[Bese-devel] Re: Access Control best practice
Marco Baringer
mb at bese.it
Tue Nov 21 15:38:23 UTC 2006
"Vagif Verdi" <vagif at cox.net> writes:
> Hello.
>
> What is the best/usual practice to control access to web site pages in ucw ?
>
> I mean how do you check if user logged in? At what point?
i generally have three parts to an app, the public part, the private
part and the backoffice. by using a custom dispatcher and ordering the
entry points i can "easily" (easy for me at least) control who sees
what:
(list
action-handler
public-entry-points
...
(redirect-unless-logged-in)
...
private-entry-points
...
(redirect-unless-admin)
...
backoffice)
so i generally check for logged-in-ness whenever accessing a new entry-point.
> Do you have a special component for that? Like url-mapper or action-mapper that
> checks credentials before running page?
not special components but i do have methods defined on actions which require a login:
(defaction whatever :before ((comp my-private-component) &rest other-args)
(declare (ignore other-args))
(unless (logged-in-p (get-session-value 'user))
(call 'login-component)))
[:before actions rock! by doing this i can call my login component,
which is sometimes a login-or-register component from anywhere in my
app and have it do the Right Thing(TM)]
> Or maybe components have specific slots that allow controlling access to
> component?
i've never done this, and i can't really see where it'd be usefull.
> I do not want to check that user logged in every page manually.
if you give some more info on how yoru app is structured i can provide
better suggestions on how to structure it.
--
-Marco
Ring the bells that still can ring.
Forget your perfect offering.
There is a crack in everything.
That's how the light gets in.
-Leonard Cohen
More information about the bese-devel
mailing list