[fw-general] Re: Where does this code belong
Thanks for the feedback. Somehow, issues like this bog me down all the time. I've looked at service layer before, even gone so far as to set up the folder structure and get some basic classes going, but I always found myself trying to figure out the purpose of the 'service' layer. I always feel a bit uncomfortable about having the service layer interact with the models without controller involvement. But, this might be a good example of where it fits. Will have more of a read and see what I can get going. Cheers. -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Where-does-this-code-belong-tp3576128p3578223.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] Where does this code belong
I'm hitting my usual problem of getting something working and then wondering if I've done things the right way and put things in the right place. I'm just wondering how skinny a controller should be, as in 'skinny controller, fat model'. As an example, I have a table listing database rows with a form per row with some controls (move up, move down, delete). These are submitted to processAction(), which looks something like this. public function processAction() { $request = $this->getRequest(); if($request->isPost()) { $post = $request->getPost(); // Specify rows with target ids $id_keys = array('row_id', 'up_id', 'down_id'); foreach($post as $key=>$value) { if (in_array($key, $id_keys)) $toTest[] = $value; } // Verify all specified ids are OK to use $mapper = new Vendor_Model_Mapper_Size(); $keyTest = $mapper->hasPermission($toTest, $this->vendor); if ($keyTest) { // SUCCESS - Permission Granted if(isset($post['promote_x'])) { if (isset($post['row_id']) && isset($post['up_id'])) { if (!$mapper->swapSortOrder($post['row_id'], $post['up_id'])) { // FAILURE - Unknown Error $this->_helper->FlashMessenger('Process Failure - Unknown Error.'); } } else { // FAILURE $this->_helper->FlashMessenger('Process Failure - Malformed Request.'); } } if(isset($post['demote_x'])) { if (isset($post['row_id']) && isset($post['down_id'])) { if (!$mapper->swapSortOrder($post['row_id'], $post['down_id'])) { // FAILURE $this->_helper->FlashMessenger('Process Failure - Unknown Error.'); } } else { // FAILURE $this->_helper->FlashMessenger('Process Failure - Malformed Request.'); } } if(isset($post['delete_x']) && isset($post['row_id'])) { if ($mapper->deactivate($post['row_id'])) { // SUCCESS - Deactivated $this->_helper->FlashMessenger('Deleted.'); } else { // FAILURE - Unknown Error $this->_helper->FlashMessenger('Process Failure - Unknown Error.'); } } } else { // FAILURE - Permission Denied $this->_helper->FlashMessenger('Permission Denied.'); } } return $this->_helper->redirector->gotoRoute(array( 'resource' => $request->getParam('resource'), 'controller' => 'size', 'action' => 'index' ), 'vendorResource'); } Now, it seems pretty messy to me (made worse by the fact it needs a going over either way), but at the same time, it kind of 'feels' like the controller is the right place to handle interaction between the model and the view. But is this too 'fat'? How fat is too fat for a controller? An alternative I have been considering is pushing the bulk of that logic into the mapper and giving it a set of message constants, much like a validator. So the new mapper function would return true or false, with the error/success message exposed via a getter. Then I could lose the process action and just pass the form output via indexAction to the new function and then set the output based on a simple pass or fail. This is where it gets murky for me. It would certainly make my controller skinnier, but it is really the mappers place to be handling form input. Well ... possibly. Most of the failures are triggered from database interactions. A lot of it is based on the database failing to return the correct result. Of course, having written this, it now 'feels' like the latter method is more correct. No doubt I'll feel the other way again in an hour or so. Any thoughts? -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Where-does-this-code-belong-tp3576128p3576128.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] Re: subcontroller path separator
My gut feeling is that this trips everybody up the first time around. When you follow a named route, that route becomes the default route for url creation in the current view. That is why, when you go to a page via a named route, any urls created by the url()helper (such as zend_navigation links) will change along with it. Why this is confusing is that there is already a default route (named default). Why a named route should override the default route is something for debate (I feel). When using the url() helper, the second parameter specifies the route to use. So to break out of the current named route, you would need to specify the route to use. So to get back to the default route: url($url_array, 'default'); As for your xml, you can specify the route for each page. For example: Home cms index index default Looks a little more clunky, but it does mean you can mix multiple routes into your MVC navigation. Hope this helps. -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/subcontroller-path-separator-tp3446708p3451455.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] Re: Zend_Form_Element_Password
I'm not entirely sure what the point of showing a pre-filled password box is anyway. If you're going to assume that the user has the credentials (as you are by supplying the password for them), then you might as well just stay with that assumption and not show the password box at all. Also, if the password field is present to allow users to update their password, then I'd be inclined to make them enter their password again manually anyhow, as a password change is a significant status change to a users account. It only makes sense to make sure the person changing the password had access to the original. -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Zend-Form-Element-Password-tp3418078p3421383.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] Re: How can I extend Zend_View_Helper_Navigation_Menu?
I'm officially confused. Is it possible to have two views which work together but are separate? In desperation, I went back to how I was doing it before, in the bootstrap, and then traced it again. The pluginloader found the bootstrap version and then, as described, appended it with the Zend_View_Helper_Navigation prefix ensuring it was loaded in preference to my own. So, thinking along the lines described earlier, I defined the zend path before my own (in bootstrap). And now it works. But I'd love to understand why. If I add breakpoints on where the helperPaths are set, I can watch two distinct objects have paths set, one from application.ini settings, and the other from the settings in the bootstrap. I'm wondering if it is something to do with using a layout, or more the way I am attaching things to my view in my bootstrap. (just out of interest, the navigation object is part of my layout). //Bootstrap.php protected function _initSettings() { // Retrieve the view $this->bootstrap('layout'); $layout = $this->getResource('layout'); $view = $layout->getView(); // Register Custom URL Handler $urlHelper = new Custom_Controller_Action_Helper_Url(); Zend_Controller_Action_HelperBroker::addHelper($urlHelper); // Create ACL and add the ACL action helper $acl = new Custom_Acl(); $aclHelper = new Custom_Controller_Action_Helper_Acl(null, array('acl' => $acl)); Zend_Controller_Action_HelperBroker::addHelper($aclHelper); // Create the site navigation object $nav_config = new Zend_Config_Xml(APPLICATION_PATH . '/configs/navigation.xml', 'nav'); $nav_config = $this->_extrapolateAcl($nav_config->toArray()); $navigation = new Zend_Navigation($nav_config); $role = Zend_Auth::getInstance()->getIdentity(); if(null == $role) $role = 'guest'; else $role = $role->role; // Attach navigation to the view $view->navigation($navigation)->setAcl($acl)->setRole($role); // Other view configuration $view->addHelperPath('Zend/View/Helper/Navigation', 'Zend_View_Helper_Navigation'); $view->addHelperPath('Custom/View/Helper', 'Custom_View_Helper'); $view->doctype('HTML5'); } I'm feeling like I'm creating a layout view here, distinct from the main view, and the two carry their own configurations until the final stages of the render process. Is this normal or am I just doing it wrong? -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/How-can-I-extend-Zend-View-Helper-Navigation-Menu-tp3383587p3384096.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] Re: How can I extend Zend_View_Helper_Navigation_Menu?
Yeah, Ok. It does actually load the helper paths into the pluginLoader instance attached to the view. They seem to be there and all accounted for when the navigation class is called, but it seems that the navigation class sets up it's own instance of pluginLoader in order to get it's view helpers. It appears to go through the process of adding all of the prefix paths again from scratch. Except this time, the ones specified in application.ini are not added, so it will only ever see the zend versions. Again ... unless I'm missing something. -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/How-can-I-extend-Zend-View-Helper-Navigation-Menu-tp3383587p3383935.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] Re: How can I extend Zend_View_Helper_Navigation_Menu?
Hector Virgen wrote: > > This results in a prefix/path stack that looks like this: > > Zend_View_Helper => Zend/View/Helper > Zend_View_Helper_Navigation => Zend/View/Helper/Navigation > Custom_View_Helper => Custom/View/Helper > > At this point Zend_View should now be able to find your custom "menu" view > helper. > How can I verify that? It doesn't seem to have any impact, it still loads Zend_View_Helper_Navigation_Menu. I've stepped through it with xdebug to see how it loads, but as I watch the pluginLoader build the _prefixToPaths, it doesn't seem to include mine. Certainly, by the time it hits load('Menu', true) in pluginLoder, the prefixToPaths only contains two paths for Zend_View_Helper_ and one for Zend_View_Helper_Navigation_. Am I missing a step somewhere, or should those lines in application.ini be all that is needed? -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/How-can-I-extend-Zend-View-Helper-Navigation-Menu-tp3383587p3383887.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] How can I extend Zend_View_Helper_Navigation_Menu?
I'm trying to find a way to extend the menu view helper in order to make a few changes to the way it handles ACL, but I cant seem to find a way to make it use mine instead of the zend version. I have the file located at Custom/View/Helper/Navigation/Menu.php under library (class name 'Custom_View_Helper_Navigation_Menu') I feel like I have tried every variation under the sun, but I cant seem to get anything to make this work. // from bootstrap $this->bootstrap('layout'); $layout = $this->getResource('layout'); $view = $layout->getView(); $view->addHelperPath('Custom/View/Helper', 'Custom_View_Helper'); Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer')->setView($view); Is there something I'm missing or am I just going about it all wrong? -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/How-can-I-extend-Zend-View-Helper-Navigation-Menu-tp3383587p3383587.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
[fw-general] Re: Complex UPDATE statement - Best method
BillKarwin wrote: > > Be aware that query() internally does a prepare() and execute(), so > running execute() a second time is unnecessary. Also, unless your > UPDATE is idempotent, you could change your data in ways you don't > intend. If you had interpolated the values into the SQL string and > executed it twice, it would swap 21 and 22 and then by executing > again, it would swap them back to their original rows! :-) > > But in your example, the second call to execute() should fail anyway, > because the query expects parameters but you aren't passing any. > Thanks for the heads up on that one. I tired it a few times and nothing seemed to be happening. Taking out that execute() call fixed it right up. Seems a prepared query can be executed for some odd reason. I think I'll proceed with the coded query now that i have it working anyhow. Stored Procedures for another day. Thanks to everyone for the feedback. -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Complex-UPDATE-statement-Best-method-tp3347426p3350128.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Complex UPDATE statement - Best method
I've been working with ZF for a while now, but for some odd reason, I have never really come across too many situations where I couldn't get a query to way the way I liked right out of the box, probably because most of the complexity was in the selects. Anyhow, I have a query along the lines of this: UPDATE tbl_unit_size AS size_1, tbl_unit_size AS size_2 SET size_1.sort_order = size_2.sort_order WHERE ( size_1.ID IN (21,22) ) AND ( size_2.ID IN (21,22) ) AND ( size_1.ID <> size_2.ID) ; Basically, it just swaps the sort order of two rows, in this case rows with the ID 21 and 22. Anyhow, I cant see a way to make the dbTable->update() do the trick, so that leaves me with either just making a zend_db_statement, something like this: $sql = "UPDATE tbl_vendor_size AS size_1, tbl_vendor_size AS size_2 SET size_1.sort_order = size_2.sort_order WHERE ( size_1.VS_PK IN (:orig,:dest) ) AND ( size_2.VS_PK IN (:orig,:dest) ) AND ( size_1.VS_PK <> size_2.VS_PK );"; $data = array(':orig' => 21, ':dest' => 22); $query = $this->getDbTable()->getAdapter()->query($sql, $data); $query->execute(); Or would this be better in a stored procedure, in which case I don't know how that would be accessed, or how you would know it worked afterwards. How would you go about this, from a best practices perspective? -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Complex-UPDATE-statement-Best-method-tp3347426p3347426.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Newbie : Message: Invalid controller specified
mich wrote: > > btw would the path be: > > http://localhost/square/public/index/add ?? > > Mich, It's somewhat difficult to say what the URL would be ... you seem to be changing your server setup between each post. But assuming that when you first create the project, you can view the Zend page at http://localhost, you would be able to access the actions you are creating at http://localhost/index/add etc. Or if, as per your last post, you get to your starter page at http://localhost/square/public, then the action URL would be http://localhost/square/public/index/add. You may get more help on issues such as this from an alternate source, perhaps http://www.zfforums.com/ ZFForums . -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Newbie-Message-Invalid-controller-specified-tp3334842p3342461.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Newbie : Message: Invalid controller specified
mich wrote: > > They were created in > > ..square/application/views/scripts/index (in the same folder where there > is the index.phtml). > This is actually the correct location for the files, assuming they were named add.phtml and edit.phtml. These are view files which are loaded when calling the matching functions in the index controller (hence the reason they are in the views/scripts/index folder - they are view scripts belonging to the controller named index). This being fine (although you deleted the files, so maybe not now) your problem seems to be coming from somewhere else. Do you have a a public function indexAction() in the file /application/controllers/IndexController.php? Perhaps you edited the file and inadvertently renamed or removed that file? -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Newbie-Message-Invalid-controller-specified-tp3334842p3341433.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Best Zend Framework Tutorial
Don't know if you've stumbled across this one, but it tends to explain itself better than most. http://akrabat.com/zend-framework-tutorial/ Tutorial: Getting Started with Zend Framework 1.10 It's mostly the fundamentals, but it seems that might be wht what you're after. -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Best-Zend-Framework-Tutorial-tp3335484p3338911.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Setting a custom route seems to break zend_navigation URLs
Hector Virgen wrote: > > In your navigation configuration you need to specify which route to use > for > each page -- it won't default to the "default" route. Without specifying a > route it's like calling the Url view helper and passing in NULL as the > route > (which ends up using the currently matched route). > > -- > *Hector Virgen* > Sr. Web Developer > http://www.virgentech.com > I guess what I find confusing in this is that the route 'default' is not used as the default. You see the word default and you expect that if nothing is specified, then the default value should be used. A lot of confusion could be prevented by simply changing the word 'default' to something else. 'standard' or 'base' or 'basic' perhaps. Either that or make the 'default' route work as the name implies, as the default route when nothing else is specified. I would think that if you wanted to follow some other route than the default, it should be specified. The way it stands, you can use the url helper and navigation without giving it a second thought and it works perfectly, but then you add a route and suddenly it's all reversed and all your links (as based on most of the examples around) are suddenly incorrect ... or imprecise at best. Peter Sharp wrote: > >> >> Peter Sharp wrote: >> > >> > I have defined a custom route in order to capture a parameter in the >> > middle >> > of a URL. >> > >> > ... >> > >> > Which seemed to give the desired result. However, once I have arrived >> at >> > the URL, all my zend_navigation URL's insert the literal part of the >> > custom >> > route. i.e. the home link now ends with \vendor. So once at that URL, >> no >> > links work to allow navigation back to the default controller. >> > >> > ... >> > >> > I have figured out a workaround, by specifying the default route for >> each >> > element added to zend_navigation, but it seems that this should not be >> > required. Surely the default route should be the ... well ... default >> > unless I specify otherwise? >> > >> >> Ok ... so after a long and relatively fruitless search, I decided to have >> a >> look in the Zend Framework Issue Tracker ... and there we go. >> >> My workaround seems to be the desired way to use zend_navigation and the >> url >> view helper is to specify that the default router is to be used on each >> url() call and zend_navigation element in order for the current route not >> to >> be. >> >> I have commented on the issue I found, but this seems odd to me. Surely >> 'default' should be used by default unless another named route is >> supplied? >> >> There is also another issue that I've had and like this one, I somehow >> managed to figure out the way to make it work. If you have a named route >> and you are using zend_navigation, you must specify a default or required >> value for the variable part(s) of your route or it will throw an >> exception. >> >> This may be related to using zend_acl with zend_navigation and custom >> routes, but surely I'm not the only one doing so. >> >> I am right on both these things, yes? They are "expected"? >> >> Thanks >> > -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Setting-a-custom-route-seems-to-break-zend-navigation-URLs-tp3331646p3334286.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Setting a custom route seems to break zend_navigation URLs
I have defined a custom route in order to capture a parameter in the middle of a URL. So '/vendor/test/foo/bar' would translate to: Module- vendor Controller- foo Action - bar Value- test I initially tried the following: protected function _initRoutes() { // Get Front Controller Instance $front = Zend_Controller_Front::getInstance(); // Get Router $router = $front->getRouter(); $route = new Zend_Controller_Router_Route( 'vendor/:value/:controller/:action', array( 'module' => 'vendor', 'action' => 'index', 'value' => 'username' ) ); $router->addRoute('test_route', $route); return $router; } Which seemed to give the desired result. However, once I have arrived at the URL, all my zend_navigation URL's insert the literal part of the custom route. i.e. the home link now ends with \vendor. So once at that URL, no links work to allow navigation back to the default controller. Also tried with the pattern 'vendor/test/:controller/:action' to no avail. I have figured out a workaround, by specifying the default route for each element added to zend_navigation, but it seems that this should not be required. Surely the default route should be the ... well ... default unless I specify otherwise? Any help would be appreciated.
[fw-general] Label decorator and decorators in general
Every time I get into working with forms, I find myself wondering why things have been done in a certain way. One thing that occurs to me is that the 'tag' option for certain decorators, such as the label decorator, seems to be a stop-gap measure for complex elements that need to be wrapped in tags and which are not able to have this done using the parent elements decorator tree. This can make things complex, such as where you want to change the tags wrapping the label element but you also want to assign a class to it. Using the 'tag' option with the label decorator, this seems to be impossible. Just wondering what the response would be to the concept of giving all decorators the ability to inherit child decorators, used something like this ... $this->addDecorator('Label', array('decorator' => array('HtmlTag', array( 'tag' => 'p','class' => 'yourClass','id' => 'yourId' ))); Alternately, you could limit it to HtmlTag and just have ... $this->addDecorator('Label', array('htmltag' => array('tag' => 'p', 'class' => 'yourClass','id' => 'yourId' ))); Implementation would be along the same lines as in the label decorator, where if a decorator/htmltag has been set, it wraps the output of the parent decorator with that of the child before being appended / prepended to the content. In this way, any element could have the current linear decorators, as well as stacked decorators on any aspect. Any element could have multiple decorators, each wrapped in their own individual tags, which I think is tricky to accomplish now.Element decorators could be updated to reflect this change to produce the same output so that there are no compatibility issues. Just wanted to put this out there. I think it would add a lot of flexibility to the decorators as a whole, and perhaps make the whole decorator scheme easier to understand / adjust. Also, does anyone know why it was decided that element labels should not be passed to a viewscript? I've done it now, but it was a real hassle to try and make a viewscript insert the element label AND value. In the end I made an alternate label decorator, otherwise I would have had to sneak the label in via attribs using a modified decorator, which felt a bit too much like a hack. Cheers.
RE: [fw-general] Re: Guidance on storing passwords securely
I think that storing a per user salt and a site salt and using both in your password hashing scheme is about the best you can really do. If a hacker gets into your database in a way that allows them to reveal structure and uncover your salt value, then they still won't be able to replicate the original password without knowing the site salt, which is stored in code, not the database (unless your site salt is too simple). If they can access code and database then all is lost anyway. But this fear that a hacker might be able to get the value for the user salt if it's just in a column names salt in the user table is a little bit redundant really. If they can get the salt value, then they'll pretty much be able to access everything else so they no longer really need your site at all. Why try to find the key when you've already busted down the door? Also, and I hate to say it, but if a user is for some reason using their banking password for any other public site, then they must wear the lions share of the responsibility if or when it is discovered and used by a malicious user. I mean, you have a role to play in the users security, but so do they. From: Hector Virgen [mailto:djvir...@gmail.com] Sent: Tuesday, 31 August 2010 3:56 PM To: Bill Karwin Cc: fw-general General Subject: Re: [fw-general] Re: Guidance on storing passwords securely Bill, do you have any concerns about hackers recovering the user's original (raw) password to log into their other accounts such as banking? That's where I see the salt coming in as a protective measure -- they would need the db as well as the code to discover the password. -- Hector Virgen Sent from my Droid X On Aug 30, 2010 10:50 PM, "Bill Karwin" wrote: > > On Aug 30, 2010, at 10:29 PM, Ralf Eggert wrote: > >> interesting stuff. But where should the distinct salt per user be >> saved? >> It feels quite wrong to store it in the database right beside the >> password. Or should it be combined from, lets say: user id, email >> address and registration date? > > Ideally the salt should be more strongly pseudorandom. You don't need > to use any constant or other user-related field in the calculation of > the salt. Just make it as random as you can make it. And make sure > you use a distinct random salt per user. > > If the attacker gains access to make queries against your database, > you've lost the game anyway, so storing the salt in a column named > "salt" in the same table with the hashed password is not significantly > riskier than storing the salt anywhere else that the attacker gains > access to. > > In other words, don't rely on security by obscurity. Don't even favor > security by obscurity. In some ways, I think it's better *not* to > make your code or database obscure at all, if that encourages you to > strengthen more effective security measures to prevent attackers from > gaining access. > > Regards, > Bill Karwin