I am required to employ webEdition as the CMS for a web presence, which shall contain a form realised with CakePHP.
Unfortunately, both systems employ directory structures, which are incompatible with each other: CakePHP requires an "app"-folder with several subfolders, "Model", "View", "Controller", whereas webEdition provides (php) template files, from which the frontend (html) files are generated via a http-backend that must stay functional (as it is the point of using webEdition in the first place).
As such, while I can put the model and controller files into their respective CakePHP-folders, I need to write the view code into the webEdition templates. CakePHP offers configuration files to move its whole "app"-folder into arbitrary places, but this is arguably not what I require.
To summarise, the situation looks as follows:
webEdition needs the templates to go to [webroot]/webedition/we/templates/[file].php
CakePHP needs the View files to go to [arbitrary]/app/View/[controller name]/[file].[extension]
the View code must go into the template
references to the View code must reference the published files [webroot]/[file].html
Obviously these requirements are incompatible. Mayhap my understanding is wrong to begin with, but even if not, there should (hopefully) exist an alternate way to realise this.
The requirements are obviously incompatible but there are several ways to work around that:
Make the CakePHP form using AJAX or an iframe to call the CakePHP app directly
Let webEdition deal with the form completely on it's own but write to the DB table the Cake app is using
Have a RESTful API you cann call from the webEdition page and POST the data to the CakePHP app.
It seems that via this setting in the app/Config/bootstrap.php file, the webroot folder may be specified as View folder - which is arguably more of a hack, but should allow to write cakePHP view code directly into a webEdition template, from where it would be carried through to the published file.
/**
* The settings below can be used to set additional paths to models, views and controllers.
*
* App::build(array(
* 'Model' => array('/path/to/models/', '/next/path/to/models/'),
* 'Model/Behavior' => array('/path/to/behaviors/', '/next/path/to/behaviors/'),
* 'Model/Datasource' => array('/path/to/datasources/', '/next/path/to/datasources/'),
* 'Model/Datasource/Database' => array('/path/to/databases/', '/next/path/to/database/'),
* 'Model/Datasource/Session' => array('/path/to/sessions/', '/next/path/to/sessions/'),
* 'Controller' => array('/path/to/controllers/', '/next/path/to/controllers/'),
* 'Controller/Component' => array('/path/to/components/', '/next/path/to/components/'),
* 'Controller/Component/Auth' => array('/path/to/auths/', '/next/path/to/auths/'),
* 'Controller/Component/Acl' => array('/path/to/acls/', '/next/path/to/acls/'),
* 'View' => array('/path/to/views/', '/next/path/to/views/'),
* 'View/Helper' => array('/path/to/helpers/', '/next/path/to/helpers/'),
* 'Console' => array('/path/to/consoles/', '/next/path/to/consoles/'),
* 'Console/Command' => array('/path/to/commands/', '/next/path/to/commands/'),
* 'Console/Command/Task' => array('/path/to/tasks/', '/next/path/to/tasks/'),
* 'Lib' => array('/path/to/libs/', '/next/path/to/libs/'),
* 'Locale' => array('/path/to/locales/', '/next/path/to/locales/'),
* 'Vendor' => array('/path/to/vendors/', '/next/path/to/vendors/'),
* 'Plugin' => array('/path/to/plugins/', '/next/path/to/plugins/'),
* ));
*
*/
... Not yet tested though and obviously not fit for a production system.
Related
I am using CakePHP in my project and I am looking for a proper way to check advanced user rights in my views.
I have several pages in which the contents depend of your rights (you can view some blocks or not, edit some infos or not, etc...)
I searched and the only way I found is to implement an Auth Helper, but I thought the best way to to that is to implement methods in my "UserController" (such as canPerformAction($action, $controller = 'default_controller')), am I wrong ? And if I'm right, how to call that methods properly ?
Thanks.
EDIT : More precisions
For example I have an action "editEventProducts" that a user can perform only if he's the event owner and if the event status is <= 2.
I check that in my controller "isAuthorized" function, works like a charm.
But I have a page called "eventDetails", form which you can perfom several actions such as this one, and I want to show the edit button, only if you can do it.
If fact what I need is the output of the "isAuthorized" function for each action that you can call, but can I properly get it from a view ?
Solution
I implemented a Auth helper who does several check such as this one, which is finally a whitelist check, depending of the status of my event, hope it will help, the code :
App::uses('AppHelper', 'View/Helper');
class AuthHelper extends AppHelper {
var $helpers = array('Session');
private $_whitelist = array(
'controller1' => array(
'events' => array(
'action1' => array(1 => true, 2 => true),
'action2' => array(1 => true, 2 => true),
'action3' => array(3 => true),
'action4' => array(6 => true)
)
),
'user' => array(
'controller1' => array(
'action1' => array(1 => true, 2 => true),
'action2' => array(1 => true, 2 => true)
)
)
);
public function canPerformAction ($action, $event_infos, $controller = 'events') {
return isset($this->_whitelist[$this->Session->read('Auth.User.role')][$controller][$action][$event_infos['Event']['state_id']]);
}
}
It sounds to me like you just want to render some parts of a view based on the permissions of the user. Well, in this case I think a helper is the right choice. The user should already have all the permissions he has loaded - except they're very fine grained and you got thousands of permissions.
Check this AuthHelper, it allows you to check if the user is logged in, for a role or a set of roles in a field. Alternatively implement your own solution to match whatever your permission system is.
Note that the helper relies on passing the user data to the view in a view variable. It can be also configured to read the data from the auth part of the session directly.
Here is the example taken from it's documentation:
if ($this->Auth->isLoggedIn()) {
echo __('Hello %s!', $this->Auth->user('username'));
}
if ($this->Auth->isMe($record['Record']['user_id']) {
// or your edit button here
echo '<h2>' . __('Your records') . '</h2>';
}
if ($this->Auth->hasRole('admin') {
echo $this->Html->link(__('delete'), array('action' => 'delete'));
}
What you need is called authorization, and is the process of granting/denying actions usually built on top of an authentication step, which maps HTTP requests to logical users.
The authorization scheme can be implemented in a number of ways, for example with simple role-based rules, where users are grouped exactly for the purpose of assigning rights, or with more complex ACL (access control lists). Both can be adopted at the same time for different parts of the system, depending on your needs.
Whatever scheme you pick, you absolutely need to query it at the beginning of your controllers actions (if applicable, you may and up with a standardized authorization filter in your AppController), because the HTTP request doesn't need to come from a previously sent HTTP page, but could be a (possibly) malicious, hand-craften one. Also, you'll likely need to adjust the UI after the user rights. Maybe you'll better start with a bunch of if statements, and then after some days of work you'll be able to identify your needs and build your libraries/helpers/blocks/whatever to avoid code duplication and easing reading the templates.
If you have predefined user permissions (like 'admin', 'moderator', 'editor', 'publisher'...) you can just read the user role and current action in the controller function isAuthorized and set it to true or false.
If you want custom permissions per user, you can store those values in the database, read them in the isAuthorized function and make your logic to determine if you should allow him or not.
My solution to this was a separate table user_permissions that was something like this:
user_id | action
where action would be `controller/action' or 'view/block' or whatever you want to save there.
I would read all values for current user in the controller and if the current controller/action was found in the array, i'd set isAuthorized to true. You can apply your logic to the blocks also.
You can call function of controller from view using
requestAction(string $url, array $options)
Or you can create your custom Helper which will do this for you!
At first - I'm new to the Yii Framework. I did some research on my own but I couldn't find a precise solution to my issue.
Assume there are two related models - Product and Image. A single Product may have multiple Images assigned. What is the best approach at creating the create / update forms that would be able to manage this kind of scheme?
The Image model consists of various fields, along with a path to the image file, so it's not just a "container" for the path itself. What's more - I need to have a thumbnail generated for every uploaded image and its path stored within the same model.
What I need to achieve is pretty much similar to the admin inline functionality known from Django - there should be a section in the Product create / update form which would allow users to add / modify / delete Images.
I tried the multimodelform extension but I couldn't get file uploading to work. What's the best way of getting it done and not having to build the whole file-upload-enabled-multiple-model-form structure manually?
The detailed solution depends on if you are using CActiveForm or CHtml form. Since you have 2 related models I assume you are using CActiveForm and will point out some thing you need to keep in mind.
For this example i am gonna assume some definitions
Product with fields id, name
Product with ONE to MANY relation to 'images' on ProductImage
ProductImage with fields id, productId, path
I also assume there gonna be 1 upload / edit, but multi delete
Here's the view:
$form = $this->beginWidget(
'CActiveForm',
array(
'id' => 'upload-form',
'enableAjaxValidation' => false,
'htmlOptions' => array('enctype' => 'multipart/form-data'),
)
);
echo $form->labelEx($product, 'name');
echo $form->fileField($product, 'name');
echo $form->error($product, 'name');
echo $form->checkBoxList($product, 'path', $product->images);
echo $form->labelEx($productImage, 'path');
echo $form->fileField($productImage, 'path');
echo $form->error($productImage, 'path');
$this->endWidget();
And your action
public function actionUpdate($productId) {
$product = Product::model()->findByPk($productId)->with('images');
$productImage = new ProductImage();
if(isset($_POST['Item']))
{
$product->attributes=$_POST['Product'];
foreach($product->images as $im) {
if(in_array($im->path, $_POST['Item']['Image']))
$im->delete();
}
$productImage->image=CUploadedFile::getInstance($productImage,'path');
if($productImage->save())
{
$productImage->image->saveAs('some/new/path');
// redirect to success page
}
}
$this->render('update', array(
'product'=>$product,
'productImage'=>$productImage,
));
}
Now note that this solution is not tested so there will be bugs, but it should give you an idea on how to write your own form.
Resources:
http://www.yiiframework.com/wiki/2/how-to-upload-a-file-using-a-model/
http://www.yiiframework.com/wiki/384/creating-and-updating-model-and-its-related-models-in-one-form-inc-image
I'm building a module using hook_preprocess_node()
I've made a new view mode for the node entity called ´vacancy_teaser´ using the hook_entity_info_alter()
this shows up in my node display settings and view
so I want to use the template included in my module when this view mode is used.
my code:
/**
* Implements hook_preprocess_node().
*/
function vacancies_preprocess_node(&$vars) {
if($vars['view_mode'] == 'vacancy_teaser') {
$vars['theme_hook_suggestions'][] = 'node_vacancy_teaser';
}
}
my template file is called: ´node-vacancy-teaser.tpl.php´ but is not used in the output of my view
$vars['view_mode'] == 'vacancy_teaser' in the view. ( tested )
but where does $vars['theme_hook_suggestions'][] = 'node_vacancy_teaser'; looks for the template file? somehow it's not included / used.
apparently in drupal 7 useing dubble underscores is required for some reason.
node_vacatures_vacancy_teaser.tpl.php placed in the active template folder seems to do the trick... although I don't think this is a neat solution since the tpl.php file is separated from the module.
Be sure to specify the template file in the hook_theme implementation. The examples project is great for finding out the details of how to do things like this. Specifically, check out the theming_example_theme() function in the theming_example module…
function theming_example_theme() {
return array(
// …
'theming_example_text_form' => array(
'render element' => 'form',
// In this one the rendering will be done by a tpl.php file instead of
// being rendered by a function, so we specify a template.
'template' => 'theming-example-text-form',
),
);
}
Instead of appending to the end of the $vars['theme_hook_suggestions'] array, try:
array_unshift($vars['theme_hook_suggestions'], 'node_vacancy_teaser');
This will pass your suggestion to the front of the array, and it will be found first. Most likely since you are appending it to the end of the array, Drupal is finding an existing theme suggestion first and using it instead (such as node.tpl.php).
I am trying to get Propel to work in my Zend app, it seems that I can get the Propel library to load (from library/propel) but when called I get the exception: 'No connection information in your runtime configuration file for datasource [default]' (when I try to make a connection: 'Propel::getConnection'). My Db is not even named 'default'. I have this in my bootstrap.php from another SO question/answer:
require_once 'propel/Propel.php';
Propel::setConfiguration($this->getOptions('propel/MyPropel-conf.php'));
Propel::initialize();
// so we can get the connection from the registry easily
return Propel::getConnection();
I want the Propel configs (classmap conf as well) to be in the '/application/configs' (copies are there too right now), but I thought If I can get Propel to load from library/propel, then maybe moving my 'conf' files there, I may get them to load too. It seems that if I 'force' the config, by manually loading the params, or if I seem to get it in a temporary 'right' location (or use an absolute path), the exception I then get is this:
'Unable to open PDO connection [wrapped: SQLSTATE[28000] [1045] Access denied for user 'www-data'#'localhost'
As if Propel is not paying any attention to my configs.
My config looks like this; converted from the xml:
$conf = array (
'datasources' =>
array (
'unmActTestDB' =>
array (
'adapter' => 'mysql',
'connection' =>
array (
'dsn' => 'mysql://root:PASSWORD#localhost/unmActTestDB',
),
),
'default' => 'unmActTestDB',
),
'log' =>
array (
'ident' => 'propel-act',
'level' => '7',
),
'generator_version' => '1.5.6',
);
$conf['classmap'] = include(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'classmap-unmActTestDB-conf.php');
return $conf;
If it helps, I still have the Zend PDO DB adapter loading in the application.ini file too, would that cause a clash?. Is there a standard way to get Propel to work with Zend? Or can anyone see what I'm doing wrong?
I have been to several posts here on SO, and a couple popular posts like this one The Adventures Of Merging Propel With Zend Framework and this one at Zend's dev zone Integrating Propel with the Zend Framework, among others including the Propel Docs. They have been helpful, but I am really struggling with this. Thanks in advance! My current Zend Directory structure looks like this (w/ the two propel confs also in the library/propel folder:
What I ended up doing is this:
I got a good grip on how to generate my models from a 'reverse' using Propel. It created (as before) a 'schema.xml' file for me to build my models with.
Also my 'runtime.xml' file was incorrect for my needs, after the build I was not connecting to the right database because of my omission of a few tags, overall it is quite simple though:
<?xml version="1.0" encoding="UTF-8"?>
<config>
<log>
<ident>unmActTestDB</ident>
<level>7</level>
</log>
<propel>
<datasources default="unmActTestDB">
<datasource id="unmActTestDB">
<adapter>mysql</adapter>
<connection>
<dsn>mysql:host=localhost;dbname=unmActTestDB</dsn>
<user>zend</user>
<password>PASSWORD</password>
<database>unmActTestDB</database>
</connection>
</datasource>
</datasources>
</propel>
</config>
The 'dsn' tag has to be in the format above with the addition of the 'user', 'password', and the 'database' tags. This fixed my issue with the database connection errors. As quoted above (and here) the exception thrown was: 'No connection information in your runtime configuration file for datasource [default]'
As far as the loading of my models goes, I ended up putting them in my 'library' folder, I already have that folder autoloading in my app, plus it seemed like a good place form them.
here is an image of my 'updated' directory structure:
Note the addition of the 'unmActTestDB' folder in my directory, this is my ORM models.
Another thing to note is that I put my generated 'conf' files into my 'application/configs' folder. These are correct now, after the correction of the runtime.xml file and a 'rebuild'.
As a side note, I had to edit my 'schema.xml' file by hand (several times :) )...The original database used plural names for the tables, so I edited all the 'phpname' declarations (attributes actually, on the declaration tag) to be singular so I wouldn't access an object called 'Users'...instead I can now access a 'User' object. I kept the table names the same (tables are plural, and I won't have any issues importing the existing data, etc.) This was suggested by an answer to another one of my questions, see here How to get related object Propel ORM.
The other big edit I made was to add primary key declarations (again, attributes) for the many SQL views in the DB, also I added a 'readonly' and a 'noSQL' attributes to the declarations, this way I will have access (through the Propel models) to my views.
And, just to be thorough, and for those who are interested here is the addition to my 'bootstrap.php' file that does my 'Propel Init' for me...
protected function _initPropel()
{
$this->_logger->info('Bootstrap ' . __METHOD__);
require '../library/propel/Propel.php';
Propel::init(APPLICATION_PATH . '/configs/unmActTestDB-conf.php');
Propel::initialize();
return Propel::getConnection();
}
Another NOTE: the '$this->_logger->info('Bootstrap ' . METHOD);' calls my 'logging' method that just tells 'firePHP' that this method has loaded. The /configs/unmActTestDB-conf.php' calls the second 'conf' file that Propel generates... and here is the 'corrected' version of that file (the unmActTestDB.conf file that is), Note the changes in the 'connection' array.
<?php
// This file generated by Propel 1.5.6 convert-conf target
// from XML runtime conf file runtime-conf.xml
$conf = array (
'datasources' =>
array (
'unmActTestDB' =>
array (
'adapter' => 'mysql',
'connection' =>
array (
'dsn' => 'mysql:host=localhost;dbname=unmActTestDB',
'user' => 'zend',
'password' => 'PASSWORD',
'database' => 'unmActTestDB',
),
),
'default' => 'unmActTestDB',
),
'log' =>
array (
'ident' => 'unmActTestDB',
'level' => '7',
),
'generator_version' => '1.5.6',
);
$conf['classmap'] = include(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'classmap-unmActTestDB-conf.php');
return $conf;
I am off and running now! This was a great way to go, otherwise I was looking and writing sooo many mapping classes for my app. Propel (currently) generates over 300 models for this application! Plus the base classes, it would take me forever...
I am having some issues with full view caching in cakephp.
The url that I would like to cache is /posts/badge/23/size:180x150 I have been able to cache the view successfully by adding $cacheAction = "1 hour"; to the controller.
Since I do not want to cache all methods in the controller (just specific methods) I tried to use the array syntax to match the url /posts/badge/23/size:180x150
where 23 is the post ID and size is a named parameter (there are 2
variations of size).
So my question is what is the proper (if any) match to place in
cacheAction to cache all posts/badges/* Here are some examples that I
have tried:
var $cacheAction = array(
'badge/*' => '+1 hour',
'posts/badge/23/size:180x150' => '1 hour',
'badge/23/size:180x150' => '1 hour',
'posts/badge/:id/:size' => '1 hour',
'badge/:id/:size' => '1 hour',
);
None of these seem to match (or at least do not cache for some
reason). I do need to cache posts/badge//size: and trap each of the
parameters being passed.
Again, if I set $cacheAction = "1 hour"; then the cache file is
created (the file tmp/cache/views/posts_badge_23_size_180x150.php is
created)
Has anyone been able to create a cache for a dynamic url?
CakePHP's CacheHelper currently isn't capable of Routes. CacheHelper::cache(), which is responsible for parsing and checking the $cacheAction settings does not use any Router functionality, it just does some string checking.
You can use your own CacheHelper, just modify the cache() method appropriately and place the file cache.php in app/views/helpers.
This ticket is similiar to your problem, the solution posted there may help you: trac.cakephp.org/ticket/6192
On this page: Caching in the Controller it says:
Remember to use your routes in the $cacheAction if you have any.
So try creating some routes that match your URL structure and using them for cacheAction keys. Please report back if it works.