Revision history for Catalyst-Manual
5.7XXX XXX
+ - Tutorial::Authorization - Corrects the ACL for "/books/delete"
+ - Additional comments
+ (Dell Merrit)
+ - Tutorial::AdvancedCRUD::FormFu - suggest how the intrepid
+ user might now proceed, having completed the Tutorial.
+ (Dell Merrit)
- Fix typo in Authorization section (RT #42091)
- Fix typo in BasicCRUD (RT #42034)
- Resolve outstanding typo and suggestions in MoreCatalystBasics (RT #41491)
be returned to the book list with a "Book edited" message at the top in
green. Experiment with other edits to various books.
+=head2 More Things to Try
+
+You are now armed with enough knowledge to be dangerous. You can keep
+tweaking the example application; some things you might want to do:
+
+=over 4
+
+=item *
+
+Add an appropriate ACL to the new Edit function.
+
+=item *
+
+Cleanup the List page so that the Login link only displays when the user
+isn't logged in and the Logout link only displays when a user is logged
+in.
+
+=item *
+
+Add a more sensible policy for when and how users and admins can do
+things in the CRUD cycle.
+
+=item *
+
+Support the CRUD cycle for authors.
+
+=back
+
+Or you can proceed to write your own application, which is probably the
+real reason you worked through this Tutorial in the first place.
=head2 Config::General Config for this tutorial
"/books/form_create_do",
[qw/admin/],
);
- __PACKAGE__->deny_access_unless(
+ __PACKAGE__->allow_access_if(
"/books/delete",
[qw/user admin/],
);
first two rules only allow admin-level users to create new books using
the form (both the form itself and the data submission logic are
protected). The third statement allows both users and admins to delete
-books. The C</books/url_create> action will continue to be protected by
-the "manually configured" authorization created earlier in this part of
-the tutorial.
+books; letting users delete but not create book entries may sound odd in
+the "real world", but this is just an example. The C</books/url_create>
+action will continue to be protected by the "manually configured"
+authorization created earlier in this part of the tutorial.
The ACL plugin permits you to apply allow/deny logic in a variety of
ways. The following provides a basic overview of the capabilities: