SitePoint Sponsor |
|
User Tag List
Results 1 to 6 of 6
Thread: view & permissions
-
Mar 28, 2007, 08:30 #1
- Join Date
- Aug 2006
- Location
- Poland
- Posts
- 108
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
view & permissions
Hi
I have a small problem with a view part of mvc, when the view consists of some smaller chunks dependent on the user permissions.
I use just a php as a template language and render views from within the controller.
I see 2 scenarios (I'm using 1st now),
1. I just check perms in the view itself, like
PHP Code:<div
<form... >
<label>1</label>
<input type=text >
<?php if ($this->registry->Auth->hasAccess('blabla')): ?>
<label>2</label>
<input type=text >
<?php endif; ?>
<?php if ($this->registry->Auth->hasAccess('xxx')): ?>
<label>3</label>
<input type=text >
<?php endif; ?>
<label>4</label>
<input type=text >
</form>
</div>
The first option is quite simple, while the 2nd would require much more work, especially when something changes (and when there are more variants)
What do you do in such cases?
-
Mar 30, 2007, 07:59 #2
- Join Date
- Aug 2006
- Location
- Poland
- Posts
- 108
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
nobody?
-
Mar 30, 2007, 09:25 #3
- Join Date
- Jan 2003
- Posts
- 5,748
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
> , while checking perms in the controller.
I wouldn't put the responsibility in the Controller, as that isn't where it should be; To check your permissions within the View would be valid I suppose, but provided that, that responsibility is encapsulated...
At the moment, you don't encapsulate that validation; Pass in a Helper to the View class it's self, and do it from there, ie
PHP Code:final class QPage_View extends QPage {
public function __construct( /* interface */ $validator ) {
$this -> validator = $validator;
}
// ...
public function hasPermission() {
// you may have parameters to pass?
// if so, encapsulate them with a Model,
// and pass that Model to the View, rather
// than have those parameters in the template
return $this -> validator -> has Permission();
}
// ...
}
-
Mar 30, 2007, 16:10 #4
- Join Date
- Aug 2006
- Location
- Poland
- Posts
- 108
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Yes, I have a separate class, whose the only role is to hold the permission level for logged in user and some public methods to read/check those permissions. So, it's just an object in the registry used in similar ways to sessions or db.
As usual, I don't really understand your exampleHow would I encapsulate it ? Could you elaborate a bit?
BTW. I don't have any View class at all. My view is just a procedural template.
Thanks
-
Mar 31, 2007, 01:48 #5
- Join Date
- Jan 2003
- Posts
- 5,748
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
> How would I encapsulate it ?
Well, the example I posted, the responsibility was encapsulated within the View it's self, ie
PHP Code:public function hasPermission() { ...
The point of encapsulating the responsibility is that at the moment, you are limited to one point of access; That Registry. If you wanted to later change to something else, you couldn't because you'd have to then go and change all your templates?
Whilst if you encapsulate within the View, you wouldn't need to change the template, nor the View it's self - you would just pass in a different Validator, to put a name to it, but it's not really a validator as such...
The responsibility moves from the template in your case, to this validator therefore
-
Mar 31, 2007, 11:08 #6
- Join Date
- May 2004
- Location
- Central USA
- Posts
- 806
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Sometimes when I am under a deadline I cheat and just check a session variable in the view, like so:
PHP Code:<div>
<form... >
<label>1</label>
<input type=text >
<?php if (isset($_SESSION['userAuth'])): ?>
<label>2</label>
<input type=text >
<?php endif; ?>
<label>3</label>
<input type=text >
</form>
</div>Stackbox CMS - Full edit-on-page drag-and-drop CMS
Autoridge - Vehicle information & maintenance part numbers
Twitter | Blog | Online Javascript Compressor
Bookmarks