[web-devel] Authorization/Permissions for Persistent

Greg Weber greg at gregweber.info
Sat Apr 23 15:20:04 CEST 2011

In the Rails world all the most popular authorization plugins have a
declarative dsl for setting up the logic of authorization. That logic can
then be integrated into the models, the handlers, and the views.

On Sat, Apr 23, 2011 at 3:47 AM, Max Cantor <mxcantor at gmail.com> wrote:

> We have what is becoming a rather large webapp using yesod/persistent but
> have been doing authorization in a rather ad-hoc way.  I'm wondering if
> anyone else has dealt with this problem and has a smarter way to do it.
> Here's a summary of the issue.  In persistent we have a User table and we
> pull UserIds from the maybeAuth or requireAuth functions in yesod.auth.  We
> then have some other tables which might reference the userId directly or
> reference something else.  Based on the userId, the user either should have
> no access, read access, or write access to that row.  doesn't need to be a
> perfect or foolproof solution but something better than our current,
> completely ad-hoc approach would be an improvement.
> max
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20110423/da09702c/attachment.htm>

More information about the web-devel mailing list