In the Rails world all the most popular authorization plugins have a
declarative dsl for setting up the logic of authorization. That logic can
then be integrated into the models, the handlers, and the views.
https://github.com/ryanb/cancan/wiki/Defining-Abilities
https://github.com/stffn/declarative_authorization
On Sat, Apr 23, 2011 at 3:47 AM, Max Cantor
We have what is becoming a rather large webapp using yesod/persistent but have been doing authorization in a rather ad-hoc way. I'm wondering if anyone else has dealt with this problem and has a smarter way to do it.
Here's a summary of the issue. In persistent we have a User table and we pull UserIds from the maybeAuth or requireAuth functions in yesod.auth. We then have some other tables which might reference the userId directly or reference something else. Based on the userId, the user either should have no access, read access, or write access to that row. doesn't need to be a perfect or foolproof solution but something better than our current, completely ad-hoc approach would be an improvement.
max
_______________________________________________ web-devel mailing list web-devel@haskell.org http://www.haskell.org/mailman/listinfo/web-devel