Zend Framework Admin Form extension of Zend_Dojo_Form

The objective of this class is to provide a foundation class for admin forms which provides the following:

  • Security - a hash input is used. It must return to the server with the same value sent to the client.
  • Multi-form pages - this class prefixes all inputs so it can be used to generate forms which coexist on the same page. validate, getValues and populate have an additional parameter to support this, indicating whether or not to use the prefix.
  • Greater transaction safety - the version number of the data is sent to the client, and tested later to ensure the data was not changed prior to saving. This test is performed in the Doctrine code, using a Record_Listener which tests the version submitted against the current record version and then increments it prior to save if valid, or throws an exception in the case of a mismatch.
  • ACL support - the form reviews the array of buttons set in the extension class to ensure the administrator has adequate privileges.

PHP

<?php
    // application/forms/Account.php
    class Admin_Form extends Zend_Dojo_Form
    {
        protected $_security null;
        protected $_buttons null;
        protected $_hash null;
        protected $_prefix '';
 
        public function init()
        {    
            $front Zend_Controller_Front::getInstance();
            $this->setAction('/'.$front->getRequest()->getParam('module').'/'.$front->getRequest()->getParam('controller'));
            $security array();
            $security['hash'] = new Zend_Form_Element_Hash('hash');
            $security['hash']->setOptions(array('salt'=>'unique'));
            $security['id'] = new Zend_Dojo_Form_Element_TextBox('id');
            $security['version'] = new Zend_Dojo_Form_Element_TextBox('version');
            $security_names array();
            foreach ($security as $k => $v)
                $v->setRequired(true)
                    ->addValidator('Identical')
                    ->addFilter('StringTrim');
            $this->addElements($security);
            $this->_security $security;
            $this->addDisplayGroup(array_keys($security),'hsh',array('order'=>0,'style'=>"display:none"));
            if ($this->_buttons != null
            {
                $acl_buttons=array();
                $buttons_ok=false;
                if (Zend_Auth::getInstance()->hasIdentity())
                {
                    $identity Zend_Auth::getInstance()->getIdentity();
                    $role $identity['role'];
                }
                else
                    $role 'none';
                $acl Zend_Registry::get('Zend_Acl');
                $resource 'mvc:'.$front->getRequest()->getParam('module').'.'.$front->getRequest()->getParam('controller');
                $buttons $this->_buttons;
                foreach ($buttons as $k => $v)
                    if ($acl->has($resource) && $acl->isAllowed($role,$resource,$k))
                    {
                        $this->addElement($v);
                        $buttons_ok=true;
                    }
                if ($buttons_ok
                    $this->addDisplayGroup(array_keys($buttons),'buttons',array('order'=>100,'class'=>'buttons'));
            }
            parent::init();
        }
 
        protected function setPrefix($prefix)
        {
            $prefix .= '_';
            $this->_prefix $prefix;
            $elements $this->getElements();
            foreach ($elements as $k => $v)
            {
                $v->setName($prefix.$k);
                $this->prefixElement($k);
            }
            $display_groups $this->getDisplayGroups();
            foreach ($display_groups as $k => $v)
                $v->setName($prefix.$k);        
            $this->_hash $prefix.'hash';
            foreach ($this->_security as $k => $v)
            {
                $this->_security[$prefix.$k] = $v;
                unset($this->_security[$k]);
            }
            /* Avoids duplicate id in XHTML for hash */
            $fix $this->getElement($prefix.'hash');
            $tag $fix->getDecorator('HtmlTag');
            $tag->setOption('id','dd_'.$prefix.'hash');
            foreach ($this->_buttons as $k => $v)
            {
                $this->_buttons[$prefix.$k] = $prefix.$k;
                unset($this->_buttons[$k]);
            }
        }
 
        public function getElement($name)
        {
            $element parent::getElement($this->_prefix.$name);
            if ($element != null)
                return $element;
            /* Fallback */
            $element parent::getElement($name);
            if ($element != null)
                return $element;
            return null;
        }
 
        public function populate($values,$use_prefix false)
        {
            self::_prefixProcessor($values,$use_prefix);
            parent::populate($values);
        }
 
        private function _prefixProcessor(&$data,$use_prefix false)
        {
            $prefixed false;
            if (is_array($data) && (count($data)>=1))
            {
                reset($data); $key key($data);
                $prefixed = (strpos($key,$this->_prefix) === 0);
                if ($use_prefix)
                {
                    if (!$prefixed)
                    {
                        $new_data array();
                        foreach ($data as $k => $v)
                            $new_data[$this->_prefix.$k] = $v;
                        $data array();
                        $data $new_data;
                    }
                }
                else
                    if ($prefixed)
                    {
                        $prefixLength strlen($this->_prefix);
                        $new_data array();
                        foreach ($data as $k => $v)
                            $new_data[substr($k,$prefixLength)] = $v;
                        $data array();
                        $data $new_data;
                    }
            }
        }
 
        public function setTokens()
        {
            if (($this->_hash == null) || ($this->_security == null)) return;
 
            $session_security=$this->getElement($this->_hash)->getSession();
            $security $this->_security;
            foreach ($security as $k => $v)
                $session_security->$k $this->getElement($k)->getValue();
        }
 
        public function getTokens()
        {
            if (($this->_hash == null) || ($this->_security == null)) return;
 
            $session_security=$this->getElement($this->_hash)->getSession();
            $security $this->_security;
            foreach ($security as $k => $v)
            {
                $validator $this->getElement($k)->getValidator('Identical');
                if (isset($session_security->$k))
                    $validator->setToken($session_security->$k);
                else
                    $validator->setToken('');
            }
        }
 
        public function getValues($data null,$prefixed false)
        {
            $return parent::getValues();
 
            if ($this->_buttons != null)
                $return array_diff ($return,$this->_buttons);
 
            self::_prefixProcessor($return,$prefixed);
 
            return $return;
        }
 
        private function prefixElement($name)
        {
            $name = (string) $name;
            if (isset($this->_elements[$name])) {
                $this->_elements[$name]->setName($this->_prefix.$name);
                $this->_elements[$this->_prefix.$name]=$this->_elements[$name];
                unset($this->_elements[$name]);
                if (array_key_exists($name$this->_order)) {
                    $this->_order[$this->_prefix.$name]=$this->_order[$name];
                    unset($this->_order[$name]);
                    $this->_orderUpdated true;
                } else {
                    foreach ($this->_displayGroups as $group) {
                        if (null !== $group->getElement($name)) {
                            $group->addElement($this->getElement($this->_prefix.$name));
                            $group->removeElement($name);
                        }
                    }
                }
                return true;
            }
 
            return false;
        }
 
    }

Doctrine code to test and update the version number. This is added in to the model for the data with addListener.

PHP

<?php
class Record_Listener extends Doctrine_Record_Listener
{
    public function preUpdate(Doctrine_Event $event
    {
        $invoker $event->getInvoker();
        if (array_key_exists('version',$invoker->getModified())) 
        {
            $invoker->getErrorStack()->add('version','match');
            throw new Doctrine_EventListener_Exception('Version not identical');
        }
        /* Prevents modification of uuid */
        unset($invoker->uuid);
        $invoker->version++;
    }
 
    public function preDelete(Doctrine_Event $event)
    {
        $invoker $event->getInvoker();
        if (array_key_exists('version',$invoker->getModified()))
        {
            $invoker->getErrorStack()->add('version','match');
            throw new Doctrine_EventListener_Exception('Version not identical');
        }
    }
}

This an the extension of the Admin_Form. It sets the name, configuratino from the user.ini file, buttons array, and the prefix.

PHP

<?php
    // application/forms/Account.php
    class Admin_User_View_Form extends Admin_Form
    {
        public function init()
        {
            $this->setName('frmUserView');
            $user = new Zend_Config_Ini(APPLICATION_PATH."/configs/admin/user.ini",'production',true);
            $this->setConfig($user);
            $this->_buttons array();
            $this->_buttons['save'] = new Zend_Dojo_Form_Element_Button('save');
            $this->_buttons['save']->setOptions(array(
                'name' => 'save',  
                'label' => 'Save',
                'value' => 'save',
                'onclick' => 'user_save()'));
            parent::init();
            $this->setPrefix('user');
        }
    }

Sample view implementation. $user is a Doctrine object with the data. This is an AJAX form, so the json helper is used. Note the call to setTokens, which sets the hash value and saves the security elements in a session variable for later validation.

PHP

$data $user->getData();
            $form = new Admin_User_View_Form();
            $form->populate($data);
            $hash $form->getElement('hash')->getHash();
            $form->setTokens();
            $values $form->getValues(null,true);
            unset($values['user_password']);
            foreach ($values as $k => $v)
                $values[$k] = $this->view->escape($v);
            $this->_helper->json($values);

Sample save implementation, from the same controller. Note the getTokens call which retrieves the saved session data for the form.

PHP

$form = new Admin_User_View_Form();
            $form->getTokens();
            $data $this->getRequest()->getPost();
                        if ($form->isValidPartial($data))
                        {
                            $form->populate($data,true);
                            $user->fromArray($form->getValues($data,false));
                        }
            else
                $this->_helper->json(array('form'=>$form->processAjax($data)));

Supporting javascript is omitted, because it’s really application specific. One note is that the hash input isn’t a dojo/dijit input, so it must be handled manually with dojo.byId, instead of auto loaded with the form values.

This has been updated to work with Zend Framework 1.11.