Creating write-protected xPDOObjects

Tags:
xpdo,

Most Restrictive Method

The first example does not allow ANY fields to be written, except for the approved field.

Specifically:

  • New records will be empty and blocked.
  • Database insertions will probably fail via the obj->save() method.
  • Temporary properties cannot be added.
  • Requires an external initial insertion method to populate the database table.
<?php
/**
 * Overrides the parent function allowing changes on only approved fields.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 * @see xPDOObject::set()
 */
public function set($k, $v = null) {
    switch ($k) {
        case 'approveFieldName' :
            parent::set ( $k, $v );
            break;
	
        default :
        /* Don't allow changes */
            $this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v );
    }
}
/**
 * Intercepts parents magic function forcing requests to go through set.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 *
 * @see self:set
 */
public function __set($k, $v = null) {
	$this->set ( $k, $v );
}

Least Restrictive

The second example allows a higher level of interaction while protecting the restricted data

  • New records are allowed.
  • Database insertions via the obj->save() method will succeed.
  • Temporary properties can be added.
  • Records can be inserted using normal xPDO functionality.
  • Updates to the records are restricted to only permitted fields.
<?php
/**
 * Overrides the parent function allowing changes on only approved fields.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 * @see xPDOObject::set()
 */
public function set($k, $v = null) {
	if ($this->_new == FALSE) {
		switch ($k) {
			case 'protectedField1' :
			case 'protectedField2' :
			case 'protectedField3' :
			case 'protectedField4' :
			case 'protectedField5' :
			case 'protectedField6' :
			case 'protectedField7':
			/* Don't allow changes */
			$this->logevent ( false, 'Attempt to change Read-Only Data: ' . $k . '=>' . $v );
				break;
			default :
				/* Anything here goes */
				parent::set ( $k, $v );
				break;
		}
	} else {
		parent::set ( $k, $v );
	}
}

Magic Methods

The magic method __set will also have to be intercepted. I chose to send it to either of the above functions.

<?php
/**
 * Intercepts parents magic function forcing requests to go through set.
 *
 * @param string $k
 *        	The field key or name.
 * @param mixed $v
 *        	The value to set the field to.
 *
 * @see self:set
 */
public function __set($k, $v = null) {
	$this->set ( $k, $v );
}