Re: [Phrame-devel] Please read: MVC input sought

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

--- Tony Bibbs <to...@to...> wrote:
> 2) I have worked security into this MVC implementation.  Security checks 
> are still up to the developer to implement but the default policy will 
> be used to determine the default security policy.  If set to _TRUSTED, 
> the default policy is to allow access to anyone.  If set to _UNTRUSTED, 
> all models/views will have security checks enabled by default.

I don't really understand the need here.  Should the view/actions just query
the appropriate model to determine if they should run?  For example, you might
have a User model that would indicate if a) the user was logged into the site
and b) if they had editing permission.

In the request to view you might:
if (!$o_user->IsLoggedIn()) {
   trigger_error('you must be logged in to view this page');
   header(ERROR_REDIR);
}

or in the action to update something, you might do
if (!$o_user->IsEditor()) {
   trigger_error('you must have editing rights to change this page');
   header(ERROR_REDIR);
}

This seems like a very application specific issue, what advantage is there to
moving it into the framework?

> 3) A big problem with Phrame is it will load a lot of unneeded code to 
> process a request.  Specifically, all the actions in phrame are loaded. 
>   By using the path config information for the views/models, you can 
> dynamically include the right code on demand.

Did you look at the comment I posted this past weekend
(http://sourceforge.net/mailarchive/forum.php?forum_id=13113&max_rows=25&style=flat&viewmonth=200303&viewday=14)?
In it, I documented how to have Phrame only load actions/forms/views/models as
required.  In my case, actions include specific models that are used in each
action, so by loading all the actions all the models would be loaded anyway.

> 7) the Phrame Mappings and Forwards classes have been dropped.  Forwards 
> are simply implemented as an array.  When a request is received, only 
> the forwards for the model or view is loaded.  Similarly, only the 
> mapping information for the current request is loaded.

Doesn't that eliminate the "loose coupling" advantage that copying Struts gave
you in the first place?

> 9) Many applications output views differently. Some echo or print the 
> HTML directly to the browser, others build the HTML in a string and at 
> the end echo that single string.  The view implementation is a 
> configuration setting that lets you specify which behaviour is supported 
> and the controller will act accordingly.

This is why I think a view factory needs to be application specific as well...

Regards,

Jason

__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com