On Thu, Mar 17, 2011 at 10:07 AM, <vagif.verdi@gmail.com> wrote:
I am trying to build an intranet web app that would need access control
(different modules are allowed/denied to different groups of users).

I am thinking about putting a handle that checks credentials and then lets
routing to continue to match the rest of the route.

/app/moudle1 <- Here i check the credentials
/app/moudle1/path1 <- If credential are OK, then the handler falls in here.
/app/moudle1/path2

How do i do that with yesod ? Is it something that needs a subsite ? I would
appreciate a small example. It would help me a lot.

You can look at the static subsite or some of the other existing ones. You should be able to avoid a subsite by checking the url in the auhorization callbacks. The community would find some kind of authorization library useful if you manage to generalize your approach.
-----------------

Another question, Is there a way a automatically and transparently for
developer encrypt part (or all ) of the url. Like this:

www.website.com/app/jshdfbjkshabfjhvkjvjaksvdfjhvasjdhvfkjshadfhjasdhfkjasfjsvahf


This seems possible using a custom route piece type and/or url rendering overrides.

where the encrypted part will be converted to normal route by the rounting
handler, and when urls are generated, encrypted back. Of course using a
separate key for each user/session.

Regards,
Vagif Verdi

_______________________________________________
web-devel mailing list
web-devel@haskell.org
http://www.haskell.org/mailman/listinfo/web-devel

Greg Weber