SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot
    Join Date
    Aug 2006
    Location
    Poland
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    view & permissions

    Hi

    I have a small problem with a view part of mvc, when the view consists of some smaller chunks dependent on the user permissions.

    I use just a php as a template language and render views from within the controller.

    I see 2 scenarios (I'm using 1st now),
    1. I just check perms in the view itself, like
    PHP Code:
    <div
        <form... >

        <label>1</label>
        <input type=text >

        <?php if ($this->registry->Auth->hasAccess('blabla')): ?>

        <label>2</label>
        <input type=text >

        <?php endif; ?>
        
        <?php if ($this->registry->Auth->hasAccess('xxx')): ?>

        <label>3</label>
        <input type=text >

        <?php endif; ?>

        <label>4</label>
        <input type=text >

        </form>

    </div>
    2. I create the views for different scenarios and render them, while checking perms in the controller.

    The first option is quite simple, while the 2nd would require much more work, especially when something changes (and when there are more variants)

    What do you do in such cases?

  2. #2
    SitePoint Zealot
    Join Date
    Aug 2006
    Location
    Poland
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    nobody?

  3. #3
    Non-Member
    Join Date
    Jan 2003
    Posts
    5,748
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    > , while checking perms in the controller.

    I wouldn't put the responsibility in the Controller, as that isn't where it should be; To check your permissions within the View would be valid I suppose, but provided that, that responsibility is encapsulated...

    At the moment, you don't encapsulate that validation; Pass in a Helper to the View class it's self, and do it from there, ie

    PHP Code:
    final class QPage_View extends QPage {
            public function 
    __construct/* interface */ $validator ) {
                
    $this -> validator $validator;
            }
            
            
    // ...
            
            
    public function hasPermission() {
                
    // you may have parameters to pass?
                // if so, encapsulate them with a Model,
                // and pass that Model to the View, rather 
                // than have those parameters in the template
                
    return $this -> validator -> has Permission();
            }
            
            
    // ...
        

    Doesn't need to be complex; Don't design for something you may never need... See how that works for you and get back

  4. #4
    SitePoint Zealot
    Join Date
    Aug 2006
    Location
    Poland
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dr Livingston View Post
    > , while checking perms in the controller.

    I wouldn't put the responsibility in the Controller, as that isn't where it should be; To check your permissions within the View would be valid I suppose, but provided that, that responsibility is encapsulated...

    At the moment, you don't encapsulate that validation; Pass in a Helper to the View class it's self, and do it from there, ie
    Yes, I have a separate class, whose the only role is to hold the permission level for logged in user and some public methods to read/check those permissions. So, it's just an object in the registry used in similar ways to sessions or db.

    As usual, I don't really understand your example How would I encapsulate it ? Could you elaborate a bit?

    BTW. I don't have any View class at all. My view is just a procedural template.

    Thanks

  5. #5
    Non-Member
    Join Date
    Jan 2003
    Posts
    5,748
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    > How would I encapsulate it ?

    Well, the example I posted, the responsibility was encapsulated within the View it's self, ie

    PHP Code:
    public function hasPermission() { ... 
    Where as you are accessing it directly via a Registry? I kind of disapprove of giving the View that much knowledge; It should only be aware of Model(s) only, but that is my own personal view, and not an authoritive statement

    The point of encapsulating the responsibility is that at the moment, you are limited to one point of access; That Registry. If you wanted to later change to something else, you couldn't because you'd have to then go and change all your templates?

    Whilst if you encapsulate within the View, you wouldn't need to change the template, nor the View it's self - you would just pass in a different Validator, to put a name to it, but it's not really a validator as such...

    The responsibility moves from the template in your case, to this validator therefore

  6. #6
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sometimes when I am under a deadline I cheat and just check a session variable in the view, like so:
    PHP Code:
    <div>
        <form... >

        <label>1</label>
        <input type=text >

        <?php if (isset($_SESSION['userAuth'])): ?>

        <label>2</label>
        <input type=text >

        <?php endif; ?>

        <label>3</label>
        <input type=text >

        </form>

    </div>
    As long as I am not writing session variables in the view in that way, I can cope with it


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •