[Gd-hackers] Koala update
Bastian M?üller
turbo24prg at web.de
Thu Feb 7 22:41:28 CET 2008
Hannes Mehnert wrote:
> Bastian M?üller wrote:
>> Hannes Mehnert wrote:
Hej,
>> > It is quite common that some parts are only accessible after a
>> > successful authentication, that's why I would like to have the
>> > possibility to express this directly in the map. So, my current
>> > proposal for the macro would be:
>
>> I understand what you mean and that's a good feature we should have, but
>> the suggested "chain"-approach isn't perfect. What happens if an
>> action returns false? The action chain stops and then the user gets a
>> blank page. Maybe replacing the action sequence with normal control flow
>> statements is a better solution,
>
>>> define url-map
>>> "/foo" ("\w/\w/\w") => bind-arguments; "foo.dsp",
>>> ("") => "foo.dsp";
>>> "/bar" ("\d/\d/\w") => authenticated-user?; bind-arguments; "bar.dsp";
>>> "/foobar" () => admin-user?; foobar-responder;
>>> "/barfoo" () => "barfoo.dsp";
>>> end;
>> "/foobar" () => if (admin-user?) foo-bar-responder else
>> not-authenticated-responder end;
>
> Actually, rethinking the authentication, I currently prefer that
> admin-user? should signal an error (with not-authenticated-error or
> similar) if the current logged in user is not an admin. So, no need for
> if then else or to check whether a method returned #f.
>
Ok. But that leads to a user confronted with a dylan error-message in
his browser window, because there's nothing that will catch the
signal/error. Same problem as with the action sequence returning false.
How would call a responder that displays a nice user-friendly message
that states that the user isn't authenticated or authorized?
kind regards,
Bastian
More information about the hackers
mailing list