[Bese-devel] Re: Access Control best practice

[Vagif Verdi]

<quote>
i generally have three parts to an app, the public part, the private
part and the backoffice. by using a custom dispatcher and ordering the
entry points i can "easily" (easy for me at least) control who sees
what:

(list
  action-handler
  public-entry-points
  ...
  (redirect-unless-logged-in)
  ...
  private-entry-points
  ...
  (redirect-unless-admin)
  ...
  backoffice)

so i generally check for logged-in-ness whenever accessing a new
entry-point.
</quote>

I like this approach, because you are writing code to check if user logged
in only one time.
And it would be great to see particular example included into ucw.

<quote>
...i do have methods defined on actions which require a login:

(defaction whatever :before ((comp my-private-component) &rest other-args)
  (declare (ignore other-args))
  (unless (logged-in-p (get-session-value 'user))
    (call 'login-component)))

[:before actions rock! by doing this i can call my login component,
which is sometimes a login-or-register component from anywhere in my
app and have it do the Right Thing(TM)]
</quote>

This approach I do not like (or maybe I misunderstand it)
Do you mean that you have to write :before actions for every of your 50
pages ?
Or do you write :before action only once and then it is fired for all 50
pages ?
If latter, how do you do that?

Regards,
Vagif Verdi.