I am moving our current ASP.net website to a MVC3 project and am very new to MVC. Currently we have a 2 level authorization for a superadmin and a admin. Both these levels of authorization get directed to a menu where there are some common and some different pages which they each access. I was wondering how I could structure it such that there will be minimum duplication of controller logic with URLs like -
myURL/SuperAdmin
myURL/SuperAdmin/Users
myURL/SuperAdmin/Users/UserId
Similarly for Admin.
For the above kind of URL I may have to duplicate the controller code (for the Users view) in the SuperAdmin as well as the Admin controllers. As both these access the Users View. I would like to avoid this, but have the same URL. We are making use of the existing business layer entity framework (stored procedures) and not using any LinqToSql. Can I use named routing for this? If so, how? I hope I am making myself clear.
Can someone please help? Any ideas and suggestions will be greatly appreciated.
Thanks,
sdd
I'm not entirely clear on this. If you think you will have code duplication then remove that code into common classes that multiple controllers will access. Sure you can have multiple routes point you to the same controller/action methods (if thats what you meant) but I recommend you don't have multiple URI's (excluding varying parameters) that go into the same controller method. It makes your app a bit hard to follow.
Related
I am build an application using Angular2 as front end framework and spring boot as backend framework.
One of the seniors in my team insisted on using JSP as templates for my components in order to avoid rendering any unauthorized views.
Is that really nessecary? I saw many applications which are implemented using angular or other front end frameworks but it did not render the templates in backend, is it a good practice? isn't authenticating the requests is enough?
Also would not that be a problem for performance?
From my point of view I think JSP will prevent us from using the potentials of Angular, any help or documentation on that subject would be much appreciated.
Short: No, JSP is not necessary.
Long: One has to realize where which part runs. JSP on the server, Angular in the browser. I assume your senior colleague is concerned about displaying unauthorized data - but that is not the concern of Angular. Angular is basically just the View, and, perhaps, Controller. But it has to get the data from the server - which is usually done over some REST service. And it is the duty of that service to serve only data the user is allowed to view. So you can implement your View/Controller part in Angular, putting all the views (event the restricted ones) in, and then implement proper security into your server-side data service.
No, it's not necessary to use JSP in Angular 2.
It's correct that JSP allows you to protect the template itself from unauthorized access, but in our case it's not really a bad thing to happen from the security point of view, as access to the template without the data itself is not something dangerous; The data of course must be protected w/ your own security/authentication to prevent unwanted access to it.
I want to build a Laravel application which users both web and API parts. The common (and mine as well) question is whether to use separate controllers or not.
There are 2 options:
Separate controllers
Laravel API controller structure?
Use one controller and check the request type (is Ajax, or depending on the request link) and return either JSON or HTML.
Laravel resource controllers for both API and non-API use
Those who have the 1-st opinion doesn't explain the DRY problem solution - web and API controllers would be the same except the return statement (JSON or HTML view). But since most post recommend to separate controllers I suspect I don't understand something about the DRY problem solution.
I don't see any disadvantage of the second method. But people say something like
If you use only one controller, you will end up soon with a messy class with thousands of lines. Not only this is not going to scale well, but it will be hard to work with for you and your teammates.
Please explain me the DRY problem solution for the first approach (separate controllers) and the possible underwater rocks in the second approach (single controller)
Please explain which approach is preferable.
I think this is a great question, and I too am keen to see the responses.
I can see the arguments for both approaches. I however would create and maintain separate controllers, whilst using services to share common logic between the controllers where it is known that this will never change.
For example, if you allow users to upload avatar images. I would put such logic in a service and consume this service in both controllers.
The reason for this approach in my mind, is that the web and API logic may diverge and it would therefore be easier to iterate each without impacting the other.
If this is unlikely, then I would still create separate routes, but point them both at the same controllers, so that if it did change in the future, you can simply re-point the API routes to their own controllers.
Where should the authorization code in Laravel? We have a lot of options and a lot of plugins to manage this situation but and I'm not really sure where I should put all logic. Let's see:
I know that there are a lot of possibilities with a correct result but I want to know which is the optimal solution for you or know your techniques in this situations.
Imagine we have a help desk application done in vuejs and Laravel as API, so we have users, groups, roles, permissions. And maybe a user will only able to see its tickets.
Should we do a TicketPolicy with view, update, create methods? Maybe should we use repositories? Maybe a is_user_allowed method in Ticket's model?
Should we use middleware in routes files and do something like Route::get('tickets/{ticket}', 'TicketsController#show')->middleware('can:show')? Or should we call $this->authorize($ticket) in show, edit, update and store methods of the controller?
Or maybe should we use FormRequest#authorize method and then use something like $user->authorize('show', $ticket)?
What if we want groups or roles? Should we use some plugin like Entrust and/or policies?
What do you think, what do you do?
Best place I found to put classes that group specific logic that do not fit in standard MVC pattern is completely new folder for Laravel. I name mine Services, probably because I read it somewhere. One of the great things in Laravel (and probably other modern frameworks) is flexibility, you can just pop a folder, add a new namespace and have it contain whatever you need.
As for your example, I would implement a class App\Services\Permissions that would contain all necessary logic for accessing different resources in your application. Then call it's methods wherever you need them, be it Requests, Middlewares or Eloquent Models.
I'm from a non-computing background and I'm struggling to getting my head around MVC design approaches and frameworks in general. I "get" code re-use, and separation of logic from display, and I "get" encapsulation and decoupling, but I don't get this.
At the moment I simply put everything in root, a separate subfolders for images, cfcs, and _includes, all database interaction via cfcs. I do all my processing at the top of the page, then a comment line then display/page layout below that.
Most of the frameworks I have looked at seem to favour a front controller, so my simplistic version of a top controller MVC design would be a subfolder for cfcs, controllers, and views and a big switch statement in index.cfm
<cfif not IsDefined("URL.event")>
<cflocation url="index.cfm?event=home" addtoken="No">
</cfif>
<cfswitch expression="#url.event#">
<cfcase value="home">
<cfinclude template="controllers/home.cfm"/>
<cfinclude template="views/home.cfm"/>
</cfcase>
<cfcase value="about">
<cfinclude template="controllers/about.cfm"/>
<cfinclude template="views/about.cfm"/>
</cfcase>
</cfswitch>
.. but what real advantage does that give me over a page controller design? Unless it's just the kind of sites I write, I always seem to find that the controller logic is specific to a view, its not like one controller could fit several views or several controllers could output to one view, so what would be the point of separating them?
The light hasn't come on for me yet, any pointers?
By "top" controller, I think you mean "front" controller, a single point of entry for requests into an application. As #bpanulla wrote, most ColdFusion frameworks use this design pattern. This becomes particularly interesting with URL rewriting, where it becomes easy to have search engine safe URLs by intercepting the a URL (e.g. domain.ext/i/am/friendly.ext) and routing it to some standard file such as index.cfm while making the requested URL a parameter (often as a request header). This also makes site redesigns where URLs change easier because it lends itself well to aliasing or redirects.
As far as controllers are concerned, they are usually tightly coupled to a particular URL or URL pattern. It's possible be more loosely coupled with controllers, but in practice I find that's an emergent property after multiple refactorings. What should be underlying the controller is one or more calls to a service layer that talks to the database, executes business process, creates stateful entities, etc... Then the controller receives the service layer's outputs and places them into whatever mechanism (e.g. an event object) is used to pass data to the view(s).
It's the service layer that's meant to be reusuable not the controllers. The controllers are merely an extension of whatever framework an application works within. The idea being that you should be able to switch frameworks with very little impact to the views and service layer. The piece that needs to be touched are the controllers.
So a given service object in a service layer should be able to service multiple controllers. For example, consider showing a logged in users' information as a widget on a site. There might be different pages served by different controllers, but each would call the same service object to get logged in user data that presumably might be given to the same view that renders the widget.
Update: Front Controller Advantages
Security: centralized authentication and authorization.
i18n & l10n: inject the right language pack into the request globally
Process Orchestration: think multi step checkout process for a shopping cart where you don't want the back and forward buttons to work - by routing everything through the front controller you're able to enforce what step (i.e. the state)
Logging & Tracking: easily add Google Analytics or other request tracking to a site by making the addition in just one place
Error Handling: centralized behavior
Now many of these items can also be done using <cferror> and Appplication.cfc, but I find it easier to have one centralized point.
Useful Links
http://java.sun.com/blueprints/corej2eepatterns/Patterns/FrontController.html
http://msdn.microsoft.com/en-us/library/ff648617.aspx
You actually implemented the crux of Fusebox (http://www.fusebox.org/) with what you wrote. There's nothing wrong with that, and most of the ColdFusion community used something similar to that for many years - Fusebox was the most-used CF framework (in my experience) until just a few years ago when ModelGlue, Mach-II and the other second generation CF frameworks came about.
One thing I can point out is that your approach to controllers (as .cfm files) actually does not enforce encapsulation in the typical OOD fashion, with specific arguments going to an object method call. Unless you are extremely dilligent, over time your .cfm controllers may wind up accumulated a large number of undocumented parameters that alter behavior to solve one problem or another.
With the various frameworks you also get nice features like Application, Session, and Request specific code (onApplicationStart, onRequestEnd, etc). But you can always get those through a simple Application.cfc.
I'm new to OOPHP and frameworks at all.
I'm just wondering...
I have few controllers:
dashboard
signup
login and few more
I've put them into users directory. Everything is working correctly, I'm just wondering if I should put everything in one controller and signup, etc. should be a method of users controller? Or am I doing it correct way?
Regards,
M
It's totally up to you. The stuff you currently have could probably all go into one controller (user controller in this case), but it can build up to request the separation you already have, e.g. separate controller for each action, grouped by a prefix.
Good thing about kohana is that it allows you to do stuff like this the way you want to, there isn't a single guideline about putting many 'common' actions into the same controller; do it as you like / find appropriate.