<%flags>
inherit => undef # make sure we inhibit the default autohandler
</%flags>
<%shared>
my $let_me;
</%shared>
<%init>

# Because we're granting permissions on /let/... based on an auth token
# we tighten up the ::Action::.* permissions. 
# (Basically, we default to denying everything, then let individual lets start 
#  allowing whatever they want)

Jifty->web->deny_actions(qr/.*/);
Jifty->web->allow_actions(qr/Jifty::Action::Redirect/);

# get the dhandler_arg
$let_me = Jifty::LetMe->new();
$let_me->from_token($m->dhandler_arg);

# if the token doesn't look right, redirect the user to a help page, asking them
# to key in their token, by hand.
unless ($let_me->validate) {
    $m->redirect('/error/let_me/invalid_token');
}

# validate that the path exists

# it's critically important that this "local" user never get 
# persisted to the database, lest they be able to log in elsewhere.
Jifty->web->temporary_current_user($let_me->validated_current_user);

Jifty->web->handle_request(); # this is where page actions get pulled in, regular current user
$m->comp($let_me->path, %{$let_me->args});


# gets set, etc.
# make sure that anything that happens after this point doesn't
# have our current user.
Jifty->web->temporary_current_user(undef);
return;

</%init>
<%method setup_actions>
<%perl>
# this method turns around and calls the setup_actions method 
# it's called by Jifty::Web->setup_page_actions.
my $delegate = $m->fetch_comp($let_me->path);
if ($delegate and $delegate->method_exists('setup_actions')) {
    $delegate->call_method('setup_actions');
}
</%perl>
</%method>
