From: Vyacheslav S. <vya...@gm...> - 2009-10-08 18:20:31
|
i guess XForms instance should not represent internal structure of application - but XForms instance can contain kind of "business rules" XML, then simple XSLT can convert it to something similar to suggested by Evgeny XML format (but i can`t detect position of this format in relation to XProc), also in web application many "hidden" additional parameters like http-headers, so we need find way to map them too as parameters for called function (if we need them), so i think suggestion of Evgeny currently is something like "seed for brainstorming" On Thu, Oct 8, 2009 at 8:20 PM, Fraser Hore <fra...@gm...> wrote: > One of my use cases is to update an instance in XForms. With Evgeny's > approach or xml-rpc approach you can submit a post request that contains a > module, function and parameters retrieved from another XForms instance, run > the function with the posted parameters and replace your XForms instance > with the results returned by your function. > > I didn't know anything about xml-rpc so I just used a get request approach > that works quite well. The important thing in each approach I guess is > making sure that unauthorized people are not able to run unauthorized > functions that can compromise the system. Like xmldb:store or xmldb remove, > etc. This could be handeled by authenticating the person before running the > function and by limiting the functions that can be run in this way. > > Below is my approach in case it is of use or interest to anyone. One big > advantage is that with a get request I can just put the details of the > function in a url. So for example you can do: > > <img src="{concat($url:indexPath, '/', $url:siteAccess, > '/content/getImage/', $objectID, '/', $filename, '/200/200')}"/> > > It's also really handy for testing because I can try out any of my functions > just by putting it in a url in the address bar. > > I would be grateful for feedback if you think this is an unwise approach: > > ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > ///// URL Module which privides an interface to URL-related data > ///// > //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > module namespace url = "/db/cms2/modules/url"; > > declare variable $url:pathInfo := request:get-path-info(); (: everything > after index.xq :) > declare variable $url:xmlPathInfo := url:tokenizePathInfo($url:pathInfo); > declare variable $url:siteAccess := $url:xmlPathInfo/*[1]; (: may be used to > differentiate between different site accesses such as admin or website :) > declare variable $url:module := $url:xmlPathInfo/*[2]; (: xquery module > being called. NOTE: Should be limited to certain functions for security > reasons :) > declare variable $url:function := $url:xmlPathInfo/*[3]; (: xquery function > being called :) > declare variable $url:parameters := let $functionParametersCount := > xs:integer(url:functionInfo(util:registered-modules()[ends-with(., > $url:module)],$url:function)/*:parameterscount/text()) > let $parameterString := string-join(for > $i in (4 to $functionParametersCount + 3) > > return concat("'", $url:xmlPathInfo/*[$i], "'"),',') > return $parameterString; (: Parameters > to be passed to the function. Missing parameters passed as an empty string > :) > > (: Parse path info into a set of token elements. Anything surrounded in > brackets will be kept together e.g. a url. :) > declare function url:tokenizePathInfo($pathInfo) > { > let $xmlPathInfoQuery := string(" > let $tokens := if(contains($pathInfo, '(' )) > then let $before := > tokenize(substring-before($pathInfo, '('), '/') > let $bracket := > substring-before(substring-after($pathInfo, '('), ')') > let $after := > if(contains(substring-after($pathInfo, ')'), '(')) > then let > $pathInfo := substring-after($pathInfo, ')') > > return util:eval($xmlPathInfoQuery) > else > tokenize(substring-after($pathInfo, ')'), '/') > return > > tokenize(string-join(($before,$bracket,$after),' '), ' ') > else tokenize($pathInfo, '/' > ) > return > for $token in $tokens > return > if($token != '') > then > <token>{$token}</token> > else () > ") > return > <tokens> > {util:eval($xmlPathInfoQuery)} > </tokens> > }; > > (: Particularly useful if the number of parameters in the function is needed > :) > declare function url:functionInfo($moduleNamespaceURI,$functionName) > { > let $functionModule := util:extract-docs($moduleNamespaceURI) > let $function := $functionModule//*:function[*:name = $functionName] > let $functionParametersCount := count($function//*:param) > return > <function> > {$function/*} > <parameterscount>{$functionParametersCount}</parameterscount> > </function> > }; > > ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > ///// index.xq or whatever other file you want to use in your get > request ///// > //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > declare namespace util = "http://exist-db.org/xquery/util"; > import module namespace url ="/db/cms2/modules/url" at > "/db/cms2/modules/url.xqm"; > (: Import any other modules you want to be accessible :) > > util:eval(concat($url:module, ":", $url:function, "(", $url:parameters, > ")")) > > > > > > On Thu, Oct 8, 2009 at 5:18 PM, Dmitriy Shabanov <sha...@gm...> > wrote: >> >> On Thu, 2009-10-08 at 19:16 +0400, Evgeny Gazdovsky wrote: >> > 2009/10/8 Dmitriy Shabanov <sha...@gm...>: >> > > What I can't understand is why to call throw POST. All scripts should >> > > be >> > > on server site and shouldn't be a way to execute *anything* from >> > > outside. >> > > >> > > Can you describe any use case? >> > >> > Use functions directly from XForms, for example, without using a lot >> > of small queries like: >> > >> > >> > ------------------------------------------------------------- >> > import module namespace service = "module-uri"; >> > >> > service:execute-service(request:get-data()) >> > ------------------------------------------------------------- >> > >> > Instead writing a lot queries, we can POST from XForms what we want to >> > one entry point! >> > >> > Think, Vyacheslav will post XForms example. >> >> I do understand that it from XForms, but I can't see any user's >> scenario. >> >> -- >> Cheers, >> >> Dmitriy Shabanov >> >> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> Exist-open mailing list >> Exi...@li... >> https://lists.sourceforge.net/lists/listinfo/exist-open > > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Exist-open mailing list > Exi...@li... > https://lists.sourceforge.net/lists/listinfo/exist-open > > |