[web-devel] Authorization/Permissions for Persistent

Max Cantor mxcantor at gmail.com
Sat Apr 23 12:47:58 CEST 2011


We have what is becoming a rather large webapp using yesod/persistent but have been doing authorization in a rather ad-hoc way.  I'm wondering if anyone else has dealt with this problem and has a smarter way to do it.

Here's a summary of the issue.  In persistent we have a User table and we pull UserIds from the maybeAuth or requireAuth functions in yesod.auth.  We then have some other tables which might reference the userId directly or reference something else.  Based on the userId, the user either should have no access, read access, or write access to that row.  doesn't need to be a perfect or foolproof solution but something better than our current, completely ad-hoc approach would be an improvement.

max




More information about the web-devel mailing list