I have an event form which contains information related to event like: start_time, finish_time etc.
Every event bolongs to a user. The requirements are that the same type of event can be saved for multiple users, so from the form I receive a list of users as well.
Now that makes it impossible to use model's native save function and for that reason I have the following code:
function saveNotRepeatedEvents($event, $users){
foreach($users as $user){
$event['Event']['user_id'] = $user;
$this->create();
$this->save($event);
}
return true;
}
First of all, it does not allow for transactions, and I have a feeling that it can be done better, like "cakePHP way", but just cannot find anything during the research.
So the main issue would be how to intruduce transactions in this case. But any help or guidance on how to make it more cakePHP way would be much appreciated.
What you're looking for is Model::saveAll($yourData), which at the end will make use of a transaction (as long as your database engine supports transactions).
The main idea is that you will prepare $yourData as an array with this form
$yourData = array(
array('Event' => array('user_id' => 1)),
array('Event' => array('user_id' => 2)),
);
Of course, you will do this in your for loop, I am just giving you the main idea.
Related
I am using CakePHP in my project and I am looking for a proper way to check advanced user rights in my views.
I have several pages in which the contents depend of your rights (you can view some blocks or not, edit some infos or not, etc...)
I searched and the only way I found is to implement an Auth Helper, but I thought the best way to to that is to implement methods in my "UserController" (such as canPerformAction($action, $controller = 'default_controller')), am I wrong ? And if I'm right, how to call that methods properly ?
Thanks.
EDIT : More precisions
For example I have an action "editEventProducts" that a user can perform only if he's the event owner and if the event status is <= 2.
I check that in my controller "isAuthorized" function, works like a charm.
But I have a page called "eventDetails", form which you can perfom several actions such as this one, and I want to show the edit button, only if you can do it.
If fact what I need is the output of the "isAuthorized" function for each action that you can call, but can I properly get it from a view ?
Solution
I implemented a Auth helper who does several check such as this one, which is finally a whitelist check, depending of the status of my event, hope it will help, the code :
App::uses('AppHelper', 'View/Helper');
class AuthHelper extends AppHelper {
var $helpers = array('Session');
private $_whitelist = array(
'controller1' => array(
'events' => array(
'action1' => array(1 => true, 2 => true),
'action2' => array(1 => true, 2 => true),
'action3' => array(3 => true),
'action4' => array(6 => true)
)
),
'user' => array(
'controller1' => array(
'action1' => array(1 => true, 2 => true),
'action2' => array(1 => true, 2 => true)
)
)
);
public function canPerformAction ($action, $event_infos, $controller = 'events') {
return isset($this->_whitelist[$this->Session->read('Auth.User.role')][$controller][$action][$event_infos['Event']['state_id']]);
}
}
It sounds to me like you just want to render some parts of a view based on the permissions of the user. Well, in this case I think a helper is the right choice. The user should already have all the permissions he has loaded - except they're very fine grained and you got thousands of permissions.
Check this AuthHelper, it allows you to check if the user is logged in, for a role or a set of roles in a field. Alternatively implement your own solution to match whatever your permission system is.
Note that the helper relies on passing the user data to the view in a view variable. It can be also configured to read the data from the auth part of the session directly.
Here is the example taken from it's documentation:
if ($this->Auth->isLoggedIn()) {
echo __('Hello %s!', $this->Auth->user('username'));
}
if ($this->Auth->isMe($record['Record']['user_id']) {
// or your edit button here
echo '<h2>' . __('Your records') . '</h2>';
}
if ($this->Auth->hasRole('admin') {
echo $this->Html->link(__('delete'), array('action' => 'delete'));
}
What you need is called authorization, and is the process of granting/denying actions usually built on top of an authentication step, which maps HTTP requests to logical users.
The authorization scheme can be implemented in a number of ways, for example with simple role-based rules, where users are grouped exactly for the purpose of assigning rights, or with more complex ACL (access control lists). Both can be adopted at the same time for different parts of the system, depending on your needs.
Whatever scheme you pick, you absolutely need to query it at the beginning of your controllers actions (if applicable, you may and up with a standardized authorization filter in your AppController), because the HTTP request doesn't need to come from a previously sent HTTP page, but could be a (possibly) malicious, hand-craften one. Also, you'll likely need to adjust the UI after the user rights. Maybe you'll better start with a bunch of if statements, and then after some days of work you'll be able to identify your needs and build your libraries/helpers/blocks/whatever to avoid code duplication and easing reading the templates.
If you have predefined user permissions (like 'admin', 'moderator', 'editor', 'publisher'...) you can just read the user role and current action in the controller function isAuthorized and set it to true or false.
If you want custom permissions per user, you can store those values in the database, read them in the isAuthorized function and make your logic to determine if you should allow him or not.
My solution to this was a separate table user_permissions that was something like this:
user_id | action
where action would be `controller/action' or 'view/block' or whatever you want to save there.
I would read all values for current user in the controller and if the current controller/action was found in the array, i'd set isAuthorized to true. You can apply your logic to the blocks also.
You can call function of controller from view using
requestAction(string $url, array $options)
Or you can create your custom Helper which will do this for you!
$form2_id = 'commerce_product_ui_product_form';
$form2_state['values'] = array(
'sku' => 'xyz100',
'title' => 'xyz',
'commerce_price' => '355',
'op' => t('Save Product')
);
drupal_form_submit($form2_id, $form2_state);
$form_errors = form_get_errors();
drupal_set_message('Form errors = '.$form_errors);
I get no errors but lots of warnings... and the data is not saved to the db.
call_user_func_array() expects parameter 1 to be a valid callback, function 'commerce_product_product_form' not found or invalid function name in drupal_retrieve_form()
You apparently are trying to programmatically submit values to a Drupal commerce generated form. This an unpractical approach, because of the modular achitecture of Drupal commerce: there are quite a few steps that populate a form before it is submitted, and even if you had (as you should have, anyway) prepoulate $form_state with drupal_get_form(), you would end up with errors in the submit function. I tried myself to fix your code, to no avail.
Fortunately, there is another approach, leveraging Drupal's entities, for which I must credit this post. You can create an entity metadata wrapper with a Drupal commerce's product object of your chosen type:
$wrapper = entity_metadata_wrapper('commerce_product',
commerce_product_new('[PRODUCT_TYPE_MACHINE_NAME]'));
By calling entity_metadata_wrapper this way, you create a property wrapper by which you can access a commerce_product entity; commerce_product_new('[PRODUCT_TYPE_MACHINE_NAME]') creates the entity instance with it's required defaults. Then you can do:
$wrapper->sku = 'xyz100';
$wrapper->title = 'xyz';
$wrapper->commerce_price->amount = 355;
$wrapper->commerce_price->currency_code = 'USD';
Be aware that commerce_price is a structured type, and amount and currency are required. amount must be in hundredths of the unit, so a 1.5$ price must be expressed as 150.
When your entity is fully populated with any other property, you need to issue
$wrapper->save();
When I first read your question I thought "this should be easy"... It wasn't and I spent a few hours to figure it out. It was worth the while, though, because I have found a much better solution to deal with entities (and nodes...) in Drupal.
I have an application in which we give a very friendly interface for managing data. This is done through many controllers' add/edit/view functions. But now the requirement has come that we should have "super admins" able to edit anything, and scaffolding will give them a quick and dirty manner of changing data. Since scaffolding uses add/edit/view by default, I've unintentionally overwritten the ability to scaffold.
I can't just go and change all my calls to edit/add for our "user friendly" data managing. So I want to essentially ignore the add/edit/view when, for example, a user has a flag of "yes, please let me scaffold". I imagined it would be something like:
public function edit($id) {
if (admin_user) {
$scaffold;
} else {
[user-friendly version code]
}
}
But no dice. How can I achieve what I want?
suppose you already have admin users and you want to scaffold only super-user:
Also suppose you store the information about beeing a super-user or not in a column named super in the users table
in your core.php
Configure::write('Routing.prefixes', array('admin', 'super));
in your appController
public $scaffold = 'super';
beforFilter() {
if($this->Auth->user('super') && !isset($this->params['super'])
$this->redirect(array('super' => true));
}
Now I can't try this code but the idea should work.
edit: we need to check if we are already in a super_action to avoid infinite redirect
I'm building a dynamic view (Page) that consists of multiple elements (widgets) called via $this->element('messages_unread'). Some of these elements need data that is not related to the Page model.
In real life words: my users will be able to construct their own Page by choosing from a multitude of elements ("top 5 posts", "10 unread messages", etc...)
I get the data by calling $this->requestAction(array('controller'=>'events','action'=>'archive') from within the element, the url-variables differ per element .
I'm aware of the fact that requestAction() is expensive and I plan on limiting the costs by proper caching.
The actual question:
My problem is Pagination. When I'm in the Page view and call requestAction('/events/archive') the PaginatorHelper in the Page view will be unaware of the Event model and its paginator variables and $this->Paginator->next() etc... will not work.
How can I implement proper Pagination? I've tried to set the model by calling $this->Paginator->options(array('model'=>'Event')) but that doesn't work.
Do I maybe need to return custom defined Pagination variables in the requestAction and thus construct my own?
Or is there another approach that maybe even avoids requestAction()? And keep in mind here that the requested data is unrelated to the Page.
Kind regards,
Bart
[Edit] My temporary solution but still open for comments/solutions:
In the requestedAction Event/archive, return paginator variables along with the data like this:
return array('data'=>$this->paginate(), 'paging' => $this->params['paging']);
I've tinkered a bit more and the following works for me, and the PaginationHelper works:
In the element:
// requestAction returns an array('data'=>... , 'paging'=>...)
$data = $this->requestAction(array('controller'=>'events','action'=>'archive'));
// if the 'paging' variable is populated, merge it with the already present paging variable in $this->params. This will make sure the PaginatorHelper works
if(!isset($this->params['paging'])) $this->params['paging'] = array();
$this->params['paging'] = array_merge( $this->params['paging'] , $data['paging'] );
foreach($data['events'] as $event) {
// loop through data...
}
In the Controller:
public function archive() {
$this->paginate = array(
'limit' => 10
);
if ($this->params['requested'])
return array('events'=>$this->paginate('Event'), 'paging' => $this->params['paging']);
$this->set('events', $this->paginate('Event') );
}
I have a songs controller. Within the songs controller i have a 'view' action which get's passed an id, eg
/songs/view/1
/songs/view/5
/songs/view/500
When a user visits /songs/view/1, the file is cached correctly and saved as 'songs_view_1.php'
Now for the problem, when a user hit's a different song, eg /songs/view/2, the 'songs_view_1.php' is deleted and '/songs/view/2.php' is in it's place.
The cahced files will stay there for a day if I don't visit a different url, and visiting a different action will not affect any other action's cached file.
I've tried replacing my 'cake' folder (from 1.2 to 1.2.6), but that didn't do anything. I get no error messages at all and nothing in the logs.
Here's my code, I've tried umpteen variations all ending up with the same problem.
var $helpers = array('Cache');
var $cacheAction = array(
'view/' => '+1 day'
);
Any ideas?
EDIT:
After some more testing, this code
var $cacheAction = array(
'view/1' => "1 day",
'view/2' => "1 day"
);
will cache 'view/1' or 'view/2', but delete the previous page as before. If I visit '/view/3' it will delete the cached page from before... sigh
EDIT:
Having the same issue on another server with same code...
After working hours on this, I finally figure out the reason why the cache keep being deleted, the REASON is because you had some operations that update your 'song' record in the database after you view the 'song'. For my case, I keep a column in my database called 'Hits' to store the number of hits/reads, and it updates it everytime it read the record.
Cakephp has a feature to aumotically detect changes to your database and clear the cache for you.
Try remove any operations that update your 'song' record and the cacheaction should be working properly.
An alternative is to redefine the clearcache function in your 'song' model... it will disable the function to auto-clear off the cache.. but then remember to manually clear the cache yourself when an update is performed.
function _clearCache($type = null) {
}
After working hours on this, I finally figured out the reason why the cache keeps on being deleted. The reason is because you had some operations that update your 'song' record in the database after you view the 'song'. For my case, I keep a column in my database called 'Hits' to store the number of hits/reads, and it updates it everytime it read the record.
Cakephp has a feature to automatically detect changes to your database and clear the cache for you.
Try remove any operations that update your 'song' record and the cacheaction should work properly.
After fixing it, there will be another issue. Let's say you cache many of your records, for example song/1, song/5, song/100...etc, if there is any update for any 1 of the record... all of the caches for song/1, song/5, song/100 will be deleted. This makes cacheaction useless for frequently update website.
The solution to this is to redefine the clearcache function in your 'song' model... it will disable the function to auto-clear off the cache.. so if there is any update, none of the caches will be deleted. But then remember to manually clear the cache yourself when an update is performed.
function _clearCache($type = null) {
}
to remove cache manually, you could use
#unlink(CACHE.'views'.DS.'website_songs_view_50.php');
I think that kind of caching method is depreceted. Perhaps you should use Cache:
$song = Cache::read('songs/view/'.$id, 'cache_time');
if(empty($song)){
$song = $this->Song->findById($id);
Cache::write('songs/view/'.$id, $song, 'cache_time');
}
cache_time is a variable you define in core.php:
Cache::config('cache_time', array('engine' => 'File', 'duration' => 60*60*24));
Hope it helps.
Check some setting in the config.php file. Do you have the following setting enabled?
Configure::write('debug', 0);
//Configure::write('Cache.disable', true);
Configure::write('Cache.check', true);
Cache::config('default', array('engine' => 'File'));