[web-devel] Yesod. Routes. Resources. Authorization. ACL
Michael Snoyman
michael at snoyman.com
Sat Feb 12 17:38:54 CET 2011
2011/2/11 Антон Чешков <acheshkov at gmail.com>:
> Hi Michael.
> I want to make authorization in Yesod application build on ACL principle.
> We have in Yesod "Routes". "Route" is resource. I have the list :
> Resource | Access
> ----------------------------------
> RouteA | Allow
> RouteB | Deny
> I would like to :
> 1. save, read this list outward yesod
> 2. check, that the concrete route satisfy or not satisfy the list
> 3. have more flexible way to define resource pattern in list. For example i
> have RouteX String Int. I wish to define pattern "RouteX * 666"
> If i had this, i would to implement Yesod.isAuthorized method similar
> isAuthorized _ = do
> acl <- getACL
> route <- getCurrentRoute
> case check acl route of
> True -> return Authorized
> False -> return Unauthorized
>
> I do not know, may be there is the way to make this now.
> How i can put it into practice ?
> Thanks.
It looks to me like, barring a small difference in the API, you
already figured this out. The Yesod typeclass provides isAuthorized
already:
isAuthorized :: master
-> Bool -- ^ is this a write request, such as POST or DELETE?
-> GHandler sub master AuthResult
So if you just rewrite your function as:
isAuthorized route _ = do
acl <- getACL
case check acl route of
True -> return Authorized
False -> return Unauthorized
you should be in good shape.
Michael
More information about the web-devel
mailing list