[web-devel] Authorization/Permissions for Persistent

Michael Snoyman michael at snoyman.com
Sat Apr 23 19:23:53 CEST 2011

So far for my uses, isAuthorized has been sufficient, together with
some simple helper functions applied as necessary. However, I'd be
happy to try to flesh out a more complete system. Can you point out
specific issues that you're running into that seem like they could be
solved better?


On Sat, Apr 23, 2011 at 1:47 PM, Max Cantor <mxcantor at gmail.com> wrote:
> We have what is becoming a rather large webapp using yesod/persistent but have been doing authorization in a rather ad-hoc way.  I'm wondering if anyone else has dealt with this problem and has a smarter way to do it.
> Here's a summary of the issue.  In persistent we have a User table and we pull UserIds from the maybeAuth or requireAuth functions in yesod.auth.  We then have some other tables which might reference the userId directly or reference something else.  Based on the userId, the user either should have no access, read access, or write access to that row.  doesn't need to be a perfect or foolproof solution but something better than our current, completely ad-hoc approach would be an improvement.
> max
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel

More information about the web-devel mailing list