[web-devel] Yesod. Routes. Resources. Authorization. ACL

Michael Snoyman michael at snoyman.com
Sat Feb 12 17:38:54 CET 2011

2011/2/11 Антон Чешков <acheshkov at gmail.com>:
> Hi Michael.
> I want to make authorization in Yesod application build on ACL principle.
> We have in Yesod "Routes". "Route" is resource.  I have the list :
> Resource |  Access
> ----------------------------------
> RouteA      |   Allow
> RouteB      |   Deny
> I would like to :
> 1.  save, read this list  outward yesod
> 2.  check, that the concrete  route satisfy or not satisfy the list
> 3.  have more flexible way to define resource pattern in list. For example i
> have RouteX String Int. I wish to define pattern   "RouteX * 666"
> If i had this, i would to implement Yesod.isAuthorized  method similar
> isAuthorized _ = do
>     acl     <- getACL
>     route <- getCurrentRoute
>     case check acl route of
>         True ->  return Authorized
>         False -> return Unauthorized
> I do not know, may be there is the way to make this now.
> How i can put it into practice ?
> Thanks.

It looks to me like, barring a small difference in the API, you
already figured this out. The Yesod typeclass provides isAuthorized

isAuthorized :: master
                  -> Bool -- ^ is this a write request, such as POST or DELETE?
                  -> GHandler sub master AuthResult

So if you just rewrite your function as:

isAuthorized route _ = do
     acl     <- getACL
     case check acl route of
         True ->  return Authorized
         False -> return Unauthorized

you should be in good shape.


More information about the web-devel mailing list