« Word VBA Macro to Remove All Bookmarks in a Document
Zend Framework Regex Routing Example »

Zend Framework Admin Form extension of Zend_Dojo_Form

The objective of this class is to provide a foundation class for admin forms which provides the following:

  • Security - a hash input is used. It must return to the server with the same value sent to the client.
  • Multi-form pages - this class prefixes all inputs so it can be used to generate forms which coexist on the same page. validate, getValues and populate have an additional parameter to support this, indicating whether or not to use the prefix.
  • Greater transaction safety - the version number of the data is sent to the client, and tested later to ensure the data was not changed prior to saving. This test is performed in the Doctrine code, using a Record_Listener which tests the version submitted against the current record version and then increments it prior to save if valid, or throws an exception in the case of a mismatch.
  • ACL support - the form reviews the array of buttons set in the extension class to ensure the administrator has adequate privileges.

<?php
	// application/forms/Account.php
	class Admin_Form extends Zend_Dojo_Form
	{
		protected $_security = null;
		protected $_buttons = null;
		protected $_hash = null;
		protected $_prefix = '';

		public function init()
		{	
			$front = Zend_Controller_Front::getInstance();
			$this->setAction('/'.$front->getRequest()->getParam('module').'/'.$front->getRequest()->getParam('controller'));
			$security = array();
			$security['hash'] = new Zend_Form_Element_Hash('hash');
			$security['hash']->setOptions(array('salt'=>'unique'));
			$security['id'] = new Zend_Dojo_Form_Element_TextBox('id');
			$security['version'] = new Zend_Dojo_Form_Element_TextBox('version');
			$security_names = array();
			foreach ($security as $k => $v)
				$v->setRequired(true)
					->addValidator('Identical')
					->addFilter('StringTrim');
			$this->addElements($security);
			$this->_security = $security;
			$this->addDisplayGroup(array_keys($security),'hsh',array('order'=>0,'style'=>"display:none"));
			if ($this->_buttons != null) 
			{
				$acl_buttons=array();
				$buttons_ok=false;
				if (Zend_Auth::getInstance()->hasIdentity())
        		{
		            $identity = Zend_Auth::getInstance()->getIdentity();
        		    $role = $identity['role'];
				}
				else
					$role = 'none';
				$acl = Zend_Registry::get('Zend_Acl');
				$resource = 'mvc:'.$front->getRequest()->getParam('module').'.'.$front->getRequest()->getParam('controller');
				$buttons = $this->_buttons;
				foreach ($buttons as $k => $v)
					if ($acl->has($resource) && $acl->isAllowed($role,$resource,$k))
					{
						$this->addElement($v);
						$buttons_ok=true;
					}
				if ($buttons_ok) 
					$this->addDisplayGroup(array_keys($buttons),'buttons',array('order'=>100,'class'=>'buttons'));
			}
			parent::init();
		}

		protected function setPrefix($prefix)
		{
			$prefix .= '_';
			$this->_prefix = $prefix;
			$elements = $this->getElements();
			foreach ($elements as $k => $v)
			{
				$v->setName($prefix.$k);
				$this->prefixElement($k);
			}
            $display_groups = $this->getDisplayGroups();
            foreach ($display_groups as $k => $v)
				$v->setName($prefix.$k);		
			$this->_hash = $prefix.'hash';
			foreach ($this->_security as $k => $v)
			{
				$this->_security[$prefix.$k] = $v;
				unset($this->_security[$k]);
			}
			/* Avoids duplicate id in XHTML for hash */
			$fix = $this->getElement($prefix.'hash');
			$tag = $fix->getDecorator('HtmlTag');
			$tag->setOption('id','dd_'.$prefix.'hash');
			foreach ($this->_buttons as $k => $v)
			{
				$this->_buttons[$prefix.$k] = $prefix.$k;
				unset($this->_buttons[$k]);
			}
		}

		public function getElement($name)
		{
			$element = parent::getElement($this->_prefix.$name);
			if ($element != null)
				return $element;
			/* Fallback */
			$element = parent::getElement($name);
			if ($element != null)
				return $element;
			return null;
		}

		public function populate($values,$use_prefix = false)
		{
			self::_prefixProcessor($values,$use_prefix);
			parent::populate($values);
		}

		private function _prefixProcessor(&$data,$use_prefix = false)
		{
            $prefixed = false;
            if (is_array($data) && (count($data)>=1))
            {
                reset($data); $key = key($data);
                $prefixed = (strpos($key,$this->_prefix) === 0);
            	if ($use_prefix)
				{
					if (!$prefixed)
		            {
						$new_data = array();
        	    	    foreach ($data as $k => $v)
            	    	    $new_data[$this->_prefix.$k] = $v;
						$data = array();
						$data = $new_data;
	    	        }
				}
				else
					if ($prefixed)
					{
						$prefixLength = strlen($this->_prefix);
                        $new_data = array();
                        foreach ($data as $k => $v)
                            $new_data[substr($k,$prefixLength)] = $v;
                        $data = array();
                        $data = $new_data;
					}
			}
		}

		public function setTokens()
		{
            if (($this->_hash == null) || ($this->_security == null)) return;

            $session_security=$this->getElement($this->_hash)->getSession();
            $security = $this->_security;
            foreach ($security as $k => $v)
				$session_security->$k = $this->getElement($k)->getValue();
		}

		public function getTokens()
		{
			if (($this->_hash == null) || ($this->_security == null)) return;

            $session_security=$this->getElement($this->_hash)->getSession();
			$security = $this->_security;
			foreach ($security as $k => $v)
			{
				$validator = $this->getElement($k)->getValidator('Identical');
				if (isset($session_security->$k))
					$validator->setToken($session_security->$k);
				else
					$validator->setToken('');
			}
		}

		public function getValues($data = null,$prefixed = false)
		{
			$return = parent::getValues();

			if ($this->_buttons != null)
				$return = array_diff ($return,$this->_buttons);

			self::_prefixProcessor($return,$prefixed);

			return $return;
		}

		private function prefixElement($name)
	    {
    	    $name = (string) $name;
        	if (isset($this->_elements[$name])) {
				$this->_elements[$name]->setName($this->_prefix.$name);
				$this->_elements[$this->_prefix.$name]=$this->_elements[$name];
	            unset($this->_elements[$name]);
    	        if (array_key_exists($name, $this->_order)) {
					$this->_order[$this->_prefix.$name]=$this->_order[$name];
        	        unset($this->_order[$name]);
            	    $this->_orderUpdated = true;
	            } else {
    	            foreach ($this->_displayGroups as $group) {
        	            if (null !== $group->getElement($name)) {
							$group->addElement($this->getElement($this->_prefix.$name));
            	            $group->removeElement($name);
	                    }
    	            }
        	    }
	            return true;
    	    }

        	return false;
	    }

	}

Doctrine code to test and update the version number. This is added in to the model for the data with addListener.

<?php
class Record_Listener extends Doctrine_Record_Listener
{
    public function preUpdate(Doctrine_Event $event) 
	{
		$invoker = $event->getInvoker();
		if (array_key_exists('version',$invoker->getModified())) 
		{
			$invoker->getErrorStack()->add('version','match');
			throw new Doctrine_EventListener_Exception('Version not identical');
		}
		/* Prevents modification of uuid */
		unset($invoker->uuid);
		$invoker->version++;
	}

	public function preDelete(Doctrine_Event $event)
	{
		$invoker = $event->getInvoker();
		if (array_key_exists('version',$invoker->getModified()))
		{
			$invoker->getErrorStack()->add('version','match');
			throw new Doctrine_EventListener_Exception('Version not identical');
		}
	}
}

This an the extension of the Admin_Form. It sets the name, configuratino from the user.ini file, buttons array, and the prefix.

<?php
	// application/forms/Account.php
	class Admin_User_View_Form extends Admin_Form
	{
		public function init()
		{
			$this->setName('frmUserView');
			$user = new Zend_Config_Ini(APPLICATION_PATH."/configs/admin/user.ini",'production',true);
			$this->setConfig($user);
			$this->_buttons = array();
			$this->_buttons['save'] = new Zend_Dojo_Form_Element_Button('save');
			$this->_buttons['save']->setOptions(array(
				'name' => 'save',  
				'label' => 'Save',
				'value' => 'save',
				'onclick' => 'user_save()'));
			parent::init();
			$this->setPrefix('user');
		}
	}

Sample view implementation. $user is a Doctrine object with the data. This is an AJAX form, so the json helper is used. Note the call to setTokens, which sets the hash value and saves the security elements in a session variable for later validation.


			$data = $user->getData();
			$form = new Admin_User_View_Form();
			$form->populate($data);
			$hash = $form->getElement('hash')->getHash();
			$form->setTokens();
			$values = $form->getValues(null,true);
			unset($values['user_password']);
            foreach ($values as $k => $v)
                $values[$k] = $this->view->escape($v);
			$this->_helper->json($values);

Sample save implementation, from the same controller. Note the getTokens call which retrieves the saved session data for the form.


			$form = new Admin_User_View_Form();
			$form->getTokens();
			$data = $this->getRequest()->getPost();
                        if ($form->isValidPartial($data))
                        {
                            $form->populate($data,true);
                            $user->fromArray($form->getValues($data,false));
                        }
			else
				$this->_helper->json(array('form'=>$form->processAjax($data)));

Supporting javascript is omitted, because it’s really application specific. One note is that the hash input isn’t a dojo/dijit input, so it must be handled manually with dojo.byId, instead of auto loaded with the form values.

This has been updated to work with Zend Framework 1.11.

Dojo, Zend Framework, Doctrine ORM
 Print article This entry was posted by elvis on 11/13/10 at 10:15:00 am . Follow any responses to this post through RSS 2.0.