On Thu, Mar 17, 2011 at 10:07 AM,
I am trying to build an intranet web app that would need access control (different modules are allowed/denied to different groups of users).
I am thinking about putting a handle that checks credentials and then lets routing to continue to match the rest of the route.
/app/moudle1 <- Here i check the credentials /app/moudle1/path1 <- If credential are OK, then the handler falls in here. /app/moudle1/path2
How do i do that with yesod ? Is it something that needs a subsite ? I would appreciate a small example. It would help me a lot.
You can look at the static subsite or some of the other existing ones. You should be able to avoid a subsite by checking the url in the auhorization callbacks. The community would find some kind of authorization library useful if you manage to generalize your approach.
-----------------
Another question, Is there a way a automatically and transparently for developer encrypt part (or all ) of the url. Like this:
www.website.com/app/jshdfbjkshabfjhvkjvjaksvdfjhvasjdhvfkjshadfhjasdhfkjasfjsvahf
This seems possible using a custom route piece type and/or url rendering overrides. where the encrypted part will be converted to normal route by the rounting
handler, and when urls are generated, encrypted back. Of course using a separate key for each user/session.
Regards, Vagif Verdi
_______________________________________________ web-devel mailing list web-devel@haskell.org http://www.haskell.org/mailman/listinfo/web-devel
Greg Weber