0

I am creating a shopping cart in a MVC file structure and I have a shopping cart controller which has a group of functions for the frontend and backend.

Class ShoppingCartController{

    //frontend function
    public function viewCart(){
          //do something
          require 'view/viewCart.php';
    }

    //backend function
    public function viewOrders(){
          //do something
          require 'view/viewOrders.php';
    }
}

$controll = new ShoppingCartController();

if(isset($_GET['action']) && in_array($_GET['action'], get_class_methods($controll))){
    call_user_func(array($controll, $_GET['action']));
}

What I want to do is guard against anyone from the frontend being able to call a backend function. So I thought I would set the functions to protected and write two extended classes to regulate permissions. Like so 

 Class ShoppingCartController{

    //frontend function
    protected function viewCart(){
          //do something
          require 'view/viewCart.php';
    }

    //backend function
    protected function viewOrders(){
          //do something
          require 'view/viewOrders.php';
    }
}

Class ShoppingCartFrontendController Extends ShoppingCartController{
    //frontend function
    public function viewCartExtended(){
          //do something
          $this->viewCart();
    }
}

Class ShoppingCartBackendController Extends ShoppingCartController{
    //backend function
    public function viewOrdersExtended(){
        //do something
        $this->viewOrders();
    }
}

Is that the way everyone else would do it or is there a better way?

Improve this question
1
  • Actually, there is a better way. Use ready-made frameworks or at least have a look at how they do it. You'll get a lot of inspiration from them, I promise. Commented May 15, 2012 at 11:49

2 Answers 2

Reset to default
2

I guess you could start by reading this old comment.

The basic idea is to wrap the controller on a "protective shell", which is responsible for protecting the object within.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If I were doing it I would add

//frontend function
public function viewCartExtended(){
      //do something
      $this->viewCart();
}

and 

//backend function  
public function viewOrdersExtended(){
    //do something
    $this->viewOrders();
}

to my controller. One class to rule them.

//frontend function
private function viewCartExtended(){
      //do something
      require 'view/viewCart.php';
}  
//backend function
private function viewOrdersExtended(){
    //do something
    require 'view/viewOrders.php';
}
//public method
public function get_view($foo){
    //test if authed etc..
    switch($foo){
      case "foo":
          return viewCartExtended();
      break;
      case "bar":
          return viewOrdersExtended(); 
      break;
      ... .. . .
      .. .

And so on.
I'm no CI whizz though. So this may not be the "best" way; but it keeps it simple.

Improve this answer

1 Comment

Thanks for the reply. I think I would use this if there where only the two functions and they where strictly interchangeable. But as the view functions build up the get_view() function would start to get very complicated first authorising the user then working out what view they need.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.