Creating write-protected xPDOObjects

Body
Data retrieved from API's or database tables filled with read-only data may need protection from being altered, deleted, or overwritten. The following offers a technique to block all saves to the database.

Authored on

Tags
Framework

Most Restrictive Method

The first example does not allow ANY fields to be written, except for the approved field.

Specifically:

  • New records will be empty and blocked.
  • Database insertions will probably fail via the obj->save() method.
  • Temporary properties cannot be added.
  • Requires an external initial insertion method to populate the database table.
<?php
/**
 * Overrides the parent function allowing changes on only approved fields.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 * @see xPDOObject::set()
 */
public function set($k, $v = null) {
    switch ($k) {
        case 'approveFieldName' :
            parent::set ( $k, $v );
            break;
	
        default :
        /* Don't allow changes */
            $this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v );
    }
}
/**
 * Intercepts parents magic function forcing requests to go through set.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 *
 * @see self:set
 */
public function __set($k, $v = null) {
	$this->set ( $k, $v );
}

Least Restrictive

The second example allows a higher level of interaction while protecting the restricted data

  • New records are allowed.
  • Database insertions via the obj->save() method will succeed.
  • Temporary properties can be added.
  • Records can be inserted using normal xPDO functionality.
  • Updates to the records are restricted to only permitted fields.
<?php
/**
 * Overrides the parent function allowing changes on only approved fields.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 * @see xPDOObject::set()
 */
public function set($k, $v = null) {
	if ($this->_new == FALSE) {
		switch ($k) {
			case 'protectedField1' :
			case 'protectedField2' :
			case 'protectedField3' :
			case 'protectedField4' :
			case 'protectedField5' :
			case 'protectedField6' :
			case 'protectedField7':
			/* Don't allow changes */
			$this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v );
				break;
			default :
				/* Anything here goes */
				parent::set ( $k, $v );
				break;
		}
	} else {
		parent::set ( $k, $v );
	}
}

Magic Methods

The magic method __set will also have to be intercepted. I chose to send it to either of the above functions.

<?php
/**
 * Intercepts parents magic function forcing requests to go through set.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 *
 * @see self:set
 */
public function __set($k, $v = null) {
	$this->set ( $k, $v );
}