On 2004-08-10 14:27:28, Björn Lindberg wrote:
How would I go about using authroization to restrict access to a set of pages, perhaps even including static ones? Should I set it up so that a prefix of the URIs of that set always leads to a handler which calls authorization? In that case, how would such a handler look like?
You could write a wrapper function for the handler. Or a function which generates wrapper functions for the handler, according for the specific authorization needs.
Your own dispatcher (or one generated with CREATE-PREFIX-DISPATCHER or CREATE-REGEX-DISPATCHER) then just calls the wrapper. The wrapper handles the authorization and calls either REQUIRE-AUTHORIZATION or your original handler.
Something like this:
(create-prefix-dispatcher "/dealer/" (generate-auth-wrapper "dealer" #'dealer-handler))
If you really need to protect static files, too, then I'd suggest to write your own version of CREATE-STATIC-FILE-DISPATCHER-AND-HANDLER. Code is in html.lisp
[...] (when (equal (script-name request) uri) ;; the handler + (generate-auth-wrapper + auth-group (lambda () [...]
Regards, Stefan