Skip Menu |

This queue is for tickets about the Catalyst-ActionRole-ACL CPAN distribution.

Report information
The Basics
Id: 57835
Status: open
Priority: 0/
Queue: Catalyst-ActionRole-ACL

People
Owner: converter [...] cpan.org
Requestors: danny [...] sadinoff.com
Cc: bobtfish [...] bobtfish.net
danny@sadinoff.com (no email address)
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



CC: danny [...] sadinoff.com
Subject: Feature request: abstract validation methods
My desire is for there to be a way to use Catayst::ActionRole::ACL to express arbitrarily complex authorization conditions, i.e. "you may only execute this method if the following CODEREF, when executed, returns true". I will let the power and general usefulness of such an approach speak for itself. t0m's suggested design: patch ActionRole::ACL to have an AuthValidateMethod('some_method') method some_method ($self, $user, $action, $c) { # Your code here } [...with the suggestion that you could] put the some_method into a role if you need to share it.. you can even put it in a param role, and bake it in several times, parameterised different ways, then config up it's use using CatalystX::Component::Traits... so the _entire_ ACL composition is done by reusing the custom code, but entirely from config.. (FSVO config) so.. You add handling of 1 attribute to ActionRole::ACL
Not sure what the "action" parameter is for in the callback. How does it differ from $c->action ?
I've committed a fairly simple implementation, but I changed the API of can_visit : sub can_visit( $self, $c, $controller) is there some cleaner way to get the controller from the action itself? ...anyway, please have a look: http://github.com/dsadinoff/catalyst-actionrole-acl