Re: Modifying cdbi's default SQL and mod_perl

[prev] [thread] [next] [Date index for 2005/01/15]

On Fri, Jan 14, 2005 at 05:17:07PM +0000, patrick_paskvan@xxxxx.xxx wrote:
> So, I created an init_acl() method in the classes
> that needed to be protected, and once the user's
> session is loaded, a call to init_acl() with the
> user's gids, REPLACES THE DEFAULT 'Retrieve' and
> 'RetrieveAll' STATEMENTS, so that all subsequent
> calls are prefixed with the ACL join.  This works
> great under CGI, and seems to be the perfect solution,
> because it's transparent to Class::DBI and doesn't
> subvert any of the work that Class::DBI is doing.
> 
> However, under mod_perl, the init_acl() calls
> do conflict.  I probably wouldn't have noticed this,
> but admin users skip init_acl(), and I noticed that
> their results were limited by whoever set 'Retrieve'
> and 'RetrieveAll' last.  It seems that Ima::DBIs
> class/statement list is global.  I tried turning off
> prepare_cached() in the set_sql() call, but that didn't
> solve the problem.  I've searched for a definitive
> answer, but I haven't run across it.

Use Safe::World, load your classes into that, then create a fresh world for
each request - so the init_acl call takes place in the new world and so
doesn't affect future requests - hence an admin user gets a fresh class
without it.

Alternatively, have init_acl run for admins and change it to reset the SQL
statements to a non-limited form there.

        -- 
        Bring me my etherkiller; Oh clouds unfold! / Bring me the magic smoke of desire
I shall not cease from mental fight / Nor shall my LART rest in my hand
Till we have buried the bodies / Of all the lusers in all this land
  -- rpg, ASR                        [ My homepage is http://www.trout.me.uk/ ]