if the response body has already been set. In reality you would probably want to use a technique that maintains the visual continuity of your template layout -(for example, using L as shown in the +(for example, using L as shown in the L to redirect to an "unauthorized" page). @@ -273,11 +274,18 @@ the "C" line: return any(map { $_->role } $self->roles) eq $role; } -Let's also add Perl6::Junction to the requirements listed in +Let's also add C to the requirements listed in Makefile.PL: requires 'Perl6::Junction'; +B Feel free to use C in lieu of C if +you prefer. Also, please don't let the use of the C +module above lead you to believe that Catalyst is somehow dependent on +Perl 6... we are simply using that module for its +L +C function. + Now we need to add some enforcement inside our controller. Open C and update the C method to match the following code: @@ -295,13 +303,13 @@ match the following code: $c->detach('/error_noperms') unless $c->stash->{object}->delete_allowed_by($c->user->get_object); + # Saved the PK id for status_msg below + my $id = $c->stash->{object}->id; + # Use the book object saved by 'object' and delete it along # with related 'book_authors' entries $c->stash->{object}->delete; - # Use 'flash' to save information across requests until it's read - $c->flash->{status_msg} = "Book deleted"; - # Redirect the user back to the list page $c->response->redirect($c->uri_for($self->action_for('list'), {mid => $c->set_status_msg("Deleted book $id")})); @@ -345,17 +353,18 @@ Use one of the 'Logout' links (or go to the L URL directly) when you are done. +You can jump to the next chapter of the tutorial here: +L + + =head1 AUTHOR Kennedy Clark, C Feel free to contact the author for any errors or suggestions, but the best way to report issues is via the CPAN RT Bug system at -. - -The most recent version of the Catalyst Tutorial can be found at -L. +L. -Copyright 2006-2010, Kennedy Clark, under the +Copyright 2006-2011, Kennedy Clark, under the Creative Commons Attribution Share-Alike License Version 3.0 (L).