From: "Kiffin Gish" <kiffin.g...@planet.nl>
In my application, users are allowed to edit only their own settings
like this:
/account/id/client/settings/edit
| /role/*/settings/edit | /auth (0) |
| | -> /role/base (1) |
| | -> /role/settings/crud/base (0) |
| | => /role/settings/crud/edit |
# Controller::Role
sub base : Chained('/auth') PathPart('role') CaptureArgs(1) {
my ( $self, $c, $id ) = @_;
# Get the user if possible.
my $user = $c->model('DB::User')->find($id);
# Make sure that the user is indeed this user.
$c->detach('/error_403') unless $c->user->id == $id;
# Save the user in the stash.
$c->stash( user => $user );
}
Why do you need this subroutine?
It should be reached only by the authenticated users, and if somebody
reached here, you can just get his/her user id from $c->user->get('id') and
you can get this information in the other subroutines also.
Octavian
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/