March 1, 2021
Hot Topics:

Build your own MVC Framework: Getting your Framework Up And Running

  • By Marc Plotz
  • Send Email »
  • More Articles »

The view is where the actual HTML code gets generated. Go to the directory "application/view/scripts/" and create a folder called helloworld. Inside that folder create a file called "index.phtml". Now, a .phtml file is a PHP file that is meant to handle HTML effectively. In short, it is an HTML PHP template file. I'm hoping that by now you realize that for every controller there is a folder named after that controller in the application/view/scripts directory, and for every action relative to that controller there is a .phtml file inside that folder which handles the display.

Ok, so what we need to do is insert the following code into our application/view/scripts/helloworld/index.phtml file:

Figure Five

Ok, perfect. That's it then, right? So lets navigate our browser to http://framework/public_html/helloworld. Oh no! What you see is:

Click here for larger image

Figure Six

But why? What have we done wrong? We created the Controller, Model and the View. It should work? Shouldn't it?

Well, no, it shouldn't. We are forgetting about access control. This is generally referred to as Perms or ACL or whatever. In this framework I have called it the Gatekeeper. You do not have to worry about how it works really. All you need to do is know a few things about what it needs in order to work. Open the "application/configs/gatekeeper.ini.php" file. This is where you control the gatekeeper.

Ok, first we see the following:

Figure Seven

There are three clear sections in gatekeeper. These are:

  1. Roles
  2. Rules
  3. Actions

When we work with Roles, think of them as a certain userlevel. In Figure Eight I have already created three roles: guest, with a value of 0, user, with a value of 10, and admin with a value of 100. What the values indicate is which usertype should be given preference over another should a conflict occur. Thus Admin will always be given preference over User, who will be given preference over guest.

Next, we need to realize that rules are very precise things. For every page, in effect, every ACTION, you will need a clear rule that defines what will happen to each role as that role interacts with that page. Our rule is defined as three words seperated by dots, and a value. The reason is simple. I want to be able to say that I want to allow a certain role to view a certain ACTION of a CERTAIN CONTROLLER. Thus, If I wanted to allow Guest Role (In otherwords, a user that is not currently logged in) access to index/index, I would use the definition:

controller.action.role = allow

and a real example would be, to allow Guest Role access to our helloworld Page:

helloworld.index.guest = allow

Or, if I would like to deny Guest Role access to that same page, I would say

helloworld.index.guest = deny

This is where the Actions in terms of Gatekeeper comes in. Be careful not to confuse these actions with controller/action in MVC. The action in gatekeeper is a definition of what you want gatekeeper to do once it has denied a Role access to a page. Obviously we can just let the user redirect to a notification, etc. With actions we define an action as in Figure Eight Below:

Figure Eight

And what we are saying here is:

controller.action.role = redirect.controller.action

Which means that we could say that our hello world application is only accessible if the user is logged in. So we would then create a rule saying:

helloworld.index.guest = deny

helloworld.index.user = allow

And a complimentary Action:

helloworld.index.guest = redirect.user.login

So, if a guest attempts to access the helloworld/index page, he will be redirected to the login page. A logged in user will automatically have access.

Let's now complete this demonstration by adding the following rule to the gatekeeper.ini.php file, thus allowing guest access to the page:

helloworld.index.guest = allow

And if we now go back to http://framework/public_html/helloworld we will see the result:

Figure Nine

And that completes our task!

Until Next Time

Marc Steven Plotz

Page 2 of 2

This article was originally published on October 16, 2009

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date