[web-devel] Authorization/Permissions for Persistent
Michael Snoyman
michael at snoyman.com
Sat Apr 23 19:23:53 CEST 2011
So far for my uses, isAuthorized has been sufficient, together with
some simple helper functions applied as necessary. However, I'd be
happy to try to flesh out a more complete system. Can you point out
specific issues that you're running into that seem like they could be
solved better?
Michael
On Sat, Apr 23, 2011 at 1:47 PM, Max Cantor <mxcantor at gmail.com> wrote:
> We have what is becoming a rather large webapp using yesod/persistent but have been doing authorization in a rather ad-hoc way. I'm wondering if anyone else has dealt with this problem and has a smarter way to do it.
>
> Here's a summary of the issue. In persistent we have a User table and we pull UserIds from the maybeAuth or requireAuth functions in yesod.auth. We then have some other tables which might reference the userId directly or reference something else. Based on the userId, the user either should have no access, read access, or write access to that row. doesn't need to be a perfect or foolproof solution but something better than our current, completely ad-hoc approach would be an improvement.
>
> max
>
>
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel
>
More information about the web-devel
mailing list