checkRequirements, how to secure submittedBy forms handlers

Notice: This thread is very old.
mcmatak
Member | 504
+
0
-

I would like to use checkRequirements also for form handlers, onClick[], onSuccess[] actions, but I am not abble to override form method fireEvents(). This method use property submittedBy, which is private.

So I cant handle with this functions.

Somebody know how to make it?

mcmatak
Member | 504
+
0
-

this is my solution, in my own extended Form class,

<?php

	/**
	 * Fires submit/click events.
	 * @return void
	 */
	public function fireEvents()
	{
		$submittedBy = $this->isSubmitted();
		if (!$submittedBy) {
			return;

		}
		elseif ($submittedBy instanceof \Nette\Forms\ISubmitterControl) {
			if (!$submittedBy->getValidationScope() || $this->isValid()) {
				foreach($submittedBy->onClick as $func) {
					if (is_array($func)) {
						$element = new \Nette\Reflection\Method($func[0], $func[1]);
						$this->presenter->checkRequirements($element);
					}
				}
				$submittedBy->click();
				$valid = TRUE;
			}
			else {
				$submittedBy->onInvalidClick($submittedBy);
			}
		}

		if (isset($valid) || $this->isValid()) {
			foreach($this->onSuccess as $func) {
				if (is_array($func)) {
					$element = new \Nette\Reflection\Method($func[0], $func[1]);
					$this->presenter->checkRequirements($element);
				}
			}

			$this->onSuccess($this);
		}
		else {
			$this->onError($this);
			if ($this->onInvalidSubmit) {
				trigger_error(__CLASS__ . '->onInvalidSubmit is deprecated; use onError instead.', E_USER_WARNING);
				$this->onInvalidSubmit($this);
			}
		}

		if ($this->onSuccess) { // back compatibility
			$this->onSubmit($this);
		} elseif ($this->onSubmit) {
			trigger_error(__CLASS__ . '->onSubmit changed its behavior; use onSuccess instead.', E_USER_WARNING);
			if (isset($valid) || $this->isValid()) {
				$this->onSubmit($this);
			}
		}
	}



?>

not so nice, but do you agree with this solution?

enumag
Member | 2118
+
0
-

I prefer to use checkRequirements on the createComponent* methods. Do you have some reason against it?

mcmatak
Member | 504
+
0
-

yes, if you want to just read, so you need to create form, if you want to control write permission you have to control permission on callback

enumag
Member | 2118
+
0
-

What's the point of showng the form if the user isn't allowed to send it?