-
Notifications
You must be signed in to change notification settings - Fork 34
ATTRIBUTION
WDF let's you define attributes for classes and methods.
They are used to fine-tune resource management (css, less, images,...) and to control the request-to-argument mapping.
Attributes are defined in DocComment and only recognized there.
They follow the syntax @attribute[<name>(<args>)] where <name> defines the attribute and <args> it's constructor arguments.
Each argument is in fact a subclass of the WdfAttribute class.
Currently WDF supports these attributes, but you may extend for your own need:
Attribution uses Reflection and is highly buffered. There's a multi-level cache starting in the easiest case in the SESSION variable, but may be re-used systemwide when you use the globalcache module. So keep in mind, that you may need to clear the cache when class/method attributes change using cache_clear or the ClearTask.
Currenty not used in the WDF itself, but provides a way to mark complete classes or only methods as public. This means that you may implement business logic to check if some parts of your applications do not need a logged in user to be accessible. Let's say you have a base controller which all of your pages inherit.
class MyBaseController extends HtmlPage
{
protected $user = false;
function __initialize()
{
parent::__initialize("");
if( in_object_storage('user') )
$this->user = restore_object('user)';
// If there's no user present, check if the class is marked public...
if( !$this->user )
{
$ref = WdfReflector::GetInstance($this);
$attrs = $ref->GetClassAttributes(['Public']);
//... or if the method called is marked public
if( count($attr) == 0 )
{
$attrs = $ref->GetMethodAttributes(current_event());
if( count($attr) == 0 )
redirect('login'); // not? need to log in
}
}
}
}
/**
* @attribute[Public]
*/
class Login extends HtmlPage {}
class Dashboard extends HtmlPage
{
function Init(){}
/**
* @attribute[Public]
*/
function Logout()
{
delete_object('user');
redirect('login');
}
}This is widely used in the WDF itself but you will most likely need it in your application too. It allows to specify resources to be loaded when a control or template is used on a page. There are many cases where the automatic resource loading does not work. You may then add the Resource attribute to the class to specify additional resources. Resource attributes are inherited, so when a base class specifies a needed resource it will be loaded in all subclasses too.
/**
* @attribute[Resource('res/some-third-party-lib.js')]
*/
class MyBaseController extends HtmlPage {}
class Home extends MyBaseController {}When you navigate to the 'home' page, the some-third-party-lib.js from the res folder will be loaded.
This is used to pass request parameters to controller methods for easy use.
class MyController extends HtmlPage
{
/**
* @attribute[RequestParam('var1','string',false)]
* @attribute[RequestParam('var2','file',false)]
*/
function MyMethod($var1,$var2)
{
// $var1 and $var2 are filled with sanitized data from the request
}
}RequestParam can handle a bunch of types and will automatically sanitize the input (strip out some dangerous stuff). These types are supported:
| Type | Filter | Remarks |
|---|---|---|
string |
FILTER_SANITIZE_STRING | |
text |
Unfiltered string data | |
email |
FILTER_SANITIZE_EMAIL | |
url or uri
|
FILTER_SANITIZE_URL | |
bool or boolean
|
false if '' or 0 or 'false', else true
|
If there's a value given, the filter will compare it against '0', 'false' or '' and if found the result will be false, else it will be true. If there's no value present the default will be used, which defaults to false. Best explanation ever ;) |
int or integer
|
intval |
|
float or double
|
NumberFormat::StrToNumber | Uses the detected CultureInfo, see below. |
currency |
CurrencyFormat::StrToCurrencyValue | Uses the detected CultureInfo, see below. |
| array | An array of data. Note that there will be no filtering of the array entries! | |
object |
in_object_storage | Checks if the variable name is the name of an object in the ObjectStorage and if present, loads this object. Note that this will not use any user input! |
file |
If there's an entry in the FILES variable with the RequestParam name, it will be returned |
RequestParamAttribute uses a CultureInfo object to parse some of the user input. This is automatically deteceted by Localization::detectCulture. You may affect this detection by assigning a function (-name) to the variable $CONFIG['requestparam']['ci_detection_func'].