my app is a Book manager where I can create Books and Pages.
I have my bookController with a "store" on POST, which store a title and a description.
public function store()
{
$rules = array(
'title' => 'required|min:3',
'description' => 'required|min:30'
);
$validator = Validator::make(Input::all(), $rules);
if ($validator->fails()) {
return Response::json(
array(
'metadata' => array(
'error' => true,
'message' => 'The book creation has failed'
)
),
400
);
}
else {
$slug = Str::slug(Request::get('title'));
$existSlug = Book::where('slug',$slug)->get();
if(count($existSlug) > 0) {
return Response::json(
array(
'metadata' => array(
'error' => true,
'message' => 'This title is already taken'
)
),
400
);
}
else {
$book = new Book;
$book->title = Request::get('title');
$book->slug = $slug;
$book->description = Request::get('description');
$book->user_id = Auth::user()->id;
$book->status = false;
$book->save();
$stored = $book->toArray();
$metadata = array(
'metadata' => array(
'error' => false,
)
);
return Response::json(
array_merge($stored,$metadata),
201
);
}
}
}
I also have a pageController with a "store" on POST, which store a page content :
public function store()
{
$rules = array(
'content' => 'required|between:300,350',
'book_id' => 'required|exists:books,id'
);
$validator = Validator::make(Input::all(), $rules);
if($validator->fails()) {
return Response::json(
array(
'metadata' => array(
'error' => true,
'message' => 'The page must be between 300 and 350 characters'
)
),
400
);
}
else {
$book = Book::find(Input::get('book_id'));
$content = Input::get('content');
$parent = Page::where('book_id',$book->id)->where('status',1)->orderBy('id', 'desc')->first();
if($parent){
$parent_id = $parent->id;
$parent_number = $parent->number;
$status = 0; //Define the status of the created page
}
else{
//If it's the first page of the book
$parent_id = 0;
$parent_number = 0;
$status = 1; //if there's no parent page, the new page is the first - auto validated - page of the book.
if($book->user_id != Auth::user()->id) {
return Response::json(
array(
'metadata' => array(
'error' => true,
'message' => 'You have to be the author of a book to write the first page.'
)
),
403
);
}
}
$page = new Page;
$page->content = $content;
$page->book_id = $book->id;
$page->parent_id = $parent_id;
$page->number = $parent_number + 1;
$page->user_id = Auth::user()->id;
$page->status = $status;
$page->save();
$stored = $page->toArray();
$metadata = array(
'metadata' => array(
'error' => false
)
);
return Response::json(
array_merge($stored,$metadata),
201
);
}
}
Whenever someone creates a book, he has to write at least its first page. This result in a form with an input title, description and content.
I send a POST to [...]/books with my input title and description
If Success => I get the book id, and send it with the input content to [...]/pages.
Here are my problems :
Someone can send a post on [...]/books and will store a new book with no page
I want to solve this in the more "restFUL way", meaning no "hackish solution" like sending the content to /books and make a page validation in the bookController
Also, even if I chose the hackish way, my API is still not safe : I can stop the second request (to /pages) to be sent.
How do I handle this co-dependency ?
1st
Your controllers are doing too much, they are not supposed to know anything about your business logic this is something that should be handle by specific classes (models, repositories, domain logic classes).
Create some classes to handle this logic, send the Input to them and make it happen. Call them whatever you need to, using Laravel is great because you can do whatever you want with your code.
2nd
If you have different data constraints to be enforced, you can:
Handle them on the same request
Depends on your interface, if you have everything you need on a single page, you just send the data and handle it on a repository, which has access to all your models.
An example that can be used for both could be:
A book repository using Dependency Injection, which means that Book and Page will be automatically instantiated by Laravel:
class BookRepository {
__construct(Book $book, Page $page)
{
$this->book = $book;
$this->page = $page;
}
public function store($input)
{
if ( ! $this->book->validate($input) || !$this->page->validate($input))
{
return 'error';
}
$book->create(input);
$page->create($input);
}
}
A Base Model with your validation:
class Book extends BaseModel {
public function validate($input)
{
/// validate here and return
}
}
Your models and rules for each:
class Book extends BaseModel {
$book_rules = array(
'title' => 'required|min:3',
'description' => 'required|min:30'
);
}
class Page extends BaseModel {
$page_rules = array(
'content' => 'required|between:300,350',
'book_id' => 'required|exists:books,id'
);
}
And then you create your view having book info and page info, and which will POST to BookController#store:
class BookController extends Controller {
public function __controller(BookRepository $book_repository)
{
$this->book_repository = $book_repository;
}
public function store()
{
if ( ! $this->book_repository->store($input))
{
return Redirect::back()
->withErrors(
$this->book_repository
->validation
->messages()
->all()
);
}
return Redirect::to('success');
}
}
Again we are using Dependency Injection. $book_repository will be instantiated automatically. So your Controller doesn't need to know what a Book or a Page do, it just need to get the request and pass to a repository that will take care of everything.
It's not all there, but it's a start.
Handle them on different requests
This is usual. User send a request, app check and store data. User send a second request, app check it all and send back errors, if needed.
Handle them in background
This is a smarter way to do it. Your app will receive all data, in one or more requests, store them, check them using a queue worker and send e-mails to the user telling him that there are some data to be filled. Books with no pages can be deleted after some time. You don't risk having bad data and your user will know what's missing as soon as you do too.
Related
I am new at PHP. We are creating REST API in Phalcon and I've created a put request. It already works, but I would like to check if update has really happened before sending a success response. So I've created a conditional for that ( if (!$product->update()) ), but it always returns 'true'. How can I check if any field has changed in a record?
public function put()
{
$id = $this->getParam('id');
$input = $this->getRawData();
$product = Product::findFirst([
'conditions' => 'id = :id:',
'bind' => ['id' => $id]
]);
if ($product === null){
throw new NotFoundException();
}
$product->assign($input);
$product->update();
if (!$product->update()) {
$this->errorResponse($product->getMessages());
} else {
$this->successResponse($product->toArray($product->update()));
}
}
You can use Model Events, i.e. afterUpdate and notSaved, like:
use Phalcon\Mvc\Model;
use Phalcon\Http\Response;
class ModelBase extends Model
{
public function afterUpdate()
{
$response = new Response();
$response->setJsonContent([
'success' => true,
'message' => "Record updated"
])->send();
}
public function notSaved()
{
$response = new Response();
$response->setJsonContent([
'success' => false,
'message' => 'Record not saved'
])->send();
}
}
The Product and all other models will extend ModelBase. Then your code could be:
public function put()
{
$id = $this->getParam('id');
$input = $this->getRawData();
$product = Product::findFirst([
'conditions' => 'id = :id:',
'bind' => ['id' => $id]
]);
if ($product === null){
throw new NotFoundException();
}
$product->assign($input);
$product->update();
}
And Phalcon event will respond if the model was updated or not. If you prefer, you can also use custom http response codes for update or notSaved. More information about Model Events in the documentation
You are calling $product->update() three times. You do it once after the assign, then again for your if test, which is why it's always returning TRUE there I believe, and once inside the toArray() which may not actually return anything since the second and third updates don't have any data to update (not sure about that though).
I would code this as follows:
$product->assign($input);
$results = $product->update();
if (!results) {
$this->errorResponse($product->getMessages());
} else {
$this->successResponse($results->toArray());
}
I am assuming that the $product->assign($input); statement is working as expected to update the $product data for you. I don't use that. I prefer to do direct assignments for updates so nothing is left to chance, ie. $product->whatever = $input['whatever'];.
Give this a try and hopefully it will work as expected for you.
I am using Moodle 2.7 and in the Quiz activity there is the overview page for all attempts of the learners.
The table is under mymoodle/mod/quiz/report.php?id=50&mode=overview
Right now only admin users or users with the capability 'mod/quiz:viewreports' can see the table.
How to add users, without using any capability, who will be able to see this report?
Right now every user, without the capability gets the error from report.php:
$reportlist = quiz_report_list($context);
if (empty($reportlist) !totara_is_manager($userid)) {
print_error('erroraccessingreport', 'quiz');
}
// Validate the requested report name.
if ($mode == '') {
// Default to first accessible report and redirect.
$url->param('mode', reset($reportlist));
redirect($url);
} else if (!in_array($mode, $reportlist)) {
print_error('erroraccessingreport', 'quiz');
}
if (!is_readable("report/$mode/report.php")) {
print_error('reportnotfound', 'quiz', '', $mode);
}
The table function is under reportlib.php:
function quiz_report_list($context) {
global $DB;
static $reportlist = null;
if (!is_null($reportlist)) {
return $reportlist;
}
$reports = $DB->get_records('quiz_reports', null, 'displayorder DESC', 'name, capability');
$reportdirs = core_component::get_plugin_list('quiz');
// Order the reports tab in descending order of displayorder.
$reportcaps = array();
foreach ($reports as $key => $report) {
if (array_key_exists($report->name, $reportdirs)) {
$reportcaps[$report->name] = $report->capability;
}
}
// Add any other reports, which are on disc but not in the DB, on the end.
foreach ($reportdirs as $reportname => $notused) {
if (!isset($reportcaps[$reportname])) {
$reportcaps[$reportname] = null;
}
}
$reportlist = array();
foreach ($reportcaps as $name => $capability) {
if (empty($capability)) {
$capability = 'mod/quiz:viewreports';
}
if (has_capability($capability, $context)) {
$reportlist[] = $name;
}
}
return $reportlist;
}
I want to add designated people by their id, who will act as managers.
If you want to completely bypass the capabilities' mechanism for viewing reports, then you could always comment the array values in access.php corresponding to the key 'mod/quiz:viewreports'. In other words, you can go to /mod/quiz/db/access.php and substitute
// View the quiz reports.
'mod/quiz:viewreports' => array(
'riskbitmask' => RISK_PERSONAL,
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'archetypes' => array(
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'manager' => CAP_ALLOW
)
),
with
// View the quiz reports.
'mod/quiz:viewreports' => array(
// 'riskbitmask' => RISK_PERSONAL,
// 'captype' => 'read',
// 'contextlevel' => CONTEXT_MODULE,
// 'archetypes' => array(
// 'teacher' => CAP_ALLOW,
// 'editingteacher' => CAP_ALLOW,
// 'manager' => CAP_ALLOW
)
),
or, alternatively, you can tune or turn on the entries according to your necessities. For more information see:
https://docs.moodle.org/dev/Access_API
Then you can
check the ID of the current user ($USER->id) and
write some custom function to decide if this user can or cannot see the report.
Note: I would not bypass the capabilities mechanism, though, because it is reliable and safe. You could however tune it in order to allow only user groups defined by you.
I am working on a web application that allow users to have video conferences. Users are allowed to create video conferences and I want them to be able to also edit the scheduled video conferences but I am having trouble implementing that. Please help.
Edit button in index.php view
$html .= CHtml::ajaxLink('Edit',
Yii::app()->createAbsoluteUrl('videoConference/update/'.$vc->id),
array(
'type'=>'post',
'data' => array('id' =>$vc->id,'type'=>'update'),
),
array( "visible" => $ismoderator, 'role' => "button", "class" => "btn btn-info")
);
Video conference Controller actionUpdate
/**
* Updates a particular model.
* If update is successful, the browser will be redirected to the 'view' page.
* #param integer $id the ID of the model to be updated
*/
public function actionUpdate($id)
{
$model = $this->loadModel($id);
if (isset($_POST['VideoConference'])) {
$model->attributes = $_POST['VideoConference'];
if ($model->save())
$this->redirect(array('view', 'id' => $model->id));
}
$this->render('edit', array(
'model' => $model,
));
}
The first step is to find where is problem(frontend / backend). You need call action without ajax(just from url with param id). Try my version:
/**
* Updates a particular model.
* If update is successful, the browser will be redirected to the 'view' page.
* #param integer $id the ID of the model to be updated
*/
public function actionUpdate($id)
{
$model = $this->loadModel($id);
if ($model == null) {
throw new CHttpException(404, 'Model not exist.');
}
//if (isset($_POST['VideoConference'])) {
//$model->attributes = $_POST['VideoConference'];
$model->attributes = array('your_attr' => 'val', /* etc... */);
// or try to set 1 attribute $model->yourAttr = 'test';
if ($model->validate()) {
$model->update(); //better use update(), not save() for updating.
$this->redirect(array('view', 'id' => $model->id));
} else {
//check errors of validation
var_dump($model->getErrors());
die();
}
//}
$this->render('edit', array(
'model' => $model,
));
}
If on server side all working fine(row was updated) then check request params, console, tokens etc. Problem will be on frontend.
After troubleshooting a little I finally got it to work.
On the view I am calling the actionUpdate method like this:
$html .= CHtml::button('Edit', array('submit' => array('videoConference/update/'.$vc->id), "visible" => $ismoderator, 'role' => "button", "class" => "btn btn-info"));
On the controller just changed
$model->save() to $model->update()
and it works perfectly fine.
I am writing the code with the following for mat in rest api.
I thought that, validation done in controller and the service layer cares of writing business logic and model takes care of database operations. I hope I am correct.
My clarification here is whether I can send var_id (underscore separated) to the service layer or as varID (camel-case).
I searched that lot of the api calls, most of them are var_id, that's the reason I used myself too.
But how can I use the variable here, because zend framework code works with camel-case, if am assigning the variables varID = var_id for each and every variable, is it right.
$dataSendToService = array(
$varID = var_id,
$varID2 = var_id2;
);
I am calling the api like the below in the create method.
http://128.12.788.88/api/v1/users/72
json get method like this
{
"var_id":"var_value",
"var_id1":"var_value1"
}
In controller:
function create() {
$body = $this->getRequest()->getContent();
$data = json_decode($body);
$id = $this->params('id');
//validation
if( !isset( $data->pat_id ) || empty( $data->pat_id ) ) {
$resp = array(
'status' => 'failure',
'errorCode' => 531,
'errorMessage' => 'Patient ID should not be empty'
);
return new JsonModel($resp);
}
if( !isset( $data->doc_id ) || empty($data->doc_id )) {
$resp = array(
'status' => 'failure',
'errorCode' => 532,
'errorMessage' => 'Doctor ID should not be empty'
);
return new JsonModel($resp);
}
if( !isset( $data->apt_time ) || empty($data->apt_time )) {
$resp = array(
'status' => 'failure',
'errorCode' => 533,
'errorMessage' => 'Appointment time should not be empty');
return new JsonModel($resp);
}
if( !isset( $data->apt_subject ) || empty($data->apt_subject )) {
$resp = array(
'status' => 'failure',
'errorCode' => 534,
'errorMessage' => 'Appointment Subject time should not be empty');
return new JsonModel($resp);
}
$sm = $this->getServiceLocator();
$dbAdapter = $sm->get('Zend\Db\Adapter\Adapter');
$usersService = new UsersService($dbAdapter);
$resp = $usersService->profile($data,$id);
}
In service:
function create() {
//get the data and pass it to model
}
In model:
function create() {
//get the data and insert in table and return the result
}
It is totally fine to use underscore separated values in ZF2 but indeed camel-casing seems to be more common practice.
You definitely don't have to do all this manually, you can easily use filters for changing your json variables to camel-case:
use Zend\Filter\Word\CamelCaseToUnderscore;
...
$filter = new CamelCaseToUnderscore();
print $filter->filter('ThisIsMyContent');
And back to underscore separated:
use Zend\Filter\Word\CamelCaseToDash;
...
filter = new CamelCaseToDash();
print $filter->filter('ThisIsMyContent');
If you use a hydrator then you can use the ZF2 ClassMethods hydrator which can be set to extract and hydrate between both by passing a boolean to the constructor:
underscore-separated (true) or camel-case (false)
use Zend\Stdlib\Hydrator\ClassMethods;
...
$boolean = true|false;
$hydrator = new ClassMethods($boolean)
I'm currently working on a project using the Phalcon Framework that has pages with complex forms and a lot of inputs, to break it down nicely I'm dividing the forms into a step-by-step process.
How would one validate the form on each step before going to the next step and then save the whole form on the final step?
I can't seem to find anything documented about this sort of process as it likes to validate the form in it's entirety if I use the form builder.
Simple, just create a custom methods in your form class to validate any step, and the posted data from some step save into message class and store it into session by "stepX", when posted data is not valid just set defaults from post. When valid save it into session as i describe above.
For example how i mean "controller"
<?php
class MyController extends BaseController {
public function processStep1Action(){
$form = new MyForm();
if($this->request->isPost()){//im using my custom request class
if(!$form->isValid($this->request->getPost()){
//error messages goes here
$form->setDefaultsFromRequest($this->request); // it will set the filled data
}
else {
$messageClass = new MyMessageContainer();
$messageClass->setData($this->request);//inside parse requested data into message class, or parse it as $messageClass->name = $this->request->getPost('name');
$this->session->save('step1',$messageClass); //maybe it would be want to serialize it
//then redirect to the step 2 or x
}
}
}
}
So in the next step you can access data from sessions $this->session->get('step1'); so you can in final step load all posted data and store it into DB.
I hope this helps! :)
here is my form maybe it can be helpful for you.
<?php
namespace Manager\Library\Forms\User;
use Phalcon\Forms\Form,
Phalcon\Forms\Element\Email,
Phalcon\Forms\Element\Select,
Phalcon\Forms\Element\Password,
Phalcon\Forms\Element\Check,
Phalcon\Validation\Validator\Confirmation,
Phalcon\Validation\Validator\StringLength,
Phalcon\Forms\Element\Submit,
Phalcon\Validation\Validator\PresenceOf,
Model\Group;
class AddUser extends Form {
public function initialize()
{
$email = new Email('email');
$email->addValidators(array(
new \Phalcon\Validation\Validator\Email(array(
'message' => 'Nezadali jste email nebo má nesprávny tvar(email#domena.tld).'
))
));
$this->add($email);
$this->initGroupElement();
$password = new Password('password');
$password
->addValidator(new StringLength(array('min' => 6,'messageMinimum' => 'Nezadali jste heslo nebo je příliš krátke, minimální počet znaků je 6.')))
->addValidator(new Confirmation(array('with' => 'password-again',"message" => "Zadané hesla se neshodují.")));
$this->add($password);
$repeatPassword = new Password('password-again');
$this->add($repeatPassword);
$this->initializeProfileElements();
$active = new Check('active',array('value' => 1));
$this->add($active);
$this->add( new Submit('save') );
\Phalcon\Tag::setDefault('password', '');
\Phalcon\Tag::setDefault('password-again', '');
}
public function initializeEdit(){
$email = new Email('email');
$email->addValidators(array(
new \Phalcon\Validation\Validator\Email(array(
'message' => 'Nezadali jste email nebo má nesprávny tvar(email#domena.tld).'
))
));
$this->add($email);
$this->initGroupElement();
$password = new Password('password');
$this->add($password);
$repeatPassword = new Password('password-again');
$this->add($repeatPassword);
$this->initializeProfileElements();
$active = new Check('active',array('value' => 1));
$this->add($active);
$this->add( new Submit('save') );
\Phalcon\Tag::setDefault('password', '');
\Phalcon\Tag::setDefault('password-again', '');
}
protected function initGroupElement(){
$auth = \Core\Auth::getIdentity();
$groups = new Group();
// $groups->addColumns(array('id','name'));
//set global condition about Super Admin
$groups->addFilter('id', 1,'<>');
if($auth){
//set restrictions for main groups
if((int)$auth->group_id === 1){ //super admingroup
//no filter
}
else if((int)$auth->group_id === 2){ //admin group
$groups->addFilter('id', 1,'>');
}
else if((int)$auth->group_id === 6){//Provozovatel group
$groups->addFilter('id',array(3,6,7));
$groups->addFilter('public', 1,'=',true);
}
else { // other groups
$groups->addFilter('public', 1);
}
}
$groups = $groups->findFiltered();
$groupElement = new Select('group');
foreach($groups as $group){
$groupElement->addOption(array($group->id => $group->name));
}
$this->add($groupElement);
}
protected function initializeProfileElements(){
$forename = new \Phalcon\Forms\Element\Text('forename');
$this->add($forename);
$surname = new \Phalcon\Forms\Element\Text('surname');
$this->add($surname);
$street = new \Phalcon\Forms\Element\Text('street');
$this->add($street);
$postal = new \Phalcon\Forms\Element\Text('postal');
$this->add($postal);
$city = new \Phalcon\Forms\Element\Text('city');
$this->add($city);
$ic = new \Phalcon\Forms\Element\Text('ic');
$this->add($ic);
$dic = new \Phalcon\Forms\Element\Text('dic');
$this->add($dic);
}
public function setDefault($fieldName,$value){
\Phalcon\Tag::setDefault($fieldName, $value);
}
public function setDefaults($object){
if($object instanceof \Model\User){
$this->setDefaultsFromObject($object);
}
else if($object instanceof \Phalcon\Http\Request){
$this->setDefaultsFromRequest($object);
}
}
protected function setDefaultsFromObject(\Model\User $user){
$profile = $user->getRelated('\Model\Profile');
\Phalcon\Tag::setDefaults(array(
'email' => $user->email,
'group' => $user->group_id,
'active' => $user->active,
'forename' => $profile->forename,
'surname' => $profile->surname,
'street' => $profile->street,
'city' => $profile->city,
'postal' => $profile->postal,
'ic' => $profile->IC,
'dic' => $profile->DIC
));
}
protected function setDefaultsFromRequest(\Phalcon\Http\Request $request){
\Phalcon\Tag::setDefaults(array(
'email' => $request->getPost('email'),
'group' => $request->getPost('group'),
'active' => $request->getPost('active')
));
\Phalcon\Tag::setDefaults(array(
'forename' => $request->getPost('forename'),
'surname' => $request->getPost('surname'),
'street' => $request->getPost('street'),
'city' => $request->getPost('city'),
'postal' => $request->getPost('postal'),
'ic' => $request->getPost('ic'),
'dic' => $request->getPost('dic')
));
}
}
In addition to Kamil's answer, another option to consider is to use Javascript on the front-end to handle your multi-step form. This will add some complexity as you will need to have the javascript to handle the form steps and do preliminary validation, but it only requires a single submit where you can validate content within a single method.