OK. Point taken. I was really just putting my two cents in on a
subject that's important to me personally... ie user variable content
and ACLs.
It would be nice to do something like (I haven't actually looked
at the code, my bad):
page = Page.new
page.headers
page.content = Cache.get_content('/cache/'+cache_file)
page.render
Anyway I'd better have a look at the code myself before I make
a/more of a fool of myself.
I wasn't trying to make a fool out of you - I completely understand what
you're trying to achieve, but asking the pages to handle authentication
isn't the way to go about it unless you're prepared to totally kill the
caching performance.
The way to implement this would probably be to introduce a filter to the
site controller that does ACL checks based on paths - check the ACL for
the path before doing anything else that site_controller does. Introduce
a new LoginPage type that is not cached that is responsible for setting
the authentication cookies. Rails doesn't give you as much control over
session creation as I'm used to in java servlets, so you'll have to take
over session control in your own code - You need to have your filter
check for the existance of a session, but not create one if it doesn't
exist.
Hmmmm... does rails give you access to the session cookie before it gets
sent off in the response? Perhaps the site_controller could be changed
to clear out that cookie if the request is going to be cached - giving a
warning / raising an exception if the session is not empty. You'd still
need a seperate layer of access control, that slots in before the cache
handler, but if you could use rails sessions instead of rolling your own
that would be useful. I'll have a little play.
Dan.
_______________________________________________
Radiant mailing list
Post: Radiant@lists.radiantcms.org
Search: http://radiantcms.org/mailing-list/search/
Site: http://lists.radiantcms.org/mailman/listinfo/radiant
