Menu
▾
▴
Re: [Exist-open] XRX and RPC
|
From: Vyacheslav S. <vya...@gm...> - 2009-10-08 18:20:31
|
i guess XForms instance should not represent internal structure of
application - but XForms instance can contain kind of "business rules"
XML, then simple XSLT can convert it to something similar to suggested
by Evgeny XML format (but i can`t detect position of this format in
relation to XProc), also in web application many "hidden" additional
parameters like http-headers, so we need find way to map them too as
parameters for called function (if we need them), so i think
suggestion of Evgeny currently is something like "seed for
brainstorming"
On Thu, Oct 8, 2009 at 8:20 PM, Fraser Hore <fra...@gm...> wrote:
> One of my use cases is to update an instance in XForms. With Evgeny's
> approach or xml-rpc approach you can submit a post request that contains a
> module, function and parameters retrieved from another XForms instance, run
> the function with the posted parameters and replace your XForms instance
> with the results returned by your function.
>
> I didn't know anything about xml-rpc so I just used a get request approach
> that works quite well. The important thing in each approach I guess is
> making sure that unauthorized people are not able to run unauthorized
> functions that can compromise the system. Like xmldb:store or xmldb remove,
> etc. This could be handeled by authenticating the person before running the
> function and by limiting the functions that can be run in this way.
>
> Below is my approach in case it is of use or interest to anyone. One big
> advantage is that with a get request I can just put the details of the
> function in a url. So for example you can do:
>
> <img src="{concat($url:indexPath, '/', $url:siteAccess,
> '/content/getImage/', $objectID, '/', $filename, '/200/200')}"/>
>
> It's also really handy for testing because I can try out any of my functions
> just by putting it in a url in the address bar.
>
> I would be grateful for feedback if you think this is an unwise approach:
>
> //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
> ///// URL Module which privides an interface to URL-related data
> /////
> ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>
> module namespace url = "/db/cms2/modules/url";
>
> declare variable $url:pathInfo := request:get-path-info(); (: everything
> after index.xq :)
> declare variable $url:xmlPathInfo := url:tokenizePathInfo($url:pathInfo);
> declare variable $url:siteAccess := $url:xmlPathInfo/*[1]; (: may be used to
> differentiate between different site accesses such as admin or website :)
> declare variable $url:module := $url:xmlPathInfo/*[2]; (: xquery module
> being called. NOTE: Should be limited to certain functions for security
> reasons :)
> declare variable $url:function := $url:xmlPathInfo/*[3]; (: xquery function
> being called :)
> declare variable $url:parameters := let $functionParametersCount :=
> xs:integer(url:functionInfo(util:registered-modules()[ends-with(.,
> $url:module)],$url:function)/*:parameterscount/text())
> let $parameterString := string-join(for
> $i in (4 to $functionParametersCount + 3)
>
> return concat("'", $url:xmlPathInfo/*[$i], "'"),',')
> return $parameterString; (: Parameters
> to be passed to the function. Missing parameters passed as an empty string
> :)
>
> (: Parse path info into a set of token elements. Anything surrounded in
> brackets will be kept together e.g. a url. :)
> declare function url:tokenizePathInfo($pathInfo)
> {
> let $xmlPathInfoQuery := string("
> let $tokens := if(contains($pathInfo, '(' ))
> then let $before :=
> tokenize(substring-before($pathInfo, '('), '/')
> let $bracket :=
> substring-before(substring-after($pathInfo, '('), ')')
> let $after :=
> if(contains(substring-after($pathInfo, ')'), '('))
> then let
> $pathInfo := substring-after($pathInfo, ')')
>
> return util:eval($xmlPathInfoQuery)
> else
> tokenize(substring-after($pathInfo, ')'), '/')
> return
>
> tokenize(string-join(($before,$bracket,$after),' '), ' ')
> else tokenize($pathInfo, '/'
> )
> return
> for $token in $tokens
> return
> if($token != '')
> then
> <token>{$token}</token>
> else ()
> ")
> return
> <tokens>
> {util:eval($xmlPathInfoQuery)}
> </tokens>
> };
>
> (: Particularly useful if the number of parameters in the function is needed
> :)
> declare function url:functionInfo($moduleNamespaceURI,$functionName)
> {
> let $functionModule := util:extract-docs($moduleNamespaceURI)
> let $function := $functionModule//*:function[*:name = $functionName]
> let $functionParametersCount := count($function//*:param)
> return
> <function>
> {$function/*}
> <parameterscount>{$functionParametersCount}</parameterscount>
> </function>
> };
>
> //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
> ///// index.xq or whatever other file you want to use in your get
> request /////
> ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>
> declare namespace util = "http://exist-db.org/xquery/util";
> import module namespace url ="/db/cms2/modules/url" at
> "/db/cms2/modules/url.xqm";
> (: Import any other modules you want to be accessible :)
>
> util:eval(concat($url:module, ":", $url:function, "(", $url:parameters,
> ")"))
>
>
>
>
>
> On Thu, Oct 8, 2009 at 5:18 PM, Dmitriy Shabanov <sha...@gm...>
> wrote:
>>
>> On Thu, 2009-10-08 at 19:16 +0400, Evgeny Gazdovsky wrote:
>> > 2009/10/8 Dmitriy Shabanov <sha...@gm...>:
>> > > What I can't understand is why to call throw POST. All scripts should
>> > > be
>> > > on server site and shouldn't be a way to execute *anything* from
>> > > outside.
>> > >
>> > > Can you describe any use case?
>> >
>> > Use functions directly from XForms, for example, without using a lot
>> > of small queries like:
>> >
>> >
>> > -------------------------------------------------------------
>> > import module namespace service = "module-uri";
>> >
>> > service:execute-service(request:get-data())
>> > -------------------------------------------------------------
>> >
>> > Instead writing a lot queries, we can POST from XForms what we want to
>> > one entry point!
>> >
>> > Think, Vyacheslav will post XForms example.
>>
>> I do understand that it from XForms, but I can't see any user's
>> scenario.
>>
>> --
>> Cheers,
>>
>> Dmitriy Shabanov
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>> is the only developer event you need to attend this year. Jumpstart your
>> developing skills, take BlackBerry mobile applications to market and stay
>> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>> http://p.sf.net/sfu/devconference
>> _______________________________________________
>> Exist-open mailing list
>> Exi...@li...
>> https://lists.sourceforge.net/lists/listinfo/exist-open
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> Exist-open mailing list
> Exi...@li...
> https://lists.sourceforge.net/lists/listinfo/exist-open
>
>
|