六月麦田

没有程序语言是完美的，甚至没有一个唯一最好的语言，只有对于特定目的，比较适合和不适合的程序语言。

Herbert Mayer

以前和朋友聊起程序语言常表达这个意思，终于找到一个表述得当的版本和出处。此人在wiki上尚没有英文介绍。

We always use an ACL module to control if a UI component displays in the screen for current user. For example, Client ACL attend to prevent a read-only user from creating new object by hiding “New” button. But considering that the client application is actually an user interface which runs on client machine and communicates with the server through the Internet, data can be changed easily in the long way from browser to the server. Although client code, Javascript for example, do hide the “New” button, the user is able to display it with browser tool like firebug. One even doesn’t need the button but just calls the Javascript function directly to invoke the hidden feature. So the real ACL must be built on the server side – “safe area”, instead of client side which is out of control.
Never see “client ACL” as an ACL issue – it’s indeed an business logic. It’s just data set by which client code can decide whether show UI component – nothing else.
It sounds easy, but unfortunately, we came to such an issue today on a product released months before.

There are only a few words about jdoc tag of type “module” In Joomla! online docs. The docs shows attributes such as name, style, id by code snippet without any description on that. So I was confused when I tried this tag in my template. The problem is, as the name attribute refers to the module type, how can I specify the module instance I want? I searched google for many articles and got a anwser that when there are more than one modules of the type, the first one in order will be taken by Joomla!. Yes, that’s silly. At last I fount a related tracker item in JoomlaCode on which the author impied that’s a defect of Joomla! docs. There’s an attribute named “title” refering to the instance title actually.

As a newbie of Joomla! framework, I feel Joomla! docs are not friendly enough for a newer. Some of contents are out of date, while some features are not even mentioned in docs. For example, by common sense I guess I can pass parameters to module instance in my template, but I can’t find it in docs, either in sample templates. Just like what I did in recent days with Joomla!, I dug into the framework code to see what happend on the tag. The anwser is Joomla! sets a variable named “attribs” in the scope of the module which contains attributes in the tag in the form of name-value pairs. Well, Joomla! code is much more friendly to read then docs, although there are few inline comments…

Documents and community are really very important for an open source project.