Permission on action

[giorgio.s...@gmail.com]

I have create this rest api called by as an action:

class actions_myGeoJsonPG {

function handle($params){

        $app = Dataface_Application::getInstance();

$auth =& Dataface_AuthenticationTool::getInstance();

        $query = $app->getQuery();

        $user =& $auth->getLoggedInUser();

        if ( !$user ) 

die("no access");

        session_write_close();

        header('Connection:close');

        .....

        ......

I put permission control inside of handler, is good or there is a better way to do this?

Is possible to using class conf_ApplicationDelegate for check permission on action?