Hi Ralph, This is how I'd do it:
It sounds like you're dealing with three different things here: form validation, user permissions (or roles / and state) and business rules. if the form is the single entry point into your application, you could probably attach a custom validator to the the textbox for things like the registration. for login / password recovery, you would still validate the form elements, but you would then check (probably in the controller) and set the particular role the user plays in the system (LoggedIn, Guest, Admin, etc...). I believe Zend has support of this through ACL's so that might be worth looking into. I would decouple user behavior on Zend_Db_* from Zend_Db_ itself. Personally, I'd look into implementing a Repository pattern that might ingest user credentials on construction and allow certain functions on the repository based on the role a user has in the system. Then you could test the repository's many states without dealing with the validation issues of the form. I've been playing with Zend Form and custom validators recently and I did a mock up on my blog if you're interested: http://jon.lebensold.ca. my 2 cents, -- jon On Thu, Jun 5, 2008 at 9:08 AM, Ralf Eggert <[EMAIL PROTECTED]> wrote: > Hi, > > I wonder what others think of the best practice for the validation part: > > a) Keep the validation rules in the form objects and let Zend_Form > handle the validation part > > b) Keep the validation rules in the model object and let Zend_Db_Table > handle the validation part by extending its insert() and update() > methods > > c) Keep the validation rules in the row object and let > Zend_Db_Table_Row handle the validation part by extending its > _insert() and _update() methods > > The a) solution has the disadvantage of redundant validation rule > definitions, e.g. think about a user table which has a user_name and > only alphanumeric values and a length between 5 and 16 chars are > allowed. You will have a form for registration, for updating, for login > and for password recovery. All these forms expect the user_name as an > input and in all these forms you will need to add your validation rules. > If you want to change the maximum length to 64 chars you will need to > amend the validation rules for all these forms. The big advantage of > Zend_Form is the very nice integration of the validation part, though. > > If I use the b) solution with a new validate() method which is called by > insert() and update() I will have another problem: for insertion or > updating there might be other fields to be mandatory (e.g. password in > registration is mandatory, while updating it is not). So I still will > probably work with a validateInsert() and a validateUpdate() method, not > to forget the validateLogin() and validatePasswordRecovery() methods. > > None of these solutions seem to be the perfect solution. Maybe to keep > the validation on column level in Zend_Db_Table_Row and let Zend_Form > just define the mandatory / not mandatory part would be the best solution? > > Any thoughts? > > Thanks and best regards, > > Ralf >
