2009年8月31日星期一

[fw-mvc] disallow or redirect explicit reference to "index.php"

Hi Matt,

Is there a built-in way to disallow a user to explicitly type in
"index.php" at the application root or re-route them to the application
url without "index.php" specified?

For example, for my given application www.example.com, both
www.example.com and www.example.com/index.php show the same page. I'd
like to either disallow www.example.com/index.php or have the requests
redirect to their non-"index.php" counterparts.

Thanks in advance,
Yi

Re: [fw-db] Not sure, but is this a bug?

Created the account and reported it. I see that you're automatically assigned
to the issues, so thank you for checking the forum =)

Ralph Schindler-2 wrote:
>
> This appears that this would be a bug, can you file it at:
>
> framework.zend.com/issues/
>
> Do you have an account?
>
> -ralph
>
> Mamsaac wrote:
>>>From what I saw, it simply takes any ? and introduces another string but
>> quoted with for SQL (using ''), without any specification if the question
>> mark can or not be the first character.
>>
>> The provided code in the documentation shows:
>>
>> * <code>
>> * $text = "WHERE date < ?";
>> * $date = "2005-01-02";
>> * $safe = $sql->quoteInto($text, $date);
>> * // $safe = "WHERE date < '2005-01-02'"
>> * </code>
>>
>> If the text is not "WHERE date < ?", but rather a simple "? > date" which
>> will be inserted into the WHERE section after that, it wouldn't work.
>>
>> Anyway, since I have little experience using ZF, I can't assure of a bug
>> in
>> here, so I will just leave the thread =) If it's a bug, I will be glad to
>> have helped in such a little thing, else, I'm sorry hehehe.
>>
>>
>> Thasmo wrote:
>>> Maybe that's right, in this case I guess,
>>> it won't affect anything, as the '?'-sign won't
>>> ever be at position 1, as long as I understand the quote function.
>>>
>>> Anyone there to test it?
>>>
>>>
>>> Mamsaac schrieb:
>>>> I'm not really looking into trying the code, since I was just reading
>>>> some of
>>>> the Db code for entertaining (hey! it's better than some bad novels =)
>>>> ).
>>>>
>>>> I came up with this part in class Zend_Db_Adapter_Abstract:
>>>>
>>>> public function quoteInto($text, $value, $type = null, $count = null) {
>>>> if ($count === null) {
>>>> return str_replace('?', $this->quote($value, $type), $text);
>>>> } else {
>>>> while ($count > 0) {
>>>> if (strpos($text, '?') != false) {
>>>> $text = substr_replace($text, $this->quote($value),
>>>> strpos($text, '?'), 1);
>>>> }
>>>> --$count;
>>>> }
>>>> return $text;
>>>> }
>>>> }
>>>>
>>>> My issue, and I'm probably wrong, but this shouldn't take long, is that
>>>> I
>>>> believe that strpos($text, '?') != false should be strpos($text, '?')
>>>> !==
>>>> false
>>>>
>>>> If the "?" is the first character, it would just not replace it. (I
>>>> mean,
>>>> ?
>>>> being in position 0).
>>>>
>>>> If I'm wrong, I apologize for taking a quick reaction without
>>>> verifying...
>>>> but I don't have any applications of mine using the ZF (again, I was
>>>> just
>>>> reading :D) and I'm not supposed to waste too much time =)
>>>>
>>>> And if this is not the right place to ask about this, again, sorry =)
>>>>
>>>>
>>>
>>
>
>

--
View this message in context: http://www.nabble.com/Not-sure%2C-but-is-this-a-bug--tp25178000p25226253.html
Sent from the Zend DB mailing list archive at Nabble.com.

Re: [fw-db] Not sure, but is this a bug?

This appears that this would be a bug, can you file it at:

framework.zend.com/issues/

Do you have an account?

-ralph

Mamsaac wrote:
>>From what I saw, it simply takes any ? and introduces another string but
> quoted with for SQL (using ''), without any specification if the question
> mark can or not be the first character.
>
> The provided code in the documentation shows:
>
> * <code>
> * $text = "WHERE date < ?";
> * $date = "2005-01-02";
> * $safe = $sql->quoteInto($text, $date);
> * // $safe = "WHERE date < '2005-01-02'"
> * </code>
>
> If the text is not "WHERE date < ?", but rather a simple "? > date" which
> will be inserted into the WHERE section after that, it wouldn't work.
>
> Anyway, since I have little experience using ZF, I can't assure of a bug in
> here, so I will just leave the thread =) If it's a bug, I will be glad to
> have helped in such a little thing, else, I'm sorry hehehe.
>
>
> Thasmo wrote:
>> Maybe that's right, in this case I guess,
>> it won't affect anything, as the '?'-sign won't
>> ever be at position 1, as long as I understand the quote function.
>>
>> Anyone there to test it?
>>
>>
>> Mamsaac schrieb:
>>> I'm not really looking into trying the code, since I was just reading
>>> some of
>>> the Db code for entertaining (hey! it's better than some bad novels =) ).
>>>
>>> I came up with this part in class Zend_Db_Adapter_Abstract:
>>>
>>> public function quoteInto($text, $value, $type = null, $count = null) {
>>> if ($count === null) {
>>> return str_replace('?', $this->quote($value, $type), $text);
>>> } else {
>>> while ($count > 0) {
>>> if (strpos($text, '?') != false) {
>>> $text = substr_replace($text, $this->quote($value),
>>> strpos($text, '?'), 1);
>>> }
>>> --$count;
>>> }
>>> return $text;
>>> }
>>> }
>>>
>>> My issue, and I'm probably wrong, but this shouldn't take long, is that I
>>> believe that strpos($text, '?') != false should be strpos($text, '?') !==
>>> false
>>>
>>> If the "?" is the first character, it would just not replace it. (I mean,
>>> ?
>>> being in position 0).
>>>
>>> If I'm wrong, I apologize for taking a quick reaction without
>>> verifying...
>>> but I don't have any applications of mine using the ZF (again, I was just
>>> reading :D) and I'm not supposed to waste too much time =)
>>>
>>> And if this is not the right place to ask about this, again, sorry =)
>>>
>>>
>>
>

Re: [fw-db] ZendX_Console_Process_Unix, lost DB connection

This is a pretty common error when forking (which is what Process_unix
does).

See: http://us3.php.net/manual/en/function.pcntl-fork.php

You will more than likely have to initiate a new db connection in each
child.

-ralph

ablsa_matthieu wrote:
> Version ZF 1.7.1 :
> Class : ZendX_Console_Process_Unix
>
> I create many process unix with the library ZendX_Console_Process_Unix. When
> the first one is running, I loose the database connection.
> Indeed, when I access the DB before running the first thread, there is no
> problem but after I launch the first one this problem occurs :
> SQLSTATE[HY000]: General error: 2006 MySQL server has gone away
>
> Perhaps when the child process is killed, the connection object is also
> destruct.
>
> Do you have any ideas where the problem come from ?
>
> Thank you for you consideration.
>
> Matthieu

[fw-db] ZendX_Console_Process_Unix, lost DB connection

Version ZF 1.7.1 :
Class : ZendX_Console_Process_Unix

I create many process unix with the library ZendX_Console_Process_Unix. When
the first one is running, I loose the database connection.
Indeed, when I access the DB before running the first thread, there is no
problem but after I launch the first one this problem occurs :
SQLSTATE[HY000]: General error: 2006 MySQL server has gone away

Perhaps when the child process is killed, the connection object is also
destruct.

Do you have any ideas where the problem come from ?

Thank you for you consideration.

Matthieu
--
View this message in context: http://www.nabble.com/ZendX_Console_Process_Unix%2C-lost-DB-connection-tp25225029p25225029.html
Sent from the Zend DB mailing list archive at Nabble.com.

2009年8月30日星期日

Re: [fw-db] Read/Write from/to different servers BA7-899

Hi Jean-Michel

There are several problems that arise from splitting reads and writes superficially, particularly if there is MySQL replication involved (I assume that's the case).  For instance, you may write to the RW database and then read from the RO database before the update replicated.

What I generally do is instantiate table-gateway objects with the RW DB connection if I think I'm gonna need to write.  If one or two reads happen to the RW database, that's no disaster.  The RO connection is then used as default.

I guess one possibility would be to switch the table-gateway object into 'write mode' if an update comes through, and subsequent reads happen from the RW database, but there are several other ways to skin this cat.

- Neil

On Fri, Aug 28, 2009 at 9:14 AM, Jean-Michel ANDRE <jean-michel.andre@infolegale.fr> wrote:
Hi,

Sorry if this question has already been addressed (actually I've found this
:
http://www.nabble.com/OOP-Design-question-related-to-Zend_Db_Adapter-to21754
135.html
, but nobody answered to william0275).

I would like to provide an abstraction layer so that read db queries would
be routed to one server (say A) and write queries to another server (say B),
so that it is completely transparent to developers (they would continue to
use $db->select(), $db->insert(), $db->update() and $db->query() as usual) .
Is there a classical solution for that ?

Jean-Michel


Re: [fw-mvc] MVC integration of Zend_Acl

there's no reason you can't do it both. An ACL that checks for whether a certain controller action can be access by the current user can be done in an action helper. For example, is this user allowed to edit blog posts. More granualar checks can be done in a service layer, for example, can this user edit a particular blog post.

On Sun, Aug 30, 2009 at 11:09 AM, jThierry <thierry@jossermoz.net> wrote:

Doing that in the service layer at least prevents from having to choose
between a helper and a plugin! :-)

As you said, when it comes to needs... I find this helper a "simple"
alternative for applications/models not requiring sophisticated acls.

Actually, I hadn't really thought about where to create the acls. Doing it
in the init() method at the controller level makes it easy indeed to add
their own ones.


Matthew Weier O'Phinney-3 wrote:
>
> -- Seth Atkins <satkins@nortel.com> wrote
> (on Friday, 28 August 2009, 12:52 PM -0500):
>> Two main comments from my part. The first is a fairly open ended
>> question I can't answer for you. While an action helper may fit your
>> needs very well, IMHO, a successful integration is one which serves many
>> common approaches and is the least limited implementation. For example,
>> some of the comments so far have related to treating actions as
>> resources. Many people see actions as privileges on resources, and one
>> common view of what a resource is is a controller resource. If this is
>> such a person's view on the subject, an action helper seems fairly
>> limited since you are dispatching to a controller before you actually
>> check resource access. I'd rather back things up a few steps and check
>> before any particular resource is called. But that is my opinion, and I
>> do know I'm not alone there. I believe, and correct me if I am wrong
>> here, but the action helper preDispatch() method is called after the
>> controller init(), which is also after any controller preDispatch()
>> method, which is also after any plugin preDispatch methods.
>
> Close, but not quite. Order is:
>
>     front controller plugin preDispatch
>         action helper init()
>             controller init()
>                 action helper preDispatch()
>                     controller preDispatch()
>
> The only place you can circumvent is at the plugin preDispatch(); if you
> call _forward() later, it will continue to execute through the
> controller preDispatch(); the only thing skipped will be the actual
> controller action (and postDispatch, of course).
>
>> Seems to me a lot has happened before you ever checked to see if any
>> of that should have happened in the first place.
>>
>> I am less familiar with all the things you can do with an action helper
>> and how one might wrest it to do your will. My understanding of the ZF
>> plugin architecture is more detailed since I have spent some time
>> tracing through the code, how plugins are called, when, etc. Anyway, I
>> know that plugins can do exactly what I want, but I'm less sure that an
>> action helper would fit my needs.
>
> What action helpers provide you is integration with the action
> controller. Basically, you can place metadata or methods in your action
> controllers that the action helpers can then query (or manipulate) to do
> things.
>
> Some examples of such integration:
>
>  * ViewRenderer: sets the view object, as well as renders the view
>    script postDispatch() based on the action executed
>
>  * ContextSwitch/AjaxContext: if certain properties are set in the
>    action controller, will query those to determine if a context was
>    invoked, and, if so, change the view script rendered (as well as
>    potentially inject response headers)
>
> Basically, what action helpers do is make it easier to place the context
> for a decision close to the decision point.
>
> However, as you note, there may be a performance cost associated with
> this.
>
>> The second comment is that plugins are called before ANY dispatching (of
>> any sort) occurs. Not even a controller init() method has been called
>> yet. I can create one plugin, set it up in Zend_Application, and all my
>> ACL code is in one place, once line of code to setup the plugin, and I'm
>> done. The plugin is post routing, so it has the filtered request object
>> to work from. You can load your rules and then feed isAllowed your
>> controller or action name, or whatever criteria you want. If you want
>> actions to be resources, fine. If you want controllers to be resources
>> and actions privileges, fine.
>>
>> And best of all, a plugin can alter the request object before
>> dispatching occurs. So I can actually redirect without "redirecting", if
>> you know what I mean, in response to access being denied.
>>
>> To sum up, I don't think an action helper would be an implementation
>> that I would personally want to use.
>
> You have valid points. The points in the proposal are also valid. They
> are very different approaches, however, and there are different
> ramifications involved with both. In your situation, you get good
> execution speed -- but at the cost of having to update ACLs and
> controllers separately. In the approach proposed, your ACLs are part of
> your application structure, making maintenance easy -- but you lose some
> performance.
>
> As I noted earlier, I personally like to put my ACLs with my service
> layer. This means that I'm actually executing my action before I find
> out if the user has the ability to do something -- probably your worst
> nightmare.
>
> However, what this affords me is the ability to re-use my service layer
> for web services -- I can create a service proxy object that I attach to
> Zend_XmlRpc_Server, Zend_Json_Server, Zend_Amf_Server, etc -- and my
> ACLs continue to work as expected. I don't have to do anything different
> whatsoever.
>
>> I have many modules, many controllers, many actions, and while, yes, I
>> could write one action helper and call it from anywhere, I'd really
>> rather not have to write 50 lines of code to just to call it from each
>> controller I happen to have.  And I'd rather not instantiate a
>> controller that a person doesn't have access to in the first place.
>> Just my 2 cents.
>
> Again, as noted above: there are different approaches. Use the one that
> suits your application and/or programming needs.
>
>
>> -----Original Message-----
>> From: jThierry [mailto:thierry@jossermoz.net]
>> Sent: Thursday, August 27, 2009 9:44 PM
>> To: fw-mvc@lists.zend.com
>> Subject: [fw-mvc] MVC integration of Zend_Acl
>>
>>
>> Hi all,
>>
>> I've been working on a component to realise the MVC integration of
>> Zend_Acl which is different from the proposal
>> (http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
>> seems to be on hold.
>>
>> I'm using an action helper the perform the checks at pre dispatch time
>> on controllers implementing Zend_Acl_Resource_Interface instead of a
>> plugin and am wondering if there's any underlying reason that would
>> encourage the use of a plugin.
>>
>> I would really much appreciate your feedback on the action helper
>> approach.
>>
>> The code can be found there: http://code.google.com/p/oolala/
>>
>> Thanks,
>>
>> Thierry
>> --
>> View this message in context:
>> http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.ht
>> ml
>> Sent from the Zend MVC mailing list archive at Nabble.com.
>>
>>
>
> --
> Matthew Weier O'Phinney
> Project Lead            | matthew@zend.com
> Zend Framework          | http://framework.zend.com/
>
>

--
View this message in context: http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25212360.html
Sent from the Zend MVC mailing list archive at Nabble.com.


Re: [fw-mvc] MVC integration of Zend_Acl

Doing that in the service layer at least prevents from having to choose
between a helper and a plugin! :-)

As you said, when it comes to needs... I find this helper a "simple"
alternative for applications/models not requiring sophisticated acls.

Actually, I hadn't really thought about where to create the acls. Doing it
in the init() method at the controller level makes it easy indeed to add
their own ones.


Matthew Weier O'Phinney-3 wrote:
>
> -- Seth Atkins <satkins@nortel.com> wrote
> (on Friday, 28 August 2009, 12:52 PM -0500):
>> Two main comments from my part. The first is a fairly open ended
>> question I can't answer for you. While an action helper may fit your
>> needs very well, IMHO, a successful integration is one which serves many
>> common approaches and is the least limited implementation. For example,
>> some of the comments so far have related to treating actions as
>> resources. Many people see actions as privileges on resources, and one
>> common view of what a resource is is a controller resource. If this is
>> such a person's view on the subject, an action helper seems fairly
>> limited since you are dispatching to a controller before you actually
>> check resource access. I'd rather back things up a few steps and check
>> before any particular resource is called. But that is my opinion, and I
>> do know I'm not alone there. I believe, and correct me if I am wrong
>> here, but the action helper preDispatch() method is called after the
>> controller init(), which is also after any controller preDispatch()
>> method, which is also after any plugin preDispatch methods.
>
> Close, but not quite. Order is:
>
> front controller plugin preDispatch
> action helper init()
> controller init()
> action helper preDispatch()
> controller preDispatch()
>
> The only place you can circumvent is at the plugin preDispatch(); if you
> call _forward() later, it will continue to execute through the
> controller preDispatch(); the only thing skipped will be the actual
> controller action (and postDispatch, of course).
>
>> Seems to me a lot has happened before you ever checked to see if any
>> of that should have happened in the first place.
>>
>> I am less familiar with all the things you can do with an action helper
>> and how one might wrest it to do your will. My understanding of the ZF
>> plugin architecture is more detailed since I have spent some time
>> tracing through the code, how plugins are called, when, etc. Anyway, I
>> know that plugins can do exactly what I want, but I'm less sure that an
>> action helper would fit my needs.
>
> What action helpers provide you is integration with the action
> controller. Basically, you can place metadata or methods in your action
> controllers that the action helpers can then query (or manipulate) to do
> things.
>
> Some examples of such integration:
>
> * ViewRenderer: sets the view object, as well as renders the view
> script postDispatch() based on the action executed
>
> * ContextSwitch/AjaxContext: if certain properties are set in the
> action controller, will query those to determine if a context was
> invoked, and, if so, change the view script rendered (as well as
> potentially inject response headers)
>
> Basically, what action helpers do is make it easier to place the context
> for a decision close to the decision point.
>
> However, as you note, there may be a performance cost associated with
> this.
>
>> The second comment is that plugins are called before ANY dispatching (of
>> any sort) occurs. Not even a controller init() method has been called
>> yet. I can create one plugin, set it up in Zend_Application, and all my
>> ACL code is in one place, once line of code to setup the plugin, and I'm
>> done. The plugin is post routing, so it has the filtered request object
>> to work from. You can load your rules and then feed isAllowed your
>> controller or action name, or whatever criteria you want. If you want
>> actions to be resources, fine. If you want controllers to be resources
>> and actions privileges, fine.
>>
>> And best of all, a plugin can alter the request object before
>> dispatching occurs. So I can actually redirect without "redirecting", if
>> you know what I mean, in response to access being denied.
>>
>> To sum up, I don't think an action helper would be an implementation
>> that I would personally want to use.
>
> You have valid points. The points in the proposal are also valid. They
> are very different approaches, however, and there are different
> ramifications involved with both. In your situation, you get good
> execution speed -- but at the cost of having to update ACLs and
> controllers separately. In the approach proposed, your ACLs are part of
> your application structure, making maintenance easy -- but you lose some
> performance.
>
> As I noted earlier, I personally like to put my ACLs with my service
> layer. This means that I'm actually executing my action before I find
> out if the user has the ability to do something -- probably your worst
> nightmare.
>
> However, what this affords me is the ability to re-use my service layer
> for web services -- I can create a service proxy object that I attach to
> Zend_XmlRpc_Server, Zend_Json_Server, Zend_Amf_Server, etc -- and my
> ACLs continue to work as expected. I don't have to do anything different
> whatsoever.
>
>> I have many modules, many controllers, many actions, and while, yes, I
>> could write one action helper and call it from anywhere, I'd really
>> rather not have to write 50 lines of code to just to call it from each
>> controller I happen to have. And I'd rather not instantiate a
>> controller that a person doesn't have access to in the first place.
>> Just my 2 cents.
>
> Again, as noted above: there are different approaches. Use the one that
> suits your application and/or programming needs.
>
>
>> -----Original Message-----
>> From: jThierry [mailto:thierry@jossermoz.net]
>> Sent: Thursday, August 27, 2009 9:44 PM
>> To: fw-mvc@lists.zend.com
>> Subject: [fw-mvc] MVC integration of Zend_Acl
>>
>>
>> Hi all,
>>
>> I've been working on a component to realise the MVC integration of
>> Zend_Acl which is different from the proposal
>> (http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
>> seems to be on hold.
>>
>> I'm using an action helper the perform the checks at pre dispatch time
>> on controllers implementing Zend_Acl_Resource_Interface instead of a
>> plugin and am wondering if there's any underlying reason that would
>> encourage the use of a plugin.
>>
>> I would really much appreciate your feedback on the action helper
>> approach.
>>
>> The code can be found there: http://code.google.com/p/oolala/
>>
>> Thanks,
>>
>> Thierry
>> --
>> View this message in context:
>> http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.ht
>> ml
>> Sent from the Zend MVC mailing list archive at Nabble.com.
>>
>>
>
> --
> Matthew Weier O'Phinney
> Project Lead | matthew@zend.com
> Zend Framework | http://framework.zend.com/
>
>

--
View this message in context: http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25212360.html
Sent from the Zend MVC mailing list archive at Nabble.com.

RE: [fw-mvc] MVC integration of Zend_Acl

Getting closer to the actual resource was why I decided to use a helper.
Because it has an access to the controller's instance itself whereas the
plugin has an access to the request object only.

What I found strange with the Plugin approach is that it seems the ACLs are
in charge of defining what is a resource. Let me explain. On each request, a
resource/privilege string is created from the request's properties (module,
controller, action). No matter what the controller where it is going to be
dispatched to is intended to be. Those string are then checked against the
ACLs via isAllowed(). The last throws an exception if the resource is
unknown or returns true or false if it is. In the second case, it's all
fine. But for unknown resources, the plugin has no way to tell whether the
string provided is supposed to be a resource or not. Then comes the choice
to deny them all, or to allow them all. If they're all denied, a resource
must then be created for every single controller in the application (e.g.
default/index), which is hard to maintain. If they're all allowed, if an
important resource is omitted (e.g. blog/article) there's a security issue
quite tricky to spot, but as the ACLs didn't define it as a resource, it
isn't one. The acls are then in charge of defining what a resource is.

With the helper approach, what I liked is that the resources define
themselves as such, providing an easy way to check what the controller is
intended to be. A single condition (is the controller not an instance of
Zend_Acl_Resource_Interface) allows to avoid checking anything, when an
exception would have been thrown in the plugin (or hasResource called) with
the problems I told above. Whenever the controller defines itself as a
resource by implementing the interface, the helper knows that if it is
unknown in the acls, odds are access should be denied. Furthermore, the acls
stay light weight without useless resources.

About adding code into the controllers, there isn't much more to do than
with the plugin approach. The helper knows what action has been called and
the preDispatch() method will check that automatically (as the helper has
been registered in the helper broker). The only code to add is the one
implementing Zend_Acl_Resource_Interface::getResourceId(). I added a
superclass for such controllers that already implement it using the helper
to normalise resource identifiers from the controller's class name.

Plugins' methods (routeStartup, routeShutdown, dispatchLoopStartup,
preDispatch) and Controller's init are a very good point and, I guess, why
I posted my question in the first place.


Seth Atkins wrote:
>
> Two main comments from my part. The first is a fairly open ended
> question I can't answer for you. While an action helper may fit your
> needs very well, IMHO, a successful integration is one which serves many
> common approaches and is the least limited implementation. For example,
> some of the comments so far have related to treating actions as
> resources. Many people see actions as privileges on resources, and one
> common view of what a resource is is a controller resource. If this is
> such a person's view on the subject, an action helper seems fairly
> limited since you are dispatching to a controller before you actually
> check resource access. I'd rather back things up a few steps and check
> before any particular resource is called. But that is my opinion, and I
> do know I'm not alone there. I believe, and correct me if I am wrong
> here, but the action helper preDispatch() method is called after the
> controller init(), which is also after any controller preDispatch()
> method, which is also after any plugin preDispatch methods. Seems to me
> a lot has happened before you ever checked to see if any of that should
> have happened in the first place.
>
> I am less familiar with all the things you can do with an action helper
> and how one might wrest it to do your will. My understanding of the ZF
> plugin architecture is more detailed since I have spent some time
> tracing through the code, how plugins are called, when, etc. Anyway, I
> know that plugins can do exactly what I want, but I'm less sure that an
> action helper would fit my needs.
>
> The second comment is that plugins are called before ANY dispatching (of
> any sort) occurs. Not even a controller init() method has been called
> yet. I can create one plugin, set it up in Zend_Application, and all my
> ACL code is in one place, once line of code to setup the plugin, and I'm
> done. The plugin is post routing, so it has the filtered request object
> to work from. You can load your rules and then feed isAllowed your
> controller or action name, or whatever criteria you want. If you want
> actions to be resources, fine. If you want controllers to be resources
> and actions privileges, fine.
>
> And best of all, a plugin can alter the request object before
> dispatching occurs. So I can actually redirect without "redirecting", if
> you know what I mean, in response to access being denied.
>
> To sum up, I don't think an action helper would be an implementation
> that I would personally want to use. I have many modules, many
> controllers, many actions, and while, yes, I could write one action
> helper and call it from anywhere, I'd really rather not have to write 50
> lines of code to just to call it from each controller I happen to have.
> And I'd rather not instantiate a controller that a person doesn't have
> access to in the first place. Just my 2 cents.
>
>
> --Seth
>
> -----Original Message-----
> From: jThierry [mailto:thierry@jossermoz.net]
> Sent: Thursday, August 27, 2009 9:44 PM
> To: fw-mvc@lists.zend.com
> Subject: [fw-mvc] MVC integration of Zend_Acl
>
>
> Hi all,
>
> I've been working on a component to realise the MVC integration of
> Zend_Acl which is different from the proposal
> (http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
> seems to be on hold.
>
> I'm using an action helper the perform the checks at pre dispatch time
> on controllers implementing Zend_Acl_Resource_Interface instead of a
> plugin and am wondering if there's any underlying reason that would
> encourage the use of a plugin.
>
> I would really much appreciate your feedback on the action helper
> approach.
>
> The code can be found there: http://code.google.com/p/oolala/
>
> Thanks,
>
> Thierry
> --
> View this message in context:
> http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.ht
> ml
> Sent from the Zend MVC mailing list archive at Nabble.com.
>
>
>
>

--
View this message in context: http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25210847.html
Sent from the Zend MVC mailing list archive at Nabble.com.

2009年8月29日星期六

Re: [fw-mvc] Where to put common queries injected into layout?

There's probably no one single recommendation, so I can only speak personally. Since this occurs in a layout, across many pages, the simplest solution is to query from a View Helper. Presumably you need a View Helper anyway to format the tags. This also ties the query to the layout, and not to controllers so you can dispense with any controller/action name filtering to make sure the helper is only executed as necessary.

Paddy
 
Pádraic Brady

http://blog.astrumfutura.com
http://www.survivethedeepend.com
OpenID Europe Foundation Irish Representative



From: Joó Ádám <ceriak@gmail.com>
To: fw-mvc@lists.zend.com
Sent: Saturday, August 29, 2009 12:47:19 PM
Subject: [fw-mvc] Where to put common queries injected into layout?

Hi,

I would like to know where is the recommended place for common queries
and their results' injection into layouts, e.g.: fetching tags from
the database and inserting them into the footer in all actions within
the module. Should I use a plugin or an action helper? Or should I
just query the model right inside the layout?

Thanks,
Ádám

Re: [fw-mvc] Zend File Transfer interesting issue

Why are you trying to upload the file twice ?
And why are you using the File Adapter manually when you are already using
the form element ?

Additionally it would be interesting for anyone who tries to help you to
know which release you are using.

Greetings
Thomas Weidner, I18N Team Leader, Zend Framework
http://www.thomasweidner.com

----- Original Message -----
From: "Erdal YAZICIOGLU" <erdal.yazicioglu@gmail.com>
To: <fw-mvc@lists.zend.com>
Sent: Saturday, August 29, 2009 3:09 PM
Subject: [fw-mvc] Zend File Transfer interesting issue


Hello all
I am creating a from where users can upload their images. All images are to
be uploaded in uploads directory under public. After creation of the form,
in the controller I get the file name with $file = $form->getValues('file').
Up to here everything seems ok.

When I select the picture that I want to upload, as soon as I click the
upload button, it uploads the image but also returns a error message.

Here is my picture form

<?php

class Form_Picture extends Zend_Form
{
public function init()
{
$this->setAction('/alumni/change-picture')
->setMethod('post')
->setAttrib('id', 'commentform');
$this->clearDecorators();
$decorators = array(
array('ViewHelper'),
array('Errors'),
array('HtmlTag', array('tag' => 'p')),
array('Label')
,);

$this->addElement('file', 'file',array('label' => 'Lütfen Resim Seçiniz'));
$password = $this->getElement('file')
->addValidator('Extension', false, 'jpg,jpeg,gif,png')
->setAttrib('tabindex','2');
$this->addElement('submit', 'Yükle');
$submit = $this->getElement('Yükle')
->setAttrib('class','button')
->setDecorators(array(array('ViewHelper')));
$this->setDecorators(array('FormElements',array('HtmlTag', array('tag'
=> 'ul')),
array(array('DivTag' => 'HtmlTag'),
),
'Form'
));

And here is my controller

public function changePictureAction()
{
$form = new Form_Picture();
$this->view->form = $form;


if($this->getRequest()->isPost())
{
$formData = $this->getRequest()->getPost();
if($form->isValid($formData))
{
$upload = new Zend_File_Transfer_Adapter_Http();
$upload->setDestination('uploads');
$upload->receive();
$this->view->fileName = $form->getValue('file');
}
}

}

The interesting this is when I change the position of the
$this->view->fileName and put it before $upload->receive(), it gives me the
file name but it does not upload.

I can get the filename with getFileName() method but then it returns the
name with directory name, like uploads/image.jpg. It needs more code :))

If anybody know a solution please let me know..

Thanks

And the error message is : The file 'file' was illegal uploaded, possible
attack


--

Erdal YAZICIOGLU
System & Network Engineer
Page Europa S.R.L - General Dynamics
www.pageuropa.it
Office - Rome : +39 0650395292
Mobile -Rome : +39 3490787196
Mobile -Istanbul: +90 536 3447989

[fw-mvc] Zend File Transfer interesting issue

Hello all

I am creating a from where users can upload their images. All images are to be uploaded in uploads directory under public. After creation of the form, in the controller I get the file name with $file = $form->getValues('file'). Up to here everything seems ok.

When I select the picture that I want to upload, as soon as I click the upload button, it uploads the image but also returns a error message.

Here is my picture form

<?php

class Form_Picture extends Zend_Form 
{
    public function init()
    {
     $this->setAction('/alumni/change-picture')
->setMethod('post')
->setAttrib('id', 'commentform');
     $this->clearDecorators();
     $decorators = array(
array('ViewHelper'),
array('Errors'),
array('HtmlTag', array('tag' => 'p')),
array('Label')
,);
        

    
$this->addElement('file', 'file',array('label' => 'Lütfen Resim Seçiniz'));
$password = $this->getElement('file')
->addValidator('Extension', false, 'jpg,jpeg,gif,png')
->setAttrib('tabindex','2');
$this->addElement('submit', 'Yükle');
$submit = $this->getElement('Yükle')
->setAttrib('class','button')
->setDecorators(array(array('ViewHelper')));
     $this->setDecorators(array('FormElements',array('HtmlTag', array('tag' => 'ul')),
array(array('DivTag' => 'HtmlTag'),
),
'Form'
));

And here is my controller

public function changePictureAction()
     {
     $form = new Form_Picture();
     $this->view->form = $form;
    
    
     if($this->getRequest()->isPost())
     {
     $formData = $this->getRequest()->getPost();
     if($form->isValid($formData)) 
     {
     $upload = new Zend_File_Transfer_Adapter_Http();
     $upload->setDestination('uploads');
     $upload->receive();
     $this->view->fileName = $form->getValue('file');
     }
     }
    
     }

The interesting this is when I change the position of the $this->view->fileName and put it before $upload->receive(), it gives me the file name but it does not upload.

I can get the filename with getFileName() method but then it returns the name with directory name, like uploads/image.jpg. It needs more code :))

If anybody know a solution please let me know..

Thanks

And the error message is : The file 'file' was illegal uploaded, possible attack 


--

Erdal YAZICIOGLU
System & Network Engineer
Page Europa S.R.L - General Dynamics
www.pageuropa.it
Office - Rome : +39 0650395292
Mobile -Rome : +39 3490787196
Mobile -Istanbul: +90 536 3447989

[fw-mvc] Where to put common queries injected into layout?

Hi,

I would like to know where is the recommended place for common queries
and their results' injection into layouts, e.g.: fetching tags from
the database and inserting them into the footer in all actions within
the module. Should I use a plugin or an action helper? Or should I
just query the model right inside the layout?

Thanks,
Ádám

2009年8月28日星期五

Re: [fw-mvc] Redirect and forward

$this->_forward() does not change the URL in the browser's address bar. What it does is it cancels the current request, modifies it to match the _forward, and then re-dispatches it.

This means you can still use $this->_request->getPost() because they pulls directly from the $_POST superglobal, which is not modified from a forward.

An actual redirect will cause you to lose the $_POST data.

--
Hector


On Fri, Aug 28, 2009 at 2:07 PM, Seth Atkins <satkins@nortel.com> wrote:

A couple of questions related to the difference between forwarding and redirecting requests. I understand that the main difference is that forward is within the same request process, and redirect issues an http redirect which is a new and different request process. I've typically used redirects in the past when I needed to point a browser to another page, but I have a couple of situations where redirecting won't work, and I'm not sure if forwarding will work better or create different problems for me to solve.

That said, some specific questions about what to expect with a forward.
1) Will the same POST variables be available?
2) If forwarding from a POST (method isPost() returns true) to some new controller/action that as another if ($request->isPost()) in the code, will isPost() still return true (this is after the forward. In other words does forwarding alter the result that isPost() returns?

3) Does the client URL reflect the forward? My guess is no. (I can't test this at the moment as I am not in my development environment)

4) Does "refreshing" the client browser allow re-POSTing of the same data? One of the nice things about redirects is that it solves the irritating behavior of allowing a browser to refresh and the popup the message asking if they want to resend the same data. I'm not sure if forwarding also solves this irritating browser behavior or not.

Thanks!


Seth


[fw-auth] Complex ACL [cross post]

Hello everyone, (Please forgive my cross post here, I am not getting any
response in the Zend Framework group, thought I might have better luck here,
even though it is more an ACL thread rather than an Auth thread)

It has been a while since my last post, (I think that was around 1.5.0ish).
Anyhow, I had stepped away from web projects for a while, and now I am back
to the great new 1.9.x, and am a little lost with the whole
Zend_Application, but I am working hard to catch up. Anyhow Zend_Auth and
Zend_Acl have always been my nemesis, but I think I have them figured out
now to a degree. I am starting a new personal project that will be pretty
similar to a CMS with blogging, forums, and several other features to begin
with. So what got me thinking, (and while reading up on CMS frameworks that
exist, that I could be using but I would rather write my own, it is more fun
that way), is to build the base application without defining any content
types at all, then create the content-types on the fly with the base
framework in place. I probably lost everyone with that pathetic
description, but I have a visual concept in my own mind of what I mean.
Anyhow, getting down to the whole Acl thing what I want to accomplish is
something like this:

- Start with a base user object.

- Each base user has a profile (which *actually* I think the required fields
should be part of the user record, and the profile should be somewhat
generic to be extensible to a UserProfile, WebsiteProfile, AuthorProfile,
etc, not necesarily related to a site user, but more general), for now this
will be a one to one relationship.

- Each user will belong to one or more groups, and each group will contain
one or more users, this will be a many to many relationship.

- Next we have a base resource, be it a module, controller, action, model,
or individual record (article, profile, etc)

- A user can have a role for one or more resources.

- A group can have a role for one or more resources.

-Roles could be either most restrictive (group_roles *OR* user_roles) or
least restrictive (group_roles *AND* user_roles)

Queries would look like (forgive the syntax, its just conceptual right now):

$uid = 11
$gid = 12
$rid = 14 (resource: article)
// Roles may include, Author, Editor, Publisher, etc.
// A user/group may include one or more roles (ie Author and Editor, but not
Publisher)
$rolesByUser = select * from UserRoles where (`uid` = $uid and `rid` =
$rid);
$rolesByGroup = select * from GroupRoles where (`gid` = $gid and `rid` =
$rid);
$roles = array_combine($rolesByUser, $rolesByGroup);
Where $roles would be an array of Zend_Acl_Role objects.

I have attached a `sample`drawing of the database layout, however maybe
think of this layout as more of a model layout, where the `tables` could
actually be xml files / config files, or some other method of storage, the
data does not necessarily have to come from a database, again, this is just
my vision of the whole thing (and likely it will be primarily relational
database tables none the less).

Anyhow, what I am trying to do is come up with a fairly generic, extensible,
flexible, robust, (insert other great buzzwords here), Acl structure. Any
feedback, suggestions on the best way to code this, modifications, or
general criticisms about my logic (including your logic and why its better
than mine) would be most appreciated.

Thanks
Aaron

http://www.nabble.com/file/p25197810/acl_layout.png
--
View this message in context: http://www.nabble.com/Complex-ACL--cross-post--tp25197810p25197810.html
Sent from the Zend Auth mailing list archive at Nabble.com.

[fw-mvc] Redirect and forward

A couple of questions related to the difference between forwarding and redirecting requests. I understand that the main difference is that forward is within the same request process, and redirect issues an http redirect which is a new and different request process. I've typically used redirects in the past when I needed to point a browser to another page, but I have a couple of situations where redirecting won't work, and I'm not sure if forwarding will work better or create different problems for me to solve.

That said, some specific questions about what to expect with a forward.
1) Will the same POST variables be available?
2) If forwarding from a POST (method isPost() returns true) to some new controller/action that as another if ($request->isPost()) in the code, will isPost() still return true (this is after the forward. In other words does forwarding alter the result that isPost() returns?

3) Does the client URL reflect the forward? My guess is no. (I can't test this at the moment as I am not in my development environment)

4) Does "refreshing" the client browser allow re-POSTing of the same data? One of the nice things about redirects is that it solves the irritating behavior of allowing a browser to refresh and the popup the message asking if they want to resend the same data. I'm not sure if forwarding also solves this irritating browser behavior or not.

Thanks!


Seth

Re: [fw-mvc] MVC integration of Zend_Acl

-- Seth Atkins <satkins@nortel.com> wrote
(on Friday, 28 August 2009, 12:52 PM -0500):
> Two main comments from my part. The first is a fairly open ended
> question I can't answer for you. While an action helper may fit your
> needs very well, IMHO, a successful integration is one which serves many
> common approaches and is the least limited implementation. For example,
> some of the comments so far have related to treating actions as
> resources. Many people see actions as privileges on resources, and one
> common view of what a resource is is a controller resource. If this is
> such a person's view on the subject, an action helper seems fairly
> limited since you are dispatching to a controller before you actually
> check resource access. I'd rather back things up a few steps and check
> before any particular resource is called. But that is my opinion, and I
> do know I'm not alone there. I believe, and correct me if I am wrong
> here, but the action helper preDispatch() method is called after the
> controller init(), which is also after any controller preDispatch()
> method, which is also after any plugin preDispatch methods.

Close, but not quite. Order is:

front controller plugin preDispatch
action helper init()
controller init()
action helper preDispatch()
controller preDispatch()

The only place you can circumvent is at the plugin preDispatch(); if you
call _forward() later, it will continue to execute through the
controller preDispatch(); the only thing skipped will be the actual
controller action (and postDispatch, of course).

> Seems to me a lot has happened before you ever checked to see if any
> of that should have happened in the first place.
>
> I am less familiar with all the things you can do with an action helper
> and how one might wrest it to do your will. My understanding of the ZF
> plugin architecture is more detailed since I have spent some time
> tracing through the code, how plugins are called, when, etc. Anyway, I
> know that plugins can do exactly what I want, but I'm less sure that an
> action helper would fit my needs.

What action helpers provide you is integration with the action
controller. Basically, you can place metadata or methods in your action
controllers that the action helpers can then query (or manipulate) to do
things.

Some examples of such integration:

* ViewRenderer: sets the view object, as well as renders the view
script postDispatch() based on the action executed

* ContextSwitch/AjaxContext: if certain properties are set in the
action controller, will query those to determine if a context was
invoked, and, if so, change the view script rendered (as well as
potentially inject response headers)

Basically, what action helpers do is make it easier to place the context
for a decision close to the decision point.

However, as you note, there may be a performance cost associated with
this.

> The second comment is that plugins are called before ANY dispatching (of
> any sort) occurs. Not even a controller init() method has been called
> yet. I can create one plugin, set it up in Zend_Application, and all my
> ACL code is in one place, once line of code to setup the plugin, and I'm
> done. The plugin is post routing, so it has the filtered request object
> to work from. You can load your rules and then feed isAllowed your
> controller or action name, or whatever criteria you want. If you want
> actions to be resources, fine. If you want controllers to be resources
> and actions privileges, fine.
>
> And best of all, a plugin can alter the request object before
> dispatching occurs. So I can actually redirect without "redirecting", if
> you know what I mean, in response to access being denied.
>
> To sum up, I don't think an action helper would be an implementation
> that I would personally want to use.

You have valid points. The points in the proposal are also valid. They
are very different approaches, however, and there are different
ramifications involved with both. In your situation, you get good
execution speed -- but at the cost of having to update ACLs and
controllers separately. In the approach proposed, your ACLs are part of
your application structure, making maintenance easy -- but you lose some
performance.

As I noted earlier, I personally like to put my ACLs with my service
layer. This means that I'm actually executing my action before I find
out if the user has the ability to do something -- probably your worst
nightmare.

However, what this affords me is the ability to re-use my service layer
for web services -- I can create a service proxy object that I attach to
Zend_XmlRpc_Server, Zend_Json_Server, Zend_Amf_Server, etc -- and my
ACLs continue to work as expected. I don't have to do anything different
whatsoever.

> I have many modules, many controllers, many actions, and while, yes, I
> could write one action helper and call it from anywhere, I'd really
> rather not have to write 50 lines of code to just to call it from each
> controller I happen to have. And I'd rather not instantiate a
> controller that a person doesn't have access to in the first place.
> Just my 2 cents.

Again, as noted above: there are different approaches. Use the one that
suits your application and/or programming needs.


> -----Original Message-----
> From: jThierry [mailto:thierry@jossermoz.net]
> Sent: Thursday, August 27, 2009 9:44 PM
> To: fw-mvc@lists.zend.com
> Subject: [fw-mvc] MVC integration of Zend_Acl
>
>
> Hi all,
>
> I've been working on a component to realise the MVC integration of
> Zend_Acl which is different from the proposal
> (http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
> seems to be on hold.
>
> I'm using an action helper the perform the checks at pre dispatch time
> on controllers implementing Zend_Acl_Resource_Interface instead of a
> plugin and am wondering if there's any underlying reason that would
> encourage the use of a plugin.
>
> I would really much appreciate your feedback on the action helper
> approach.
>
> The code can be found there: http://code.google.com/p/oolala/
>
> Thanks,
>
> Thierry
> --
> View this message in context:
> http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.ht
> ml
> Sent from the Zend MVC mailing list archive at Nabble.com.
>
>

--
Matthew Weier O'Phinney
Project Lead | matthew@zend.com
Zend Framework | http://framework.zend.com/

RE: [fw-mvc] MVC integration of Zend_Acl

Two main comments from my part. The first is a fairly open ended
question I can't answer for you. While an action helper may fit your
needs very well, IMHO, a successful integration is one which serves many
common approaches and is the least limited implementation. For example,
some of the comments so far have related to treating actions as
resources. Many people see actions as privileges on resources, and one
common view of what a resource is is a controller resource. If this is
such a person's view on the subject, an action helper seems fairly
limited since you are dispatching to a controller before you actually
check resource access. I'd rather back things up a few steps and check
before any particular resource is called. But that is my opinion, and I
do know I'm not alone there. I believe, and correct me if I am wrong
here, but the action helper preDispatch() method is called after the
controller init(), which is also after any controller preDispatch()
method, which is also after any plugin preDispatch methods. Seems to me
a lot has happened before you ever checked to see if any of that should
have happened in the first place.

I am less familiar with all the things you can do with an action helper
and how one might wrest it to do your will. My understanding of the ZF
plugin architecture is more detailed since I have spent some time
tracing through the code, how plugins are called, when, etc. Anyway, I
know that plugins can do exactly what I want, but I'm less sure that an
action helper would fit my needs.

The second comment is that plugins are called before ANY dispatching (of
any sort) occurs. Not even a controller init() method has been called
yet. I can create one plugin, set it up in Zend_Application, and all my
ACL code is in one place, once line of code to setup the plugin, and I'm
done. The plugin is post routing, so it has the filtered request object
to work from. You can load your rules and then feed isAllowed your
controller or action name, or whatever criteria you want. If you want
actions to be resources, fine. If you want controllers to be resources
and actions privileges, fine.

And best of all, a plugin can alter the request object before
dispatching occurs. So I can actually redirect without "redirecting", if
you know what I mean, in response to access being denied.

To sum up, I don't think an action helper would be an implementation
that I would personally want to use. I have many modules, many
controllers, many actions, and while, yes, I could write one action
helper and call it from anywhere, I'd really rather not have to write 50
lines of code to just to call it from each controller I happen to have.
And I'd rather not instantiate a controller that a person doesn't have
access to in the first place. Just my 2 cents.


--Seth

-----Original Message-----
From: jThierry [mailto:thierry@jossermoz.net]
Sent: Thursday, August 27, 2009 9:44 PM
To: fw-mvc@lists.zend.com
Subject: [fw-mvc] MVC integration of Zend_Acl


Hi all,

I've been working on a component to realise the MVC integration of
Zend_Acl which is different from the proposal
(http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
seems to be on hold.

I'm using an action helper the perform the checks at pre dispatch time
on controllers implementing Zend_Acl_Resource_Interface instead of a
plugin and am wondering if there's any underlying reason that would
encourage the use of a plugin.

I would really much appreciate your feedback on the action helper
approach.

The code can be found there: http://code.google.com/p/oolala/

Thanks,

Thierry
--
View this message in context:
http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.ht
ml

Sent from the Zend MVC mailing list archive at Nabble.com.

[fw-db] A question on coding design used for DB Statements.

I'm almost done reading the code that covers all the Zend_Db classes. One
part that intrigues me is why _prepare() from Zend_Db_Statement is not
declared as an abstract method. I probably didn't catch something from the
code, and I'm not an expert in software design and architecture, but I'm
interested into software architecture (been reading some books lately).

What I notice is the following: the constructor of Zend_Db_Statement calls
for "$this->_prepare($sql)", which is never declared in that class.
Zend_Db_Statement doesn't inherit from anyone and only implements the
interface Zend_Db_Statement_Interface, which does no mention of a _prepare
method. So, the call in the constructor is always there, meaning that the
method MUST be implemented, but there's no enforcing of it. I can see that
extending classes (the one that I checked the most was
Zend_Db_Statement_Pdo) do implement the method.

So, I wonder why _prepare is not declared in Zend_Db_Statement as "abstract
protected function _prepare($sql);".

Reading all the code from the framework has been a very productive activity
so far =) I'm really thankful for the developers (I've no idea where they
are hehehe), not only for the good quality code, but also for the great
documentation.

Now, off to finish Zend_Db and moving to Zend_View, Zend_Controller and
Zend_Validate.

And this is just a guy that wants to learn more about programming in PHP.
I'm not trying to point out mistakes or to feel smart, but to learn about
decisions made by professional developers. Sometimes people that questions
things or makes critics do it for the wrong reasons, I just don't want to
look like someone like that.

Thanks in advance for responses.
--
View this message in context: http://www.nabble.com/A-question-on-coding-design-used-for-DB-Statements.-tp25193487p25193487.html
Sent from the Zend DB mailing list archive at Nabble.com.

Re: [fw-mvc] Setting Database Adapter form Bootsrap class

Thanks for everyone.I decide to use resources from application.ini.
:handshake:
--
View this message in context: http://www.nabble.com/Setting-Database-Adapter-form-Bootsrap-class-tp25185540p25190424.html
Sent from the Zend MVC mailing list archive at Nabble.com.

Re: [fw-mvc] MVC integration of Zend_Acl

Hi,

my implementation works like this:

* Modules are resources
* Controllers are resources, Module is parent
* Actions of controllers are privileges

Few examples:

* Orders_Index with permissions edit/create/detele
* Products_Index with permissions list/view
* Users_Index with permissions all (special type, allows access to all actions)

Tree is constructed as this:
role has privileges, where privilege is 1:1 to resource and where resource is 1:1 to module.

Permissions:

If privilege is defined, but role doesn't have access to it - deny
If privilege is not defined, role has access to it if it has access to resource
If privilege is "all", role has access to all resource privileges

Implementation:
I use database to store all relations and to have easy-to-use admin interface to control roles and permissions. Modules and resources are currently also stored in DB but are not allowed to edit.

There is controller plugin which checks if:

$acl->allow(current_role, request_module . '_' . request_controller, request_action)

Same is used for Zend_Navigation, therefore I have Acl which controls access for a whole application.

That's how I see/use acl, any comments?

--
Juozas Kaziukėnas (juozas@juokaz.com)
Aš internete - JuoKaz (http://www.juokaz.com)


On Fri, Aug 28, 2009 at 12:02 PM, Matthew Weier O'Phinney <matthew@zend.com> wrote:
-- jThierry <thierry@jossermoz.net> wrote
(on Thursday, 27 August 2009, 07:43 PM -0700):
> I've been working on a component to realise the MVC integration of Zend_Acl
> which is different from the proposal
> (http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
> seems to be on hold.
>
> I'm using an action helper the perform the checks at pre dispatch time on
> controllers implementing Zend_Acl_Resource_Interface instead of a plugin and
> am wondering if there's any underlying reason that would encourage the use
> of a plugin.
>
> I would really much appreciate your feedback on the action helper approach.
>
> The code can be found there: http://code.google.com/p/oolala/

While I tend to implement my ACLs in my service layer, I've also
implemented them at the controller layer before as well. Your approach
seems to me to be a natural fit with this latter approach, as it allows
you to explicitly define your controllers as resources, and perform the
checks at the point closest to the actual action.

--
Matthew Weier O'Phinney
Project Lead            | matthew@zend.com
Zend Framework          | http://framework.zend.com/


Re: [fw-mvc] MVC integration of Zend_Acl

-- jThierry <thierry@jossermoz.net> wrote
(on Thursday, 27 August 2009, 07:43 PM -0700):
> I've been working on a component to realise the MVC integration of Zend_Acl
> which is different from the proposal
> (http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
> seems to be on hold.
>
> I'm using an action helper the perform the checks at pre dispatch time on
> controllers implementing Zend_Acl_Resource_Interface instead of a plugin and
> am wondering if there's any underlying reason that would encourage the use
> of a plugin.
>
> I would really much appreciate your feedback on the action helper approach.
>
> The code can be found there: http://code.google.com/p/oolala/

While I tend to implement my ACLs in my service layer, I've also
implemented them at the controller layer before as well. Your approach
seems to me to be a natural fit with this latter approach, as it allows
you to explicitly define your controllers as resources, and perform the
checks at the point closest to the actual action.

--
Matthew Weier O'Phinney
Project Lead | matthew@zend.com
Zend Framework | http://framework.zend.com/

Re: [fw-mvc] Setting Database Adapter form Bootsrap class

Being agree with Jeroen that it is better to initialize your db using config file (this lets you changes params in your differentes environments easier), I am not agree that it is the only way of doing it. Reading doc, It is normal become to the conclussion of using _intMyResource() methods in the bootstrap. That is what doc says. What you were doing is right to me except that you are not "returning" any value, and you should do it:

protected function _initDb(){
    $params=array('host'=>'localhost',
    'username'=>'root',
    'password'=>'',
    'dbname'=>'mydb');
    $db=Zend_Db::factory('PDO_MYSQL',$params);
    Zend_Db_Table::setDefaultAdapter($db);

return $db;
   }


that will works!

El 28/08/2009, a las 10:05, Jeroen Keppens escribió:

Hi Neo,

If you use resources, you don't need to initialize your db that way. See following url:


You add in your app.ini following lines:

resources.db.adapter         = "PDO_MYSQL"
resources.db.params.host     = "localhost"
resources.db.params.username = "root"
resources.db.params.password = ""
resources.db.params.dbname   = "mydb"

You don't have to put anything in your bootstrap.

If you want to use the init as specified, you need to make your your boatstrap knows it needs to be loaded.

Add something like this to your app.ini :

resources.db[] = 

Specifying this, will make the _initDb to be loaded. However, I would advice using the method explained above if you don't need to do anything special with the db.

Wkr
Jeroen

On 28 Aug 2009, at 09:48, neobeacon wrote:


Can anyone help me to set the database adapter form Bootstrap class.

This is my Bootstrap class.
http://www.nabble.com/file/p25185540/Bootstrap.php Bootstrap.php


I used
http://blog.keppens.biz/2009/06/create-modular-application-with-zend.html
keppens's create modular application  Tutorial.

I add this code to boot

protected function _initDb(){
    $params=array('host'=>'localhost',
    'username'=>'root',
    'password'=>'',
    'dbname'=>'mydb');
    $db=Zend_Db::factory('PDO_MYSQL',$params);
    Zend_Db_Table::setDefaultAdapter($db);
   }

Is this wrong ? What do I want to do?

--
View this message in context: http://www.nabble.com/Setting-Database-Adapter-form-Bootsrap-class-tp25185540p25185540.html
Sent from the Zend MVC mailing list archive at Nabble.com.



Re: [fw-mvc] Setting Database Adapter form Bootsrap class

Hi Neo,

If you use resources, you don't need to initialize your db that way. See following url:


You add in your app.ini following lines:

resources.db.adapter         = "PDO_MYSQL"
resources.db.params.host     = "localhost"
resources.db.params.username = "root"
resources.db.params.password = ""
resources.db.params.dbname   = "mydb"

You don't have to put anything in your bootstrap.

If you want to use the init as specified, you need to make your your boatstrap knows it needs to be loaded.

Add something like this to your app.ini :

resources.db[] = 

Specifying this, will make the _initDb to be loaded. However, I would advice using the method explained above if you don't need to do anything special with the db.

Wkr
Jeroen

On 28 Aug 2009, at 09:48, neobeacon wrote:


Can anyone help me to set the database adapter form Bootstrap class.

This is my Bootstrap class.
http://www.nabble.com/file/p25185540/Bootstrap.php Bootstrap.php


I used
http://blog.keppens.biz/2009/06/create-modular-application-with-zend.html
keppens's create modular application  Tutorial.

I add this code to boot

protected function _initDb(){
    $params=array('host'=>'localhost',
    'username'=>'root',
    'password'=>'',
    'dbname'=>'mydb');
    $db=Zend_Db::factory('PDO_MYSQL',$params);
    Zend_Db_Table::setDefaultAdapter($db);
   }

Is this wrong ? What do I want to do?

--
View this message in context: http://www.nabble.com/Setting-Database-Adapter-form-Bootsrap-class-tp25185540p25185540.html
Sent from the Zend MVC mailing list archive at Nabble.com.


[fw-mvc] Setting Database Adapter form Bootsrap class

Can anyone help me to set the database adapter form Bootstrap class.

This is my Bootstrap class.
http://www.nabble.com/file/p25185540/Bootstrap.php Bootstrap.php


I used
http://blog.keppens.biz/2009/06/create-modular-application-with-zend.html
keppens's create modular application Tutorial.

I add this code to boot

protected function _initDb(){
$params=array('host'=>'localhost',
'username'=>'root',
'password'=>'',
'dbname'=>'mydb');
$db=Zend_Db::factory('PDO_MYSQL',$params);
Zend_Db_Table::setDefaultAdapter($db);
}

Is this wrong ? What do I want to do?

--
View this message in context: http://www.nabble.com/Setting-Database-Adapter-form-Bootsrap-class-tp25185540p25185540.html
Sent from the Zend MVC mailing list archive at Nabble.com.

[fw-db] Read/Write from/to different servers BA7-899

Hi,

Sorry if this question has already been addressed (actually I've found this
:
http://www.nabble.com/OOP-Design-question-related-to-Zend_Db_Adapter-to21754
135.html
, but nobody answered to william0275).

I would like to provide an abstraction layer so that read db queries would
be routed to one server (say A) and write queries to another server (say B),
so that it is completely transparent to developers (they would continue to
use $db->select(), $db->insert(), $db->update() and $db->query() as usual) .
Is there a classical solution for that ?

Jean-Michel

2009年8月27日星期四

Re: [fw-mvc] MVC integration of Zend_Acl

AFAIK people just randomly decided to implement access management in plugins. I don't really see any advantage in using a plugin over a helper. Since you're referencing the controller object itself in your implementation, it's much more natural to use a helper since it already has a reference to it, whereas in a plugin you'd have to do a bit more work.

   -- Mon


On Fri, Aug 28, 2009 at 10:43 AM, jThierry <thierry@jossermoz.net> wrote:

Hi all,

I've been working on a component to realise the MVC integration of Zend_Acl
which is different from the proposal
(http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
seems to be on hold.

I'm using an action helper the perform the checks at pre dispatch time on
controllers implementing Zend_Acl_Resource_Interface instead of a plugin and
am wondering if there's any underlying reason that would encourage the use
of a plugin.

I would really much appreciate your feedback on the action helper approach.

The code can be found there: http://code.google.com/p/oolala/

Thanks,

Thierry
--
View this message in context: http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.html
Sent from the Zend MVC mailing list archive at Nabble.com.


Re: [fw-mvc] MVC integration of Zend_Acl

This is the way that I do it. It makes sense to me that if you want to protect your controller actions, that they should be resources.

On Thu, Aug 27, 2009 at 10:43 PM, jThierry <thierry@jossermoz.net> wrote:

Hi all,

I've been working on a component to realise the MVC integration of Zend_Acl
which is different from the proposal
(http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
seems to be on hold.

I'm using an action helper the perform the checks at pre dispatch time on
controllers implementing Zend_Acl_Resource_Interface instead of a plugin and
am wondering if there's any underlying reason that would encourage the use
of a plugin.

I would really much appreciate your feedback on the action helper approach.

The code can be found there: http://code.google.com/p/oolala/

Thanks,

Thierry
--
View this message in context: http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.html
Sent from the Zend MVC mailing list archive at Nabble.com.


[fw-mvc] MVC integration of Zend_Acl

Hi all,

I've been working on a component to realise the MVC integration of Zend_Acl
which is different from the proposal
(http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025) that
seems to be on hold.

I'm using an action helper the perform the checks at pre dispatch time on
controllers implementing Zend_Acl_Resource_Interface instead of a plugin and
am wondering if there's any underlying reason that would encourage the use
of a plugin.

I would really much appreciate your feedback on the action helper approach.

The code can be found there: http://code.google.com/p/oolala/

Thanks,

Thierry
--
View this message in context: http://www.nabble.com/MVC-integration-of-Zend_Acl-tp25183254p25183254.html
Sent from the Zend MVC mailing list archive at Nabble.com.

Re: [fw-db] Not sure, but is this a bug?

I guess that the issue is that this code wont work, isnt it Thasmo?:

$table->fetchAll($table->getAdapter->quoteInto('? = id', 123));



On Thu, Aug 27, 2009 at 5:22 PM, Hector Virgen <djvirgen@gmail.com> wrote:
It's possible for the ? to be at position 1 (or, 0):

$table->select()->where('? = id', 123); // <-- valid SQL

--
Hector



On Thu, Aug 27, 2009 at 2:38 PM, Thasmo <thasmo@gmail.com> wrote:
Maybe that's right, in this case I guess,
it won't affect anything, as the '?'-sign won't
ever be at position 1, as long as I understand the quote function.

Anyone there to test it?


Mamsaac schrieb:

I'm not really looking into trying the code, since I was just reading some of
the Db code for entertaining (hey! it's better than some bad novels =) ).

I came up with this part in class Zend_Db_Adapter_Abstract:

public function quoteInto($text, $value, $type = null, $count = null) {
   if ($count === null) {
       return str_replace('?', $this->quote($value, $type), $text);
   } else {
       while ($count > 0) {
           if (strpos($text, '?') != false) {
               $text = substr_replace($text, $this->quote($value),
strpos($text, '?'), 1);
           }
           --$count;
       }
       return $text;
   }
}

My issue, and I'm probably wrong, but this shouldn't take long, is that I
believe that strpos($text, '?') != false should be strpos($text, '?') !==
false

If the "?" is the first character, it would just not replace it. (I mean, ?
being in position 0).

If I'm wrong, I apologize for taking a quick reaction without verifying...
but I don't have any applications of mine using the ZF (again, I was just
reading :D) and I'm not supposed to waste too much time =)

And if this is not the right place to ask about this, again, sorry =)





Re: [fw-db] Not sure, but is this a bug?

>From what I saw, it simply takes any ? and introduces another string but
quoted with for SQL (using ''), without any specification if the question
mark can or not be the first character.

The provided code in the documentation shows:

* <code>
* $text = "WHERE date < ?";
* $date = "2005-01-02";
* $safe = $sql->quoteInto($text, $date);
* // $safe = "WHERE date < '2005-01-02'"
* </code>

If the text is not "WHERE date < ?", but rather a simple "? > date" which
will be inserted into the WHERE section after that, it wouldn't work.

Anyway, since I have little experience using ZF, I can't assure of a bug in
here, so I will just leave the thread =) If it's a bug, I will be glad to
have helped in such a little thing, else, I'm sorry hehehe.


Thasmo wrote:
>
> Maybe that's right, in this case I guess,
> it won't affect anything, as the '?'-sign won't
> ever be at position 1, as long as I understand the quote function.
>
> Anyone there to test it?
>
>
> Mamsaac schrieb:
>> I'm not really looking into trying the code, since I was just reading
>> some of
>> the Db code for entertaining (hey! it's better than some bad novels =) ).
>>
>> I came up with this part in class Zend_Db_Adapter_Abstract:
>>
>> public function quoteInto($text, $value, $type = null, $count = null) {
>> if ($count === null) {
>> return str_replace('?', $this->quote($value, $type), $text);
>> } else {
>> while ($count > 0) {
>> if (strpos($text, '?') != false) {
>> $text = substr_replace($text, $this->quote($value),
>> strpos($text, '?'), 1);
>> }
>> --$count;
>> }
>> return $text;
>> }
>> }
>>
>> My issue, and I'm probably wrong, but this shouldn't take long, is that I
>> believe that strpos($text, '?') != false should be strpos($text, '?') !==
>> false
>>
>> If the "?" is the first character, it would just not replace it. (I mean,
>> ?
>> being in position 0).
>>
>> If I'm wrong, I apologize for taking a quick reaction without
>> verifying...
>> but I don't have any applications of mine using the ZF (again, I was just
>> reading :D) and I'm not supposed to waste too much time =)
>>
>> And if this is not the right place to ask about this, again, sorry =)
>>
>>
>
>

--
View this message in context: http://www.nabble.com/Not-sure%2C-but-is-this-a-bug--tp25178000p25180965.html
Sent from the Zend DB mailing list archive at Nabble.com.