[web-devel] Authorization/Permissions for Persistent
greg at gregweber.info
Sat Apr 23 15:20:04 CEST 2011
In the Rails world all the most popular authorization plugins have a
declarative dsl for setting up the logic of authorization. That logic can
then be integrated into the models, the handlers, and the views.
On Sat, Apr 23, 2011 at 3:47 AM, Max Cantor <mxcantor at gmail.com> wrote:
> We have what is becoming a rather large webapp using yesod/persistent but
> have been doing authorization in a rather ad-hoc way. I'm wondering if
> anyone else has dealt with this problem and has a smarter way to do it.
> Here's a summary of the issue. In persistent we have a User table and we
> pull UserIds from the maybeAuth or requireAuth functions in yesod.auth. We
> then have some other tables which might reference the userId directly or
> reference something else. Based on the userId, the user either should have
> no access, read access, or write access to that row. doesn't need to be a
> perfect or foolproof solution but something better than our current,
> completely ad-hoc approach would be an improvement.
> web-devel mailing list
> web-devel at haskell.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the web-devel