I've got a pretty standard ACL system in my application. There's a Login controller and a bunch of other controllers redirecting back to Login if user is not authorized. I use a Controller Plugin for checking the ID and redirecting and I obviously don't want Login controller and Error controller to perform such a redirect.
Now I've read several times that using Controller Plugins is a better practice than subclassing the Action Controller. Yet what I see is it's much easier to extend all my controllers from this abstract base controller class which performs the necessary checking in its init method, except for the Login controller which extends Zend_Controller_Action directly.
So the question is, is there a way to attach the plugin to the controllers selectively? Of course I can always make an array out of certain controllers, send it to a plugin through a setter method and do something like:
$controller = $request->getParam('controller');
if (count($this->exceptions))
if (in_array($controller, $this->exceptions)) return;
//...check ID, perform redirect, etc...
Yet something tells me it's not the best way doing it.
And advices?
EDIT 1: #Billy ONeal
Thank you for your reply, but I don't quite catch. I can do
public function init()
{
$this->getRequest()->setParam('dropProtection', true);
}
(or run some method that sets some private variable of the plugin) in my login controller, and then say if 'dropProtection' is not true then check the user ID. But the actual dispatch process looks like this:
Plugin::dispatchLoopStartup
Plugin::preDispatch
Controller::init
Plugin::postDispatch
Plugin::preDispatch
Plugin::postDispatch
Plugin::dispatchLoopShutdown
So I cannot check this 'dropProtection' param earlier than in Plugin::postDispatch and that's a bit late. (by the way, why the preDispatch and postDispatch are being called twice?)
If you want to do it earlier, I think you can use the first method (passing an array of exceptions to the plugin) and test the module name or the controller name in routeShutdown.
Personnaly I use an action helper to check the auth in all my actions. It's more flexible and give me more control. It's only one line for each private action.
And DON'T SUBCLASS your action controller. I did it on one of my project and now my base class is a piece of shit. Use action helper instead.
is there a way to attach the plugin to the controllers selectively?
Of course. Just don't register the plugin if the request doesn't contain the parameters you're looking for. Alternately, assume all pages are protected, and have those pages which should not be protected call some method on your plugin during the init stage.
If you want to protect just a single controller, you could reverse that -- have the plugin only take action if there's some method called during the init stage.
Finally, you could make the entire logged-in section of the page it's own module, which would allow you to have the plugin check for that module before checking credentials and redirecting.
Related
I have a situation in which I need to reuse an action that has its functionality wrapped in a withForm closure.
Everything works well when submitting the form but when I try to reuse that action in another way I get redirect errors from my browser. Specifically, I need to redirect another action to it, possibly call it with chain, and I also want to call it from a hyperlink.
I'd really like to avoid creating a redundant action or having the invalidToken closure execute the same code. I've tried to find some more details about how withForm works and find out what happens if no token is passed to the closure but the Googles have let me down.
Is this possible? Am I trying to make it do something it can't?
More info:
I have a user edit controller action. It is wrapped with the withForm closure. There are three different cases in which I need to call this controller to render the user edit page:
An admin enters the user's id into an input and clicks the form
submit button (this form uses useToken). This needs to be secured
and protected from duplicate form submission.
An admin selects a user to edit from a list of employees by clicking
on the user's name (a hyperlink). Its possible I could turn this into a form submission with useToken and do some CSS styling to make it look like a link.
An admin creates a new user. When the user is successfully created
the create controller redirects (or uses chain) to the edit
controller. I can't find a work around for this, except to create a redundant controller.
If your code is used in more than one place a controller action isn't the best place to put it. I suggest you to move that piece of code to a service and call it from both actions.
Here is my solution. If anyone has some insight into other methods of solving this please contribute. I'm sure I'm not the only one that has had this problem.
The answer is due, in large part to #Sergio's response. It was far more simple than what I was thinking it would be. I created my edit action without withFormthen call it from another action that wraps the edit action in the withForm.
def editWT(Long uid, Long pid){
withForm{
edit(uid, pid)
}
}
def edit(Long uid, Long pid){
// Do lots of stuff to prep the data for rendering the view
}
This answer isn't innovative or ground-breaking but it works. I hope this helps someone else.
I'm just begin upgrade my asp.net site from Webform to MVC 2. So far it's more clear and lighter than Webform. I'm stucking on the part of rending an User Control in different actions.
My User Control named Banner.ascx is placed in Site.Master. This Banner.ascx get url from DataView["BannerUrl"] which is set in HomeController > Index action. This will run OK when I point URL to /Home/Index. Now I want this Banner.ascx control get DataView only from HomeController > Index whatever action I'm pointing to, for example when point URL to /Article/Detail/1 I want the Banner.ascx run action Index of HomeConttroller to get DataView["BannerUrl"]
Any response is appreciated. Thanks in advance.
You can call the MVC Controller the same way you would call any other server-side code. You can access the registered IControllerFactory instance via ControllerBuilder.GetControllerFactory(). Then you can use the controller factory to get an initialized instance of the IController instance by passing it the route values in the RouteData of the RequestContext parameter (these would be controller = "Home" and action = "Index". IController.Execute() will then execute the Action the same way that the MVC life cycle would if it received a request.
first post in SO, even though I've been browsing it for years now to solve those mind-blowing and not so much coding problems.
What I want to do is:
* Use hash navigation (#!/).
* Use Zend controller actions, not php files.
* Load these actions through javascript/jQuery.
So far, I've got this working:
indexController, several Actions, each attached to AjaxContext via addActionContext(), I can call them though my javascript/jQuery file via "hashchange" plugin jQuery(window).hashchange(function(){ bla bla }). I can cycle through actions just fine.
But I want to redirect the user to a login page if he/she is not logged in, which brings me to my issue: How can I achieve that? The redirection is made to another controller (login controller, login action). I was trying something like $this->_redirect('/#!/login/login'); w/o any luck (yes, I've set up an AjaxContext in that controller's init). I keep getting a redirection error ("The page isn't redirecting properly"). If I just type in the address bar "/#!/login/login" I get everything display properly.
Anyway, thanks in advance!
Cheers
Now this starts to get complicated if you ever introduce other non-ajax contexts, but you could add the Ajax context to the Error Controller. Then have the error controller return JSON for the unauthenticated exception if the active context was AJAX (and keep the redirect if the default context was active). Your JS would then listen for that specific error provided by the JSON and manually bounce the user to the appropriate login URL.
Is there a comprehensive explanation of how the Zend Redirector Action Helper works? I've read the reference guide, but am still not 100% clear. For example:
Apparently the goToSimple() is more like a forward(), than a redirect. Does this mean that it won't send a redirect message back to the browser?
If I want to send a redirect message back to the browser, which Redirector method should I be using?
Is there a way to get the forward() type of behaviour, without re-executing the init() method of Action Helpers?
This problem cropped up when I was implementing an ACL. I have an ACL Action Helper and its init() method adds the role 'current'. When I use the redirector's goToSimple() I get an error saying that the role is already registered. I can use if (!$acl->hasRole('current')) however I think it would be preferable not to be re-executing the helper's init() in the first place.
Not too comprehensive just a few quick notes about the redirector.
The redirector does a little bit more than a regular PHP redirect which you would use with header('Location: www.domain.com/new/location') in your script--following by an exit().
If you look at Zend_Controller_Action_Helper_Redirector it ultimately does exactly the same; if $_exit==true (default) everything leads to redirectAndExit() which calls header() and ends with an exit() call. However it terminates the framework properly, mainly the session if any.
The redirector does not forward internally it sends a default 302 code back unless you have set another code with setCode().
Methods gotoRoute() and gotoSimple() assemble the destination URL for you and call redirectAndExit() but only if $_exit==true. Or you can use their brethren gotoRouteAndExit() and gotoSimpleAndExit() which will exit immediately. The gotoSimple methods pass on to setGotoSimple which uses some methods to assemble the URL for you.
In your case I can only assume that the setGotoSimple method and one of the methods in it call the destination controller and fire up the init() method; however, only for checking but not forwarding.
I'm new to ZF and need to create multiple login views for each of my 3 user types, employees, employers and admins. Should I use the indexcontroller to serve up the login for the employees and create separate controller classes to handle the employer and admin login pages? How might I utilize JQuery to direct my employer and admin users to the correct login page from the index view?
Thanks much:)
I can give you 2 options.
Modules
Split your Application into logical segments called modules, for those 3 groups each group will receive its own Module.
Each module mimics the well known standard "Application" structure:
module
Controllers
Models
etc
ACL
http://framework.zend.com/manual/en/zend.acl.html
You check which type of user is currently logged and decid via "if()" statements which view should be rendered.
Custom view rendering is done as described by "Lobo":
via
$this->_helper->viewRenderer->setRender('view-name');
If you don't have any user session data, I mean, if you absolutely do not know of which kind the user visiting your page is you simply have to serve 3 links to either a different module or different controller or to one and the same controller but passing the user type as param.
Examples:
Link to module: /modulename/controllername/actionname/
Link to certain controller: /emplyeecontroller/login
Link to general controller handling different params: /logincontroller/login/type/emplyee
There are many possible solutions to achieve your desired aim.
You have to decide which one fits the most into your project.
I would say that this is a bit to open ended to answer in a good way, but I'll try to fill in the blanks with my imagination and give you an answer. I don't use JQuery so I can't give you an answer there unfortunately.
If this is just to handle login I would guess that the logic is more or less the same (and even if it isn't the logic should be in models anyway), and you just want to change the visual appearance, so then you could use the code
$this->_helper->viewRenderer->setRender('view-name');
This code will render the view called /application/views/scripts/controller/*view-name*.phtml by default. Thus you can get whatever variable you use to distinguish the different users and give them the right view.
If there's more differences than just the visual I would probably use different actions within a loginController or something like that.
Then I would use standard indexAction (and thus the view index.phtml as default) for the normal employees, and on that page show some kind of text like "Not an employee? Go to the employers login instead". Employers are then directed to login/employer or something like that which by default will call the employerAction and use the employer view. And then you do something similar with the admin login. the controller will then look something like this
<?php
class LoginController
{
public function indexAction()
{
/*Do login stuff here*/
}
public function employerAction()
{
/*Do login stuff here*/
}
public function adminAction()
{
/*Do login stuff here*/
}
}
Lastly, if there are major differences between how the different users interact with your page, you might consider looking into modules.
You can find all this information at http://framework.zend.com/manual/en/manual.html