Closed cleesmith closed 8 years ago
Current, I control permissions through middleware and routes because I feel it's easier to change those permissions in routes than having to modify code in the controller: https://github.com/josephspurrier/gowebapp/blob/master/route/route.go#L66
Is it a better practice to add that code to the controller?
I was just repeating a pattern that's common in ruby/Rails and python/Flask apps.
So there should be something like acl.AuthenticatedOnly
in route/middleware/acl/acl.go
?
Ah, gotcha. Yeah, you can use acl.DisallowAnon. It does the same thing.
https://github.com/josephspurrier/gowebapp/blob/master/route/middleware/acl/acl.go#L26
I see. This is better, even DRY-er. Thanks.
Just thought it might be useful in larger web apps that allow only authenticated users for most actions and pages to have a
LoginRequired func
somewhere in thepackage controller
like:... this would be much DRY-er code wise. See: nsmsearch Not really a proper decorator like here but it works. Thoughts?