Most Restrictive Method

The first example does not allow ANY fields to be written, except for the approved field.

Specifically:

  • New records will be empty and blocked.
  • Database insertions will probably fail via the obj->save() method.
  • Temporary properties cannot be added.
  • Requires an external initial insertion method to populate the database table.
	/**
	 * Overrides the parent function allowing changes on only approved fields.
	 *
	 * @param string $k
	 *        	The field key or name.
	 * @param mixed $v
	 *        	The value to set the field to.
	 * @see xPDOObject::set()
	 */
	public function set($k, $v = null) {
		switch ($k) {
			case 'approveFieldName' :
				
				parent::set ( $k, $v );
				break;
			
			default :
			/* Don't allow changes */
				$this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v );
		}
	}
	
	/**
	 * Intercepts parents magic function forcing requests to go through set.
	 *
	 * @param string $k
	 *        	The field key or name.
	 * @param mixed $v
	 *        	The value to set the field to.
	 *        	
	 * @see self:set
	 */
	public function __set($k, $v = null) {
		$this->set ( $k, $v );
	}

Least Restrictive

The second example allows a higher level of interaction while protecting the restricted data

  • New records are allowed.
  • Database insertions via the obj->save() method will succeed.
  • Temporary properties can be added.
  • Records can be inserted using normal xPDO functionality.
  • Updates to the records are restricted to only permitted fields.
/**
	 * Overrides the parent function allowing changes on only approved fields.
	 *
	 * @param string $k
	 *        	The field key or name.
	 * @param mixed $v
	 *        	The value to set the field to.
	 * @see xPDOObject::set()
	 */
	public function set($k, $v = null) {
		if ($this->_new == FALSE) {
			
			switch ($k) {
				case 'protectedField1' :
				case 'protectedField2' :
				case 'protectedField3' :
				case 'protectedField4' :
				case 'protectedField5' :
				case 'protectedField6' :
				case 'protectedField7':
				/* Don't allow changes */
				$this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v );
					break;
				
				default :
                                        /* Anything here goes */
					parent::set ( $k, $v );
					break;
			}
		} else {
			parent::set ( $k, $v );
		}
	}

Magic Methods

The magic method __set will also have to be intercepted. I chose to send it to either of the above functions.

	/**
	 * Intercepts parents magic function forcing requests to go through set.
	 *
	 * @param string $k
	 *        	The field key or name.
	 * @param mixed $v
	 *        	The value to set the field to.
	 *        	
	 * @see self:set
	 */
	public function __set($k, $v = null) {
		$this->set ( $k, $v );
	}

In this article