[web-devel] Authorization/Permissions for Persistent
Greg Weber
greg at gregweber.info
Sat Apr 23 15:20:04 CEST 2011
In the Rails world all the most popular authorization plugins have a
declarative dsl for setting up the logic of authorization. That logic can
then be integrated into the models, the handlers, and the views.
https://github.com/ryanb/cancan/wiki/Defining-Abilities
https://github.com/stffn/declarative_authorization
On Sat, Apr 23, 2011 at 3:47 AM, Max Cantor <mxcantor at gmail.com> wrote:
> We have what is becoming a rather large webapp using yesod/persistent but
> have been doing authorization in a rather ad-hoc way. I'm wondering if
> anyone else has dealt with this problem and has a smarter way to do it.
>
> Here's a summary of the issue. In persistent we have a User table and we
> pull UserIds from the maybeAuth or requireAuth functions in yesod.auth. We
> then have some other tables which might reference the userId directly or
> reference something else. Based on the userId, the user either should have
> no access, read access, or write access to that row. doesn't need to be a
> perfect or foolproof solution but something better than our current,
> completely ad-hoc approach would be an improvement.
>
> max
>
>
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20110423/da09702c/attachment.htm>
More information about the web-devel
mailing list