Body
Data retrieved from API's or database tables filled with read-only data may need protection from being altered, deleted, or overwritten. The following offers a technique to block all saves to the database.
Authored on
Org Logo
Image
Framework
Most Restrictive Method
The first example does not allow ANY fields to be written, except for the approved field.
Specifically:
- New records will be empty and blocked.
- Database insertions will probably fail via the
obj->save()
method. - Temporary properties cannot be added.
- Requires an external initial insertion method to populate the database table.
<?php /** * Overrides the parent function allowing changes on only approved fields. * * @param string $k * The field key or name. * @param mixed $v * The value to set the field to. * @see xPDOObject::set() */ public function set($k, $v = null) { switch ($k) { case 'approveFieldName' : parent::set ( $k, $v ); break; default : /* Don't allow changes */ $this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v ); } } /** * Intercepts parents magic function forcing requests to go through set. * * @param string $k * The field key or name. * @param mixed $v * The value to set the field to. * * @see self:set */ public function __set($k, $v = null) { $this->set ( $k, $v ); }
Least Restrictive
The second example allows a higher level of interaction while protecting the restricted data
- New records are allowed.
- Database insertions via the
obj->save()
method will succeed. - Temporary properties can be added.
- Records can be inserted using normal xPDO functionality.
- Updates to the records are restricted to only permitted fields.
<?php /** * Overrides the parent function allowing changes on only approved fields. * * @param string $k * The field key or name. * @param mixed $v * The value to set the field to. * @see xPDOObject::set() */ public function set($k, $v = null) { if ($this->_new == FALSE) { switch ($k) { case 'protectedField1' : case 'protectedField2' : case 'protectedField3' : case 'protectedField4' : case 'protectedField5' : case 'protectedField6' : case 'protectedField7': /* Don't allow changes */ $this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v ); break; default : /* Anything here goes */ parent::set ( $k, $v ); break; } } else { parent::set ( $k, $v ); } }
Magic Methods
The magic method __set
will also have to be intercepted. I chose to send it to either of the above functions.
<?php /** * Intercepts parents magic function forcing requests to go through set. * * @param string $k * The field key or name. * @param mixed $v * The value to set the field to. * * @see self:set */ public function __set($k, $v = null) { $this->set ( $k, $v ); }