Have searched for this but i'm coming up short.
What is the best way to restrict access to an action in a controller in ZF2?
What i want is to only call a certain action in a controller (which is in a different module) if the request comes from a specific action - if not redirect to 404.
I see that i can use
$this->getRequest()->getUri()->getPath()
to get the current URL, but what i want is the previous one?
I could put this in a session variable, or pass it as a parameter in the route but is there a better way?
Reason is that i have a multi step form and i wish to only allow step 2 if the user came from step 1, otherwise 404.
What is the recommended ZF2 practice for this?
thanks
You should probably not handle this via urls. I'd look into Zend\Session\Container to manage state explicitly after you submit the first form.
Related
I have a main page and special information for this particular page, how to better implement the editing form at url, for example / home-page-edit / without /: id?
You can do something like this.
1. Fetch edit page and form with the passed params: id, and_other_params
2. After loading edit form for specific resources based upon that params od value you can insert data.
3. Custom update action but updated based upon passed params and id.
** Please this may not be the ideal way for http-rest requests. Try to avoid this way.
I've got a WebFilter that redirects to the login page in my application. In order to redirect back to the referring page I've also added a view parameter called redirectOnLogin which is then used on successful logins in order to perform the final navigation.
If one were to manipulate this query parameter, one could easily provoke JSF navigation errors. I would therefore like to pre-empt this by checking that the outcome is valid but I've not been able to uncover a mechanism for pre-validating a JSF outcome.
Easiest and best is to make sure the redirectToLogin parameter cannot be manipulated. Or that manipulation is detected.
You could solve this in (at least) two ways
Taking the original page name, adding a 'salt' to it and creating a hash.
Addin this has that in the request to the login server
Make sure it is returned by the login server (maybe adding it as # to the return page or as a param.
On receiving it on the 'redirectOnLogin' page, use the page name, the same salt and create a hash in the same way. Compare these and if they match you are fine, if they don't throw an error.
Or you could
Store the 'redirectOnLogin' page in a session to
Check on returning from the login server if it matches with the page you end-up on.
I seek some guidedence here ... ( I'm not sure if this is the best title )
At the moment I prepend a "server name" to the url like this:
server10.example.com
This works fine, except that I need to handle all the subdomains on the IIS and I'm not sure google are happy about jumping around from sub to sub to sub, when it seems the links to the other servers.
I'm kind a hoping for a nice way to archive this wioth asp.net mvc.
Most pages are related to a "server" ... there are however a few info pages, contact, home that dont really need a valid "server" name ... but could just be "na" for not available, but the name need to be maintained, if there is already a selected server, when a user are keeps browsing the site. This needs to be as transparent as possible when I need to create the links to the diffenrent pages.
I could extend the Html Action() extensien to automatically add the selected "server" from the previusly request to the page.
In the format:
/{serverParameter}/{controller}/{action}/{parameterInfo}
And if no server is selected, just add "na" as the {server} placeholder.
I'm not sure if more information is needed, but please let me know if ...
I tired of extracting the selected server from the domain part and the other way also seems better, I just can't think of a good way to structure this ...
Updated
90% of all the pages are about a server that the user select at some point. Could be server10, server9, server20 ... just a name. I want to maintain that information across all pages, after the users has selected it or else I just want it to be f.ex: "empty".
I mostly looking for an easy way of doing this or an alternative ... atm I'm prepending the serverParamter to the url so it ends up being: "serverParameter.example.com".
I want to end up with something like
http://example.com/{server}/{controller}/{action}
instread of
http://{server}.example.com/{controller}/{action}
If I understand your question correctly, you just wish to group different collections of content together above the controller/action level. If that's the case, have you considered using ASP.NET MVC areas?
Just right-click on your project, and choose Add -> Area.... Give it a name (what you're calling "server"), and then you can add content, your own controllers, actions, etc. Under this area. You will automatically be able to access it via /AreaName/Controller/Action/etc.
I went with the already impemented routing in ASP.NET MVC.
{server}/{controller}/{action}
When creating the links it takes the set value for {server} and places the value when generating URL's, so I only need to supply controller and action in the #Html.Action helper method ... this could not have been more easy.
I'm not sure why I did not think about this. One just gotta love routing.
In my ApplicationController parent class I have an action method called dig which reads parameters via the params[] hash-like structure. I would like to have any view that builds a link to any controller via link_to helper function with the dig action to call the parent's action first. I'd like to then be able to determine either what that parameterized information represents (its type), or what created the link (the previous or originating view).
Any ideas on the best way to do this? Is there a way to pass an object via the link_to and then use its meta data? If so, would this break the rails paradigm?
If you're looking for what called what inside your code, Ruby's caller method is the basis for the stack dump that occurs when an exception occurs. You can tap into that and ask what the calling chain was at any point.
If you want to trace the incoming requests from the browser from an outside site, it becomes a lot more difficult because browsers don't like to reveal the last location any more. If the browser is being redirected around your own site you can use sessions or cookies to trace its movement.
I think that to have the originating link what you would need to do is something like this:
request.env['HTTP_REFERER']
This will get the URL where the action was originated, from there you can process the URL to get controller, action and id. Hope this helps!
I am working on struts2. I have an interceptor that executes before my action claas. Now when I submit on a jsp page control goes to interceptor and after some processing there the control goes to action class. This complete flow is running well. But I found two things –
1) Control does not go to action-validation.xml before going to action class.
2) Its not getting the values of textfield or etc that uses has entered into jsp page before submitting.
Can anyone tell me how to find solution for these two points.
Thanks in advance.
I'd be looking at the order in which you have your interceptors defined in struts.xml. You need to make sure that you have a params interceptor (at least 1, the model driven pattern requires 2) and a validation interceptor defined in the correct place. I generally copy the default stack (defined here) and then modify it for my needs. Perhaps you could add your interceptor stack definition to your question?