See http://www.haskell.org/pipermail/web-devel/2012/002326.html and http://www.haskell.org/pipermail/web-devel/2012/002327.html.
Also see related mail list conversation:
and this gist: https://gist.github.com/1725600
Should we try to tackle this in Yesod 1.1?
@meteficha @gregwebs Do you think it's worth trying to make this change for 1.1? Do we have an idea of a good approach to use?
The current suggestions are still lacking in flexibility. My ideal implementation lets you write code like the following and need very few recompiles.
whenM (can user Delete resource) (destroy resource)
Note that this is resource based, not route based. But a route based permission can be built on top of it.
A user has permissions in the database. A permission is a list of roles plus application specific data. The application specific data (plus application specific code) can help determine if there is permission for the type of resource based on the roles the user has.
Something to think about :) Something is probably better than nothing, and nothing is required for the release.
Have there been any thoughts on how to proceed here?
No progress on this, closing.