We always use an ACL module to control if a UI component displays in the screen for current user. For example, Client ACL attend to prevent a read-only user from creating new object by hiding “New” button. But considering that the client application is actually an user interface which runs on client machine and communicates with the server through the Internet, data can be changed easily in the long way from browser to the server. Although client code, Javascript for example, do hide the “New” button, the user is able to display it with browser tool like firebug. One even doesn’t need the button but just calls the Javascript function directly to invoke the hidden feature. So the real ACL must be built on the server side – “safe area”, instead of client side which is out of control.
Never see “client ACL” as an ACL issue – it’s indeed an business logic. It’s just data set by which client code can decide whether show UI component – nothing else.
It sounds easy, but unfortunately, we came to such an issue today on a product released months before.
There are only a few words about jdoc tag of type “module” In Joomla! online docs. The docs shows attributes such as name, style, id by code snippet without any description on that. So I was confused when I tried this tag in my template. The problem is, as the name attribute refers to the module type, how can I specify the module instance I want? I searched google for many articles and got a anwser that when there are more than one modules of the type, the first one in order will be taken by Joomla!. Yes, that’s silly. At last I fount a related tracker item in JoomlaCode on which the author impied that’s a defect of Joomla! docs. There’s an attribute named “title” refering to the instance title actually.
As a newbie of Joomla! framework, I feel Joomla! docs are not friendly enough for a newer. Some of contents are out of date, while some features are not even mentioned in docs. For example, by common sense I guess I can pass parameters to module instance in my template, but I can’t find it in docs, either in sample templates. Just like what I did in recent days with Joomla!, I dug into the framework code to see what happend on the tag. The anwser is Joomla! sets a variable named “attribs” in the scope of the module which contains attributes in the tag in the form of name-value pairs. Well, Joomla! code is much more friendly to read then docs, although there are few inline comments…
Documents and community are really very important for an open source project.
Recent Comments | 别人说