Hello, World!
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:Hello, World!
Any command-line input or output is written as follows: %cd /WebRoot/demo/protected/tests %phpunit unit/MessageTest.php New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Clicking on the About link provides a simple example of a static page." Warnings or important notes appear in a box like this. Tips and tricks appear like this. Preface [ 4 ] Reader feedback Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of. To send us general feedback, simply send an email to feedback@packtpub.com, and mention the book title via the subject of your message. If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or email suggest@packtpub.com. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors. Customer support Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase. Downloading the example code for the book Visit http://www.packtpub.com/files/code/9584_Code.zip to directly download the example code. The downloadable files contain instructions on how to use them. Errata Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration, and help us to improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub. com/support, selecting your book, clicking on the let us know link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata added to any list of existing errata. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support. Preface [ 5 ] Piracy Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or web site name immediately so that we can pursue a remedy. Please contact us at copyright@packtpub.com with a link to the suspected pirated material. We appreciate your help in protecting our authors, and our ability to bring you valuable content. Questions You can contact us at questions@packtpub.com if you are having a problem with any aspect of the book, and we will do our best to address it. Meet Yii The past several years have marked a significant 'framework boom', and almost everyone involved in web application development these days is a part of a new generation of 'framework boomers'. Web development frameworks help jumpstart your application by immediately delivering the core foundation and plumbing needed to quickly turn your ideas scribbled on the whiteboard into a functional and production-ready code. With all of the common features expected from web applications today and available framework options that meet these expectations, there is little reason to code your next web application from scratch. A modern, flexible, and extensible framework is almost as essential a tool as the programming language itself to today's web developer. Moreover, when the two are particularly complementary, the results are an extremely powerful toolkit: Java and Spring, Ruby and Rails, C# and .NET, and PHP and Yii. Yii is the brainchild of its founder Qiang Xue who started the development of this open source framework on January 1st, 2008. Prior to this, Qiang had previously developed and maintained the PRADO framework for many years. The years of experience and user feedback cultivated from the PRADO project solidified the need for a much easier, more extensible and more efficient PHP5-based framework to meet the ever-growing needs of application developers. The initial alpha version of Yii was officially released to meet these needs in October of 2008. Its extremely impressive performance metrics when compared to other PHP-based frameworks immediately drew very positive attention. On December 3rd, 2008, Yii 1.0 was officially released and as of March 14th, 2010, the latest production-ready version is 1.1.2. It has a growing development team and continues to gain popularity among PHP developers everyday. We feel that with just a little help from the information contained in this book, you will soon understand why. Meet Yii [ 8 ] The name Yii (an acronym for Yes, it is, pronounced as Yee or [ji:]) stands for easy, efficient, and extensible. Yii is a high-performance, component-based, web application framework written in PHP 5. Yii makes it easier to create and maintain large-scale web applications. It also makes them more efficient and extensible. Let's take a quick look at each of these characteristics of Yii in turn. Yii is easy To run a Yii-powered web application, all you need is the core framework files and a web server supporting PHP 5.1.0 or higher. To develop with Yii, you only need to know PHP and object-oriented programming(OOP). You are not required to learn any new configuration or templating language. Building a Yii application mainly involves writing and maintaining your own custom PHP classes, some of which will extend from the core Yii Framework component classes. Yii incorporates many of the great ideas and work from other well-known web programming frameworks and applications. So, if you are coming to Yii after using other web development frameworks, it is likely you will find it familiar and easy to navigate. Yii also embraces a convention over configuration philosophy, which contributes to its ease of use. This means that Yii has sensible defaults for almost all aspects of wiring your application. If you follow the prescribed conventions, you will write less code and spend less time developing your application. If desired, Yii allows you to customize and easily override all of these conventions. We will be covering some of these defaults and conventions later in this chapter and throughout the book. Yii is efficient Yii is a high-performance component-based framework for developing web applications on any scale. It encourages maximum code reuse in web programming, and can significantly accelerate the development process. As mentioned previously, if you stick with Yii's built-in conventions, you can get your application up and running with little to no manual configuration. Yii is also designed to help you with DRY development. DRY (Don't Repeat Yourself) is a key concept of agile application development. All Yii applications are built using the Model-View-Controller (MVC) architecture. Yii enforces this development pattern by providing a place to keep each piece of your MVC code. This minimizes duplication and helps promote code reuse and ease of maintainability. The less code you need to write, the less time it takes to get your application to market. Similarly, the easier it is to maintain your application, the longer it will stay on the market. Chapter 1 [ 9 ] Of course, the framework is not just efficient to use, it is also remarkably fast and performance is optimized. Yii has been developed with performance optimization in mind from the very beginning, and the result is that it is one of the most efficient PHP frameworks around. The Yii development team has performed performance comparison tests with many other PHP frameworks, and Yii outperformed them all. This means that the additional overhead Yii adds to applications written on top of it is negligible. Yii is extensible Yii has been carefully designed to allow nearly every piece of its code to be extended and customized to meet almost any need or requirement. In fact, it is difficult not to take advantage of Yii's ease of extensibility as a primary activity when developing a Yii-driven application, which is extending the core framework classes. If you want to turn your extended code into useful tools for other developers to use, Yii provides easy-to-follow steps and guidelines to help you create such third-party extensions. This allows you to contribute to Yii's ever-growing list of features and actively participate in extending Yii itself. What is also remarkable about Yii is its ease of use, superior performance, and its depth of extensibility which does not come at the cost of sacrificing features. Yii is packed with features to help you meet those high demands placed on today's web applications. AJAX-enabled widgets, web service integration, enforcement of an MVC architecture, DAO and relational Active Record database layer, sophisticated caching, hierarchical role-based access control, theming, internationalization (I18N), and localization (L10N), are just the tip of the Yii iceberg. As of version 1.1, the core framework is now packaged with an official extension library called Zii. These extensions are developed and maintained by the core framework team members who continue to extend Yii's core feature set. With a deep community of users who are also contributing by writing Yii extensions, the overall feature set available to a Yii powered application is growing daily. For a complete list of all available user contributed extensions, see http://www.yiiframework.com/extensions/. MVC architecture As mentioned previously, Yii is an MVC framework and it provides an explicit folder structure for each piece of model, view, and controller code. Before we start building our first Yii application, we need to define a few key terms, and look at how Yii implements and enforces this MVC architecture. Meet Yii [ 10 ] The model Typically in an MVC architecture, the model is responsible for maintaining state. Thus, it should encapsulate the business rules that apply to the data that defines this state. A model in Yii is any instance of the framework class CModel or its child class. A model class typically comprises data attributes that can have separate labels (something user-friendly for the purpose of display), and can be validated against a set of rules defined in the model. The data that makes up the attributes in the model class could come from a row of a database table or from the fields in a user input form. Yii implements two kinds of models: The form model (CFormModel class) and the active record model (CActiveRecord class). They both extend from the same base class CModel. CFormModel represents a data model that collects inputs in HTML form. It encapsulates all the logic for form field validation and any other business logic that may need to be applied to the form field data. It can then store this data in memory, or with the help of an active record model, store data in a database. Active Record (AR) is a design pattern used to abstract database access in an object-oriented fashion. Each AR object in Yii is an instance of CActiveRecord or its child class that wraps a single row in a database table or view, encapsulates all the logic and details around database access, and houses much of the business logic that is required to be applied to that data. The data field values for each column in the table row are represented as properties of the AR object. AR is described in more detail a little later. The view Typically, the view is responsible for rendering the user interface, based on the data in the model. A view in Yii is a PHP script that contains user interface related elements, often built using HTML, but can also contain PHP statements. Usually any PHP statements within the view are very simple conditional or looping statements, or refer to other Yii UI-related elements such as HTML helper class methods or prebuilt widgets. More sophisticated logic should be separated from the view and placed appropriately in either the model (if dealing directly with the data), or in the controller for a more general business logic. The controller The controller is our main director of a routed request and is responsible for taking user input, interacting with the model, and instructing the view to update and display appropriately. A controller in Yii is an instance of CController or its child. When a controller runs, it performs the requested action, which then interacts with needed models and renders an appropriate view. An action, in its simplest form, is a controller class method whose name starts with the word action. Chapter 1 [ 11 ] Stitching these together: Yii request routing In most MVC implementations, a web request typically has the following lifecycle: 1. The browser sends the request to the server hosting the MVC application. 2. A controller is invoked to handle the request. 3. The controller interacts with the model. 4. The controller invokes the view. 5. The view renders the data (often as HTML) and returns it to the browser for display. Yii's MVC implementation is no exception. In a Yii application, incoming requests from the browser are first received by a router. The router analyzes the request to decide where in the application it should be sent for further processing. In most cases, the router identifies a specific action method within a controller class to which the request is passed. This action method will look at the incoming request data, possibly interact with the model, and perform other needed business logic. Eventually, this action class will prepare the response data and send it to the view class. The view will then massage this data to conform to the desired layout and design, and return it for the browser to display. Blog posting example To help all of this make more sense, let's look at a fictitious example. Pretend we have used Yii to build ourselves a new blog site, yourblog.com. This site is similar to most typical blog sites out there. The home page displays a list of recently posted blog posts. The names of each of these blog postings are hyperlinks that take the user to the page that displays the full article. The next diagram illustrates how Yii handles an incoming request sent from clicking on one of these hypothetical blog post links. Meet Yii [ 12 ] The figure traces the request made from a user clicking on the following link: http://yourblog.com/post/show/id/99 First, the request is sent to the router. The router parses the request to decide where to send it. The structure of the URL is key to the decision the router will make. By default, Yii recognizes URLs with the following format: http://hostname/index.php?r=ControllerID/ActionID The r querystring variable refers to the route that is analyzed by the Yii router. It will parse this route to determine the appropriate controller and action method to further handle the request. Now, you may have immediately noticed that the URL mentioned in the previous example does not follow this default format. It is a simple matter to configure the application to recognize the more search engine friendly format: http://hostname/ControllerID/ActionID We will continue to use this simplified format for the purposes of this example. The ControllerID in the URL refers to the name of the controller. By default this is the first part of the controller class name, up to the word Controller. For example, if your controller class name is TestController, the ControllerID would be Test. Similarly, ActionID refers to the name of the action that is defined by the controller. If the action is a simple method defined within the controller, this will be whatever follows the word Action in the method name. For example, if your action method is named actionCreate(), the ActionID is Create. If the ActionID is omitted, the controller will take the default action, which is a method in the controller called actionIndex(). If the ControllerID is also omitted, the application will use the default controller. The Yii default controller is called SiteController. Turning back to the example, the router will analyze the following URL, http://yourblog.com/post/show/id/99, and will take the first part of the URL path, post to be the ControllerID and the second part, show to be the ActionID. This will translate to routing the request to the actionShow() method within the PostController class. The last part of the URL (id/99) is a name/value querystring parameter that will be available to the method during processing. In this example, 99 represents the unique internal id for the selected blog post. The actionShow() method handles requests for specific blog post entries. In this case, it uses the querystring variable, id to determine which specific post is being requested. It asks the model to retrieve information about blog post entry number 99. Chapter 1 [ 13 ] The model AR class interacts with the database to retrieve the requested data. After retrieving the data from the model, the controller class further prepares it for display by making it available to the view. The view then renders the needed HTML in a response back to the user's browser. This MVC architecture allows us to separate the presentation from the model, and the controller from the view. This makes it easy for developers to change aspects of the application without affecting the User Interface (UI) and for UI designers to freely make changes without affecting the model or business logic. This separation also makes it very easy to provide multiple presentations of the same model code. For example, you could use the same model code that drives the HTML layout of yourblog.com to drive a Flash/Flex RIA presentation or a mobile application or web services, or a command-line interface. In the end, following this set conventions and separating the functionality will result in an application that is much easier to extend and maintain. Yii does a lot more to help you enforce this separation than simply providing some naming conventions and suggestions for where your code should be placed in a folder structure. It helps to take care of all the lower-level glue code needed to stitch all the pieces together. This allows you to reap the benefits of a strict MVC designed application without having to spend all the time coding the details yourself. Let's take a look at some of these lower-level details. Object-relational mapping and Active Record For the most part, the web applications we build house their data in a relational database. The blog posting application we used in the previous example holds blog post content in database tables. However, web applications need the data that is held in the persistent database storage mapped to in-memory class properties that define the domain objects. Object-relational mapping (ORM) libraries provide this mapping of database tables to domain object classes. Much of the code that deals with ORM is about describing how fields in the database correspond to fields in our objects, which is tedious and repetitive to write. Luckily, Yii comes to our rescue to save us from this repetition and tedium by providing the ORM layer in the form of the AR pattern. Meet Yii [ 14 ] Active Record As was previously mentioned, AR is a design pattern used to abstract database access in an object-oriented fashion. It maps tables to classes, rows to objects and columns to object attributes. In other words, each instance of an active record class represents a single row in a database table. However an AR class is more than just a set of attributes that map to columns in a database table; it also houses the needed business logic behavior to be applied to that data. The end result is a class that defines everything about how it should be written to and read from the database. By relying on convention and sticking with reasonable defaults, Yii's implementation of AR will save the developer a ton of time normally spent in configuration or in writing tedious and repetitive SQL statements required to create, read, update and delete data. It also allows the developer to access data stored in the database in a much more object-oriented way. To illustrate this, here is some example code that uses AR to operate on a specific blog posting whose internal id, which is also used as the table's Primary Key, is 99. It first retrieves the posting by Primary Key, it then changes the title, and then updates the database to save the changes: $post=Post::model()->findByPk(99); $post->title='Some new title'; $post->save(); Active Record completely relieves us of the tedium of having to write any SQL or otherwise deal with the underlying database. Active Record does even more than this. It integrates seamlessly with many other aspects of the Yii Framework. There are myriad active html helper input form fields that tie directly to their respective AR class attributes. This way, Active Record extracts the input form field values directly into the model. It also supports sophisticated, automated data validation, and if the validation fails, the Yii view classes easily display the validation errors to the end user. We will be revisiting AR and providing many concrete examples throughout this book. The view and controller The view and the controller are very close cousins. The controller makes the data available for display to the view and the view generates the pages that trigger events, which sends data to the controller. Chapter 1 [ 15 ] In Yii, a view file belongs to the controller class that rendered it. This way, inside a view script, we can access the controller instance by simply referring to $this. This implementation makes the view and controller very intimate. Thankfully, all of these details are handled for us by Yii, so we can focus on coding the specific application. There is also a lot more to Yii controllers than just calling the model and rendering views. Controllers can manage services to provide sophisticated pre- and post-processing on requests, implement basic access control rules to limit access to certain actions, manage application-wide layout and nested layout file rendering, manage pagination of data, and many other behind-the-scenes services. Again, we have Yii to thank for not needing to get our hands dirty with these messy details. There is a lot to Yii. The best way to explore all its beauty is to start using it. Now that we have some of the basic ideas and terminology under our belt, we are in a great position to do just that. In the next chapter, we will go through the simple Yii installation process, and then build a working application to better illustrate these ideas. Summary In this chapter, we were introduced at a very high level to the Yii PHP web application framework. We also covered a number of software design concepts embraced by Yii. Don't worry if the abstract nature of this initial discussion was a tad lost on you. It will all make sense once we dive into specific examples. But, to recap, we specifically covered: 1. The importance and utility of application development frameworks. 2. What Yii is and the characteristics of Yii that make it incredibly powerful and useful. 3. The MVC application architecture and the implementation of this architecture in Yii. 4. A typical Yii web request lifecycle and URL structures. 5. Object-relational mapping and Active Record in Yii. Getting Started The real pleasures and benefits of Yii are quickly revealed by simply using it. In this chapter, we will see how the concepts introduced in the previous chapter, Meet Yii, are manifested in an example Yii application. In the spirit of Yii's philosophy to follow conventions, we will write a Hello, World! program to try out this new framework. In this chapter, we will cover: • Yii Framework installation • Creating a new application • Creating controllers and views • Adding dynamic content to view files • Yii request routing and linking pages together Before we can use it we need to first install the framework. Let's do that now. Installing Yii Prior to installing Yii, you must configure your application development environment as a web server capable of supporting PHP 5.1.0 or higher. Yii has been thoroughly tested with Apache HTTP server on Windows and Linux operating systems. It may also run on other web servers and platforms, provided PHP 5 is supported. There are myriad free resources available on the Internet to assist you in getting your environment configured with a PHP 5 compatible web server. We assume the reader has previously engaged in PHP development and has access to such an environment. We will leave the installation of a web server and PHP itself as an exercise to the reader. Getting Started [ 18 ] The basic Yii installation is almost trivial. There are really only two necessary steps: 1. Download the Yii Framework from http://www.yiiframework.com/ download/. 2. Unpack the downloaded file to a web-accessible folder. There are several versions of Yii from which to choose when downloading the framework. We will be using version 1.1.2 for the purposes of this book, which is the latest stable version as of the time of writing. Though most of the sample code should work with any 1.1.x version of Yii, there may be some subtle differences if you are using a different version. Please use 1.1.2 if you are following along with the examples. After installation, it is advised that you verify that your server satisfies all of the requirements for using Yii and to ensure the installation was a success. Luckily, doing so is easy. Yii comes with a simple requirement checking tool. To invoke the tool and have it verify the requirements for your installation, simply point your browser to: http://yourhostname/path/to/yii/requirements/index.php The following screenshot shows the results we see for our configuration: Chapter 2 [ 19 ] Using the Requirement Checker is not itself a requirement for installation, but it is certainly recommended to ensure proper installation. As you can see, not all of our results under the Details section received a Passed status, as some display a Warning. Of course, your configuration will most likely be slightly different from ours and consequently, your results may slightly differ as well. That is okay. It is not necessary that all of the checks under the Details section pass, but it is necessary to receive the following message under the Conclusion section: Your server configuration satisfies the minimum requirements by Yii. Installing a database Throughout this book, we will be using a database to support many of our examples and the applications that we will be writing. In order to properly follow along with this book, it is recommended you install a database server. Though you can use any database that is supported by PHP with Yii, if you want to use some of built-in database abstraction layers and tools within Yii, you will need to use one that is supported by the framework. As of version 1.1, those are: • MySQL 4.1 or later • PostgresSQL 7.3 or later • SQLite 2 and 3 • Microsoft SQL Server 2000 or later • Oracle Now that we have installed the framework, and we have verified that we have met the minimum requirements, let's create a brand new Yii web application. Creating a new application To create a new application, we are going to use a little powerhouse of a tool known as yiic that comes packaged with the framework. This is a command-line tool that one can use to quickly jumpstart a brand new Yii application. It is not mandatory to use this tool, but it saves a lot of time and guarantees that the proper folder and file structure is in place. Getting Started [ 20 ] To use this tool to create your first Yii application, open up a shell window, and navigate to a place in your filesystem where you will want to create your application's folder structure. For the purpose of this demo application, we will assume the following: • YiiRoot is the folder where you have installed Yii • WebRoot is configured as the document root of your web server • From your command line, change to your WebRoot folder and execute the following: % cd WebRoot % YiiRoot/framework/yiic webapp demo Create a Web application under '/Webroot/demo'? [Yes|No] Yes mkdir /WebRoot/demo mkdir /WebRoot/demo/assets mkdir /WebRoot/demo/css generate css/bg.gif generate css/form.css generate css/main.css Your application has been created successfully under /Webroot/demo. The webapp command is used to create a brand new Yii web application. It takes just a single argument to specify either the absolute or relative path to the folder in which the application should be created. The result is the generation of all the needed folders and files to provide a default Yii web application skeleton. Now we can change into the newly created demo folder and look at what was created for us: % cd demo % ls –p assets/ images/ index.php themes/ css/ index-test.php protected/ A description of the high-level items that were automatically created is shown as follows: demo/ index.php Web application entry script file index-test.php entry script file for the functional tests assets/ containing published resource files Chapter 2 [ 21 ] css/ containing CSS files images/ containing image files themes/ containing application themes protected/ containing protected application files With the execution of one simple command from the command line, we have created all the folder structure and files needed to immediately take advantage of Yii's sensible default configuration. All of these folders and the files, along with the subfolders and files they contain, can look a little daunting at first glance. However, we can ignore most of them as we are getting started. All these folders and files are actually a working web application. The yiic command has populated the application with enough code to establish a simple home page, a typical Contact Us page to provide an example of a web form, and a login page with enough autogenerated code to demonstrate basic authorization and authentication in Yii. If your web server supports the GD2 graphics library extension, you will also see a CAPTCHA widget on the Contact Us form, and the application will have the corresponding validation for this form item. As long as your web server is running, you should be able to open up your browser and navigate to http://localhost/demo/index.php. Here you will be presented with a My Web Application home page along with the friendly greeting Welcome to My Web Application, followed by some helpful information on the steps to be taken next. The next screenshot shows this example home page: Getting Started [ 22 ] You'll notice that there is a working application navigation bar along the top of the page. From left to right there is: Home, About, Contact, and Login. Let's explore by clicking around. Clicking on the About link provides a simple example of a static page. The Contact link will take you to the Contact Us form that was mentioned before, along with the CAPTCHA input field in the form (again, you will only see the CAPTCHA field if you have the GD graphics extension as part of your PHP configuration). The Login link will take you to a page displaying a login form. This is actually working code with form validations, as well as username and password credential validation and authentication. Using either demo/demo or admin/admin as the username/password combination will get you logged into the site. Try it out. You can try a login that will fail (any combination other than demo/demo or admin/ admin), and see the error validation messages display. After successfully logging in, the Login link in the header changes to a Logout(username) where username is either demo or admin, depending on which username you used to login. It is amazing that so much has been accomplished without having to do any coding. Hello, World! All of this autogenerated code will start to make more sense once we walk through a simple example. To try out this new system, let's build that Hello, World! program we promised at the start of this chapter. A Hello, World! program in Yii will be a simple web page application that sends this very important message to our browser. We have already discussed about Yii being a Model-View-Controller framework in Chapter 1, Meet Yii,. A typical Yii web application takes in an incoming request from a browser, parses information in that request to find a controller, and then calls an action within that controller. The controller can then invoke a particular view to render and return content to the user. If dealing with data, the controller may also interact with a model to handle all the Create, Read, Update, and Delete (CRUD) operations on that data. In our simple Hello, World! application, all we will require is the code for a controller and a view. We are not dealing with any data, so a model will not be needed. Let's begin our example by creating our controller. Creating the controller As we did when we created the initial application, we will again call on the yiic command to help us create our controller. In this case, we are going to use the yiic shell command to start the application within an interactive shell in which we can invoke other commands. To start the shell, navigate to the root of your demo application by running the following command: Chapter 2 [ 23 ] %cd /Webroot/demo Then execute yiic with the following shell command: %YiiRoot/framework/yiic shell Yii Interactive Tool v1.1 Please type 'help' for help. Type 'exit' to quit. >> If you have navigated into your web application folder, you can also envoke the yiic command-line tool by referencing the relative path protected/yiic rather than the fully qualified path to where Yii is installed. So, the equivalent way to start the shell from within the folder would be: % protected/yiic shell You are now at the prompt within the interactive shell. You can type help to see a list of commands available to you within this shell: >> help At the prompt, you may enter a PHP statement or one of the following commands: - controller - crud - form - help - model - module Type 'helpHello, World!
Save your code, and view the page again in your browser: http://yourhostname/ index.php?r=message/helloWorld It now displays our introductory greeting in place of the autogenerated copy, as displayed in the following screenshot: We have our simple application working with stunningly minimal code. All we have added is one line of HTML to our helloWorld view file. Reviewing our request routing Let's review how Yii is analyzing our request in the context of this example application: 1. You navigate to the Hello, World! page by pointing your browser at the following URL: http://yourhostname/demo/index.php?r=message/ helloWorld. 2. Yii analyzes the URL. The route querystring variable indicates that the controllerID is message. This tells Yii to route the request to the MessageController class, which it finds in protected/controllers/ MessageController.php. 3. Yii also discovers that the actionID specified is helloWorld. So, the action method actionHelloWorld() is invoked within the MessageController. Getting Started [ 28 ] 4. The actionHelloWorld() method renders the helloWorld.php view file located at protected/views/message/helloWorld.php. And we altered this view file to simply display our introductory greeting, which is then returned to the browser. 5. This all came together without having to make any configuration changes. By following Yii's default conventions, the entire application request routing has been seamlessly stitched together for us. Of course, Yii gives us every opportunity to override this default workflow if needed, but the more you stick with the conventions, the less time you will spend in tweaking configuration code. Adding dynamic content The simplest way to add dynamic content to our view template is to embed PHP code into the template itself. View files are rendered by our simple application to result in HTML, and any basic text in these files is passed through without being changed. However, any content between the tags is interpreted and executed as PHP code. This is a typical way PHP code is embedded within HTML files and is probably familiar to you. Adding the date and time To spice up our page with dynamic content, let's display the date and time. Open up the helloWorld view again and add the following line below the greeting text: Save, and view it at the following URL: http://yourhostname/demo/index. php?r=message/helloWorld Presto! We have added dynamic content to our application. With each page refresh, we see the displayed content changing. Admittedly, this is not terribly exciting, but it does show how to embed simple PHP code into our view templates. Chapter 2 [ 29 ] Adding the date and time, a better approach Although this approach of embedding PHP code directly into the view file does allow for any PHP code of any amount or complexity, it is strongly recommended that these statements do not alter data models and that they remain simple, display-oriented statements. This will help keep our business logic separate from our presentation code, which is part of the agenda of an MVC architecture. Moving the data creation to the controller Let's move the logic that creates the time back to the controller and have the view do nothing more than display the time. We'll move the determination of the time into our actionHelloWorld() method within the controller and set the value in an instance variable called $time. 1. First, let's alter the controller action. Currently our action in our MessageController, actionHelloworld(), simply makes a call to render our helloWorld view by executing the following code: $this->render('helloWorld'); Before we render the view, let's add the call to determine the time, and then store it in a local variable called $theTime. Let's then alter our call to render() by adding a second parameter which includes this variable: $theTime = date("D M j G:i:s T Y"); $this->render('helloWorld',array('time'=>$theTime)); When calling render() with a second parameter containing array data, it will extract the values of the array into PHP variables and make those variables available to the view script. The keys in the array will be the names of the variables made available to our view file. In this example, our array key time whose value is $theTime, will be extracted into a variable named $time, which will be made available in the view. This is one way to pass data from the controller to the view. 2. Now let's alter the view to use this instance variable, rather than calling the date function itself. Open up the helloWorld view file again, and replace the line we previously added to echo the time with the following: 3. Save and view the results again at: http://yourhostname/demo/index. php?r=message/helloWorld Getting Started [ 30 ] The next screenshot shows the end result of our Hello, World! application thus far (of course, your date and time will differ). We have demonstrated two approaches to adding PHP generated content to the view template files. The first approach puts the data creation logic directly into the view file itself. The second approach housed this logic in the controller class, and fed the information to the view file by using variables. The end result is the same, the time is displayed in our rendered HTML file, but the second approach takes a small step forward in keeping the data acquisition and manipulation, that is business logic, separate from our presentation code. This separation is exactly what a Model-View-Controller architecture strives to provide, and Yii's explicit folder structure and sensible defaults make this a snap to implement. Have you been paying attention? It was mentioned in Chapter 1, Meet Yii that the view and controller are close cousins. So much so that $this within a view file refers to the controller class that rendered the view. In the preceding example, we explicitly fed the time to the view file from the controller by using the second argument in the render method. This second argument explicitly sets variables that are immediately available to the view file, but there is another approach we encourage you to try out for yourself. Alter the previous example by defining a public class property on MessageController, rather than a locally scoped variable, whose value is the current date and time. Then display the time in the view file by accessing this class property through $this. Chapter 2 [ 31 ] Linking pages together Typical web applications have more than one page within them for users to experience, and our simple application should be no exception. Let's add another page that displays a response from the World, 'Goodbye, Yii developer!', and link to this page from our Hello, World! page, and vice-versa. Normally, each rendered HTML page within a Yii web application will correspond to a separate view (though this does not always have to be the case). So, we will create a new view and will use a separate action method to render this view. When adding a new page like this, we also need to consider whether or not to use a separate controller. As our Hello and Goodbye pages are related and very similar, there is no compelling reason to delegate the application logic to a separate controller class at the moment. Linking to a new page Let's have the URL for our new page be of the following form: http://yourhostname/demo/index.php?r=message/goodbye 1. Sticking with Yii conventions, this decision defines the name of our action method we need in the controller as well as the name of our view. So, open up MessageController and add an actionGoodbye() method just below our actionHelloworld() action: class MessageController extends CController { ... public function actionGoodbye() { $this->render('goodbye'); } ... } 2. Next we have to create our view file in the /protected/views/message/ folder. This should be called goodbye.php as it should be the same as the actionID we chose. Please do keep in mind that this is just a recommended convention. The view does not have to have the same name as the action by any means. The view filename just has to match the first argument of render(). Getting Started [ 32 ] 3. Create an empty file in that folder, and add the single line:Goodbye, Yii developer!
4. Saving and viewing again: http://yourhostname/demo/index. php?r=message/goodbye should display the goodbye message. 5. Now we need to add the links to connect the two pages. To add a link on the Hello screen to the Goodbye page, we could add an tag directly to the helloWorld view template, and hardcode the URL structure like: Goodbye! This does work, but it tightly couples the view code implementation to a specific URL structure, which might change at some point. If the URL structure were to change, these links would become invalid. Remember in Chapter 1, Meet Yii when we went through the blog posting application example? We used URLs that were of a different, more SEO friendly format than the Yii default format, namely: http://yourhostname/ControllerID/ActionID It is a simple matter to configure a Yii web application to use this path format as opposed to the querystring format we are using in this example. Being able to easily change the URL format can be important to web applications. As long as we avoid hardcoding them throughout our application, changing them will remain a simple matter of altering the application configuration file. Getting a little help from Yii CHtml Luckily, Yii comes to the rescue here. It comes with myriad helper methods that can be used in view templates. These methods exist in the static HTML helper framework class, CHtml. In this case, we want to employ the helper method link which takes in a controllerID/actionID pair, and creates the appropriate hyperlink for you based on how the URL structure is configured for the application. As all these helper methods are static, we can call them directly without the need to create an explicit instance of the CHtml class. 1. Using this link helper, our helloWorld view becomes:Hello, World!
Chapter 2 [ 33 ] 2. Save your changes, and view the Hello, World! page at: http://yourhostname/demo/index.php?r=message/helloWorld You should see the hyperlink, and clicking it should take you to the Goodbye page. The first parameter in the call to the link method is the text that will be displayed in the hyperlink. The second parameter is an array that holds the value for our controllerID/actionID pair. The results are displayed in the following figure: 3. We can follow the same approach to place a reciprocal link in our goodbye view:Goodbye, Yii developer!
4. Save and view the Goodbye page at the following link: http://yourhostname/demo/index.php?r=message/goodbye You should now see an active link back to the Hello, World! page from the Goodbye page, as shown in the following screenshot: Getting Started [ 34 ] Summary In this chapter, we constructed an extremely simple application to demonstrate: • How to install the Yii Framework • How to use the yiic command to bootstrap the creation of a new Yii application • How to use the yiic command to create a new controller within the application • How Yii turns incoming requests into calls to your code • How to create dynamic content within a controller and have it accessible to the view files for display to the browser • How to link internal application pages together We have demonstrated ways to link web pages together in our simple application. One approach added an HTML tag directly to the view file and hardcoded the URL structure. The other (preferred approach) made use of Yii's CHtml helper class to help construct the URLs based on controllerID/actionID pairs, so that the resulting format will always conform to the application configuration. This way, we can easily alter the URL format throughout the application without having to go back and change every view file that happens to have internal links. Our simple Hello, World! application really reaps the benefits of Yii's convention over configuration philosophy. By applying certain default behavior and following the recommended conventions, the building of this simple application, (and our entire request routing process) just fell together in an easy and convenient way. While this incredibly simple application has provided concrete examples to help us better understand using the Yii Framework, it is far too simplistic to demonstrate Yii's ability to ease the building of our real-world applications. In order to demonstrate this, we need to build a real-world web application (and we will do just that). In the next chapter, we will introduce you to the project task and issue tracking application that we will be building throughout the remainder of this book. The TrackStar Application We could continue to keep adding to our simple demo application to provide examples of Yii's features, but that won't really help us to understand the framework in the context of a real-world application. In order to do that, we need to build something that will more closely resemble the types of applications web developers actually have to build. That is exactly what we are going to be doing throughout the rest of this book. In this chapter, we introduce the project task tracking application called TrackStar. There are many other project management and issue tracking applications out there in the world, and the basic functionality of ours will not be any different from many of these. So why build it, you ask? It turns out that this type of user-based application has many features that are common to a great many web applications out there. This will allow us to achieve two primary goals: • Showcase Yii's incredible utility and feature set as we build useful functionality and conquer real-world web application challenges • Provide real-world examples and approaches that will be immediately applicable to your next web application project Introducing TrackStar TrackStar is a Software Development Life Cycle (SDLC) issue management application. Its main goal is to help keep track of all the many issues that arise throughout the course of building software applications. It is a user-based application that allows the creation of user accounts and grants access to the application features, once a user has been authenticated and authorized. It allows a user to add and manage projects. The TrackStar Application [ 36 ] Projects can have users associated with them (typically the team members working on the project) as well as issues. The project issues will be things such as development tasks and application bugs. The issues can be assigned to members of the project and will have a status such as not yet started, started, and finished. This way, the tracking tool can give an accurate depiction of projects with regard to what has been accomplished, what is currently in progress, and what is yet to be started. Creating user stories Simple user stories are a great way to identify the required features of your application. User stories, in their simplest form, state what a user can do with a piece of software. They should start simple, and grow in complexity as you dive into more and more of the details around each feature. Our goal here is to begin with just enough complexity to allow us to get stared. If needed, we'll add more detail and complexity later. We briefly touched on the three main entities that play a large role in this application: users, projects, and issues. These are our primary domain objects, and are extremely important items in this application. So, let's start with them. Users TrackStar is a user-based web application. There will be two high-level user types: • Anonymous • Authenticated An anonymous user is any user of the application that has not been authenticated through the login process. Anonymous users will only have access to register for a new account or to log in. All other functionality will be restricted to authenticated users. An authenticated user is any user that has provided valid authentication credentials through the login process. In other words, authenticated users are logged-in users. They will have access to the main features of the application such as creating and managing projects, and project issues. Projects Managing the project is the primary purpose of the TrackStar application. A project represents a general, high-level goal to be achieved by one or more users of the application. The project is typically broken down into more granular tasks (or issues) that represent the smaller steps that need to be taken to achieve the overall goal. Chapter 3 [ 37 ] As an example, let's take what we are going to be doing throughout this book, that is, building a project and issue tracking management application. Unfortunately, we can't use our yet-to-be-created application as a tool to help us track its own development. However, if we were using a similar tool to help track what we are building, we might create a project called Build The TrackStar Project/Issue Management Tool. This project would be broken down into more granular project issues such as 'Create the login screen' or 'Design database schema for issues', and so on. Authenticated users can create new projects. The creator of the project within an account has a special role within that project, called the project owner. Project owners have the ability to edit and delete these projects as well as add new members to the project. Other users associated with the project—besides the project owner—are referred to simply as project members. They have the ability to add new issues, as well as edit existing ones. Issues Project issues can be classified into one of the following three categories: • Features: Items that represent real features to be added to the application. For example, 'Implement the login functionality' • Tasks: Items that represent work that needs to be done, but is not an actual feature of the software. For example, 'Set up the build and integration server' • Bugs: Items that represent application behaviors that are not working as expected. For example, 'The account registration form does not validate the format of input e-mail addresses' Issues can have one of the following three statuses: • Not yet started • Started • Finished Project members can add new issues to a project, as well as edit and delete them. They can assign issues to themselves or other project members. For now, this is enough information on these three main entities. We could go into a lot more detail about what exactly account registration entails' and how exactly one adds a new task to a project', but we have outlined enough specifications to begin on these basic features. We'll nail down the more granular details as we proceed with the implementation. The TrackStar Application [ 38 ] However, before we start, we should jot down some basic navigation and application workflow. This will help everyone to better understand the general layout and flow of the application we are building. Navigation and page flow It is always good to outline the main pages within an application, and how they fit together. This will help us quickly identify some needed Yii controllers, actions and views as well as help to set everyone's expectations as to what we'll be building towards at the onset of our development. The figure below shows the basic idea of the application flow from logging in, through the project details listing: When users first come to the application, they must log in to authenticate themselves before accessing any functionality. Once successfully logged-in, they will be presented with a list of his current projects along with the option to create a new project. Choosing a specific project will take them to the project details page. The project details page will present a list of the issues by type. There will also be the option to add a new issue as well as edit any of the listed issues. Chapter 3 [ 39 ] This is all pretty basic functionality, but the figure gives us a little more information on how the application is stitched together and allows us to better identify our needed models, views, and controllers. It also allows something visual to be shared with others so that everyone involved has the same 'picture' of what we are working towards. In my experience, almost everyone prefers pictures over written specifications when first thinking through a new application. Defining a data scheme We still need to think a little more about the data we will be working with as we begin to build toward these specifications. If we pick out all the main nouns from our system, we may end up with a pretty good list of domain objects and, by extension of using Active Record, the data we want to model. Our previously outlined user stories seem to dictate the following: • A User • A Project • An Issue Based on this and the other details provided in the user stories and application workflow diagram, a first attempt at the needed data is shown in the following figure. The TrackStar Application [ 40 ] This is a basic object model that outlines our primary data entities, their respective attributes, and some of the relationships between them. The 1..* on either side of the line between the Project and User objects represents a many-to-many relationship between them. A user can be associated with one or more projects, and a project has one or more users. Similarly we have represented the fact that a project can have zero or more issues associated with it, whereas an issue belongs to just one specific project. Also, a user can be the owner of (or requester of) many issues, but an issue has just one owner (and also just one requester). We have kept the attributes as simple as possible at this state. A User is going to need a username and a password in order to get past the login screen. The Project has only a name Issues have the most associated information based on what we currently know about them. As discussed briefly in the user stories above, they will have a type attribute to distinguish the general category (bug, feature, or task). They will also have a status attribute to indicate the progress of the issue being worked on. A user in the system will initially create the issue, this is the requester. Once a user in the system has been assigned to work on the issue, they will be the owner of the issue. We have also defined the description attribute to allow for some descriptive text of the issue to be entered. Notice that we have not explicitly talked about schemas or databases yet. The fact is, until we think through what is really needed from a data perspective, we won't know the right tool to use to house this data. Would flat files on the filesystem work just as well as a relational database? Do we need a persistent data at all? The answers to these questions are not needed in this early planning state. It is better to focus more on the features that we want and the type of data needed to support these features. We can turn to the explicit technology implementation details after we have had a chance to discuss these ideas with other project stakeholders to ensure we are on the right track. Other project stakeholders include anyone and everyone involved in this development project. This can include the client, if building an application for someone else, as well as other development team members, product/ project managers, and so on. It is always a good idea to get some feedback from "the team" to help validate the approach and any assumptions being made. In our case, there is really no one else involved in this development effort. We would certainly consult with you, the reader, if we could, before moving forward. Unfortunately, this book format does not allow for real-time, bi-directional communication. So, as there is no one else to consult, we'll move forward with the outlined approach. Chapter 3 [ 41 ] However, before we dive right into building our application, we need to cover our development approach. We will be employing some specific development methodologies and principles, and it makes sense to go over these prior to getting started with coding. Defining our development methodology We will be employing an agile inspired process of iterative and incremental development as we build this application. 'Agile' is certainly a loaded term in modern software development and can have varied meanings among developers. Our process will focus on the aspects of an agile methodology that embrace transparent and open collaboration, constant feedback loops, and a strong ability to respond quickly to changing requirements. We will work incrementally in that we won't wait until every detail of the application has been specified before we start coding. Once the details of a particular feature have been finalized, we can begin work on implementing that feature, even though other features or application details are still in the design/planning stage. The process surrounding this feature implementation will follow an iterative model. We will do some initial iteration planning, engage in analysis and design, write the code to try out these ideas, test the code, and gather feedback. We then repeat this cycle of design->code->test->evaluation, until everyone is happy. Once everyone is happy, we can deploy the application with the new feature, and then start gathering the specifications on the next feature(s) to be implemented in the next iteration. Automated software testing Gathering feedback is of fundamental importance to agile development. Feedback from the users of the application and other project stakeholders, feedback from the development team members, and feedback directly from the software itself. Developing software in a manner that will allow it to tell you when something is broken can turn the fear associated with integrating and deploying applications into boredom. The method by which you empower your software with this feedback mechanism is writing unit and functional tests, and then executing them repeatedly and often. Unit and functional testing Unit tests are written to provide the developer with verification that the code is doing the right things. Functional tests are written to provide the developer, as well as other project stakeholders, that the application, as a whole, is doing things the right way. The TrackStar Application [ 42 ] Unit tests Unit tests are tests that focus on the smallest units within a software application. In an object-oriented application, (such as a Yii web application) the smallest units are the public methods that make up the interfaces to classes. Unit tests should focus on one single class, and not require other classes or objects to run. Their purpose is to validate that a single unit of code is working as expected. Functional tests Functional tests focus on testing the end-to-end feature functionality of the application. These tests exist at a higher level than the unit tests and typically do require multiple classes or objects to run. Their purpose is to validate that a given feature of the application is working as expected. Benefits of testing There are many benefits to writing unit and functional tests. For one, they are a great way to provide documentation. Unit tests can quickly tell the exact story of why a block of code exists. Similarly, functional tests document what features are implemented within an application. If you stay diligent in writing these tests, then the documentation continues to evolve naturally as the application evolves. They are also invaluable as a feedback mechanism to constantly reassure the developer and other project stakeholders that the code and application is working as expected. You run your tests every time you make changes to the code and get immediate feedback on whether or not something you altered inadvertently changed the behavior of the system. You then address these issues immediately. This really increases the confidence that developers have in the application's behavior and translates to fewer bugs and more successful projects. This immediate feedback also helps to facilitate change and improving the design of the code base. A developer is more likely to make improvements to existing code if a suite of tests are in place to immediately provide feedback as to whether the changes made altered the application behavior. The confidence provided by a suite of unit and functional tests allows developers to write better software, release a more stable application, and ship quality products. Chapter 3 [ 43 ] Test-driven development Test-driven development (TDD) is a software development methodology that helps to create an environment of comfort and confidence by ensuring your test suite grows organically with your application, and is always up-to-date. It does this by stipulating that you begin your coding by first writing a test for the code you are about to write. The following steps sum up the process: 1. Begin by writing a test that will quickly fail. 2. Run the test to ensure it does, indeed, fail. 3. Quickly add just enough code to the class you are testing to get the test to pass. 4. Run the test again to ensure it does, indeed, pass. 5. Refactor the code to remove any repetitive logic or improve any corners cut while you were just trying to get the test to pass. These steps are then repeated throughout the entire development process. Even with the best intentions, if you wait to write your tests until after the code is completed, you probably won't. Writing your tests first and injecting the test writing process directly into the coding process will ensure the best test coverage. This depth of coverage will help minimize the stress and fear that can accompany complex software applications and build confidence by constantly providing positive feedback as additions and changes are made. In order to embrace a TDD process, we need to understand how to test within a Yii application. Testing in Yii As of version 1.1, Yii is tightly integrated with the PHPUnit (http://www.phpunit. de/) and Selenium Remote Control (http://seleniumhq.org/projects/remote- control/) testing frameworks. There is nothing about TDD that presupposes a particular testing framework (or any testing framework at all, for that matter), but using one is strongly recommended. You may certainly test Yii PHP code with any of the testing frameworks available. However, the tight integration of Yii with the two frameworks mentioned previously makes things even easier. And making things easy is one of our primary goals here. We will be using the testing features of Yii as we proceed. The TrackStar Application [ 44 ] When we used the yiic webapp console command to create our new Hello World demo application in Chapter 2, we noticed that many files and folders were automatically created for us. The ones among these relevant to writing and performing automated tests are the following: Name of folder Use/contents demo/ protected This contains protected application files tests/ This contains tests for the application fixtures/ This contains database fixtures functional/ This contains functional tests unit/ This contains unit tests report/ This contains coverage reports bootstrap.php The script executed at the very beginning of the tests phpunit.xml The PHPUnit configuration file WebTestCase.php The base class for Web-based functional tests We will be placing our tests into three main folders: fixtures, functional, and unit. The report folder is used to store the generated code coverage reports. Note: The PHP extension, XDebug, must be installed in order to generate reports. It is recommended to use PECL to install XDebug. For details on this installation, see http://xdebug.org/docs/install. This is not a requirement if you wish to simply follow along with our examples. Unit tests A unit test in Yii is written as a PHP class that extends from the framework class, CTestCase. The conventions prescribe it be named AbcTest where Abc is replaced by the name of the class being tested. For example, if we were to test the Message class in our demo application from Chapter 2, we would name the test class MessageTest. This class is saved in a file called MessageTest.php under the folder protected/tests/unit/. The test class primarily has a set of test methods named testXyz where Xyz is often the same as the method name the test is built for in the class being tested. Continuing with the MessageController example, if we were testing our actionHelloworld() method, we would name the corresponding test method in our MessageTest class, testActionHelloworld(). Chapter 3 [ 45 ] Installing PHPUnit In order to follow along with our unit-testing approach, you will need to install PHPUnit. This should be done using the Pear Installer (for more information on Pear, see http://pear.php.net/) For Mac OS users, this is a simple as issuing two commands from the command line: % sudo pear channel-discover pear.phpunit.de % sudo pear install phpunit/PHPUnit However, your configuration may differ slightly. For more information on this installation process see: http://www.phpunit.de/manual/3.0/en/installation. html It is certainly beyond the scope of this book to specifically cover PHPUnit testing features. It is recommended that you take some time to go through the documentation (http://www.phpunit.de/ wiki/Documentation) to get a feel for the jargon and learn how to write basic unit tests. Functional tests Much like units tests, functional tests are written as PHP classes. However, they extend from CWebTestCase rather than CTestCase. The conventions are the same in that we name our functional test class AbcTest where Abc is the class being tested, and save the class in a file named AbcTest.php. However, we store these under the folder protected/tests/functional. In order to run functional tests, you need to install Selenium. Installing Selenium In addition to PHPUnit, the Selenium Remote Control Server (Selenium RC) is needed in order to run the functional tests. Installing Selenium RC is very simple. 1. Download Selenium Remote Control (Selenium RC) zip file from http://seleniumhq.org/download/. 2. Unpack the zip file to a preferred location on your system. The contents of the unzipped folder will have several specific client-based folders and one that contains the actual RC server. It will be named something similar to selenium-server-1.0.x/ The TrackStar Application [ 46 ] Where x will be specific to the version downloaded. Starting the server is also simple. Just navigate to this server folder on your system and issue: % java -jar selenium-server.jar This will start the server in that console. Running a quick example The TDD approach we will be taking throughout building the TrackStar application will primarily focus on the writing and executing of unit tests. However it would be a shame not to run though at least one functional test example. The site we created for our demo Hello World application has an example functional test located at protected/tests/functional/SiteTest.php. This file has three test methods created within it. One for testing the main home page, one for testing the contact page, and a third for testing the login and logout functionality. Before we can run this functional test, we need to make a couple of configuration changes to our application. First we need to alter protected/tests/WebTestCase. php to properly define our test URL that Selenium will attempt to open when it runs the tests. Open up that file and make sure the TEST_BASE_URL definition matches the URL to your demo application we created in the previous chapter, that is, change the following line: define('TEST_BASE_URL','http://localhost/testdrive/index- test.php/'); To: define('TEST_BASE_URL','http://localhost/demo/index-test.php/'); The next change may only apply to Mac OS users. Although, if you are using Windows but prefer not to use Internet Explorer as the testing browser, then you may also want to make this change. The file protected/tests/phpunit.xml houses some configuration settings for Selenium Server. It is configured to use IE as the primary browser. We can remove the following highlighted line of code to ensure only Firefox will be used when running Selenium: labelEx($model,'type_id'); ?> textField($model,'type_id'); ?> error($model,'type_id'); ?>
Iteration 3: Adding tasks [ 108 ] These lines need a little clarification. In order to understand this, we need to refer to some code at the top of the _form.php file which is as follows: beginWidget('CActiveForm', array( 'id'=>'issue-form', 'enableAjaxValidation'=>false, )); ?> This is defining the $form variable using the CActiveForm widget in Yii. Widgets are going to be covered in much more detail in Chapter 9. For now, we can comprehend this code by better understanding CActiveForm. It can be thought of as a helper class that provides a set of methods to help us to create a data entry form that is associated with a data model class. In this case, it is represented by the Issue model class. To fully understand the variables in our view file, let's also review our controller code that is rendering the view file(s). As you recall, one way to pass data from the controller to the view is by explicitly declaring an array, the keys of which will be the names of available variables in the view files. As this is the create action for a new issue, the controller method rendering the form is IssueController::actionCre ate(). This method is listed as follows: public function actionCreate() { $model=new Issue; // Uncomment the following line if AJAX validation is needed // $this->performAjaxValidation($model); if(isset($_POST['Issue'])) { $model->attributes=$_POST['Issue']; if($model->save()) $this->redirect(array('view','id'=>$model->id)); } $this->render('create',array( 'model'=>$model, )); } Here, we see that when the view is being rendered, it is being passed an instance of the Issue model class, that will be available in a variable called $model. Chapter 6 [ 109 ] Okay, so now let's go back to the code that is responsible for rendering the Type field on the create new issue entry form. The first line is: $form->labelEx($model,'type_id'); This line is using the CActiveForm::labelEx() method to render an HTML label for a the Issue model attribute, type_id. It takes in an instance of the model class, and the corresponding model attribute for which we want a label generated. The model class' Issue::attributeLabels() method will be used to determine the label. If we take a look at this method, we see that the attribute type_id is mapped to a label of Type, which is exactly what we see rendered as the label to this form field public function attributeLabels() { return array( 'id' => 'ID', 'name' => 'Name', 'description' => 'Description', 'project_id' => 'Project', 'type_id' => 'Type', 'status_id' => 'Status', 'owner_id' => 'Owner', 'requester_id' => 'Requester', 'create_time' => 'Create Time', 'create_user_id' => 'Create User', 'update_time' => 'Update Time', 'update_user_id' => 'Update User', ); } The next line of code is as follows: textField($model,'type_id'); ?> It uses the CActiveForm::textField() method to render a text input field for our Issue model attribute, type_id. Any of the validation rules defined for type_id in the model class Issue::rules() method will be applied as form validation rules to this input form. The final line of code is as follows: error($model,'type_id'); ?> It uses the CActiveForm::error() method to render any validation errors associated with the specific type_id attribute of the Issue model class on submission. Used in this way, the error message will display directly below the field. Iteration 3: Adding tasks [ 110 ] You can try out this validation with the Type field. As the type_id column is defined as an integer type in our MySQL schema definition, the Gii generated Issue model class has a validation rule in the Issue::rules() method to enforce this constraint: public function rules() { // NOTE: you should only define rules for those attributes that // will receive user inputs. return array( array('name', 'required'), array('project_id, type_id, status_id, owner_id, requester_id, create_user_id, update_user_id', 'numerical', 'integerOnly'=>true), So, if we attempt to submit a string value in our Type form field, we will receive an inline error, right under the field, as depicted in the following screenshot: Now that we understand exactly what we have , we are in a better position to change it. What we need to do is change this field from a free-form text input field to a drop-down entry type. It probably comes as little surprise that the CActiveForm class has a dropDownList() method that will generate a drop-down list for a model attribute. So, let's replace the line that calls $form->textField, with the following: dropDownList($model,'type_id', $model- >getTypeOptions()); ?> This still takes in the same model as the first argument and the model attribute as the second. The third argument specifies the list of drop-down choices. This should be an array of value=>display pairs. We already created our getTypeOptions() method in the Issue model class to return an array of this format, so we can use it directly. Save your work and look again at our issue input form. You should see a nice drop- down menu of issue type choices in place of the free-form text field, as displayed in the following screenshot: Chapter 6 [ 111 ] Adding the status drop-down menu: Do it yourself We are going to take the same approach for the issue status. As mentioned back in Chapter 3 when we introduced the application, issues can be in one of three statuses: • Not yet started • Started • Finished We are going to leave the implementation of the status dropdown to the reader. After following the same approach we took for the types (and we hope you take a test-first approach), and both the Type and Status form field should be dropdown lists. The form should look similar to what is shown in the following screenshot: Iteration 3: Adding tasks [ 112 ] Fixing the owner and requester fields Another problem that we previously noticed with the issue creation form is that the Owner and Requester fields were also free-form input text fields. However, we know these are integer values in the issue table that hold foreign key identifiers to the tbl_user table. So, we also need to add drop-down fields for these fields. We won't take the exact same approach we took for the Type and Status attributes, as issue owners and requesters need to be taken from the tbl_user table. To complicate things a bit further, because not every user in the system will be associated with the project under which the issue resides, these cannot be dropdowns populated with data taken from the entire tbl_user table. We need to restrict the list to just those users associated with this project. This brings up another thing we need to address. As mentioned in the Iteration planning section, we need to manage our issues within the context of a specific project. That is, a specific project should be chosen before you are even able to view the form for creating a new issue. Currently, our application functionality does not enforce this workflow. Let's address these issues in turn. First we will alter the application to enforce a valid project that should be identified first, prior to using any functionality to manage the issues associated with that project. Once a project is chosen, we'll make sure both our Owner and Requester dropdown choices are restricted to only users that are associated with that project. Enforcing a project context We want to ensure a valid project context is present before we allow any issue-related functionality. To do this, we are going to implement what is called a filter. A filter in Yii is bit of code that is configured to be executed either before or after a controller action is executed. One common example is if we want to ensure a user is logged in prior to executing a controller action method, then we could write a simple access filter that would check this requirement before the action is executed. Another example is if we want to perform some extra logging or other auditing logic after an action has executed. We could write a simple audit filter to provide this post-action processing. In this case, we want to ensure a valid project has been chosen prior to creating a new issue. So, we'll add a project filter to our IssueController class to accomplish this. Chapter 6 [ 113 ] Implementing a filter A filter can be defined as a controller class method or it can be a separate class. When using the simple method approach, the method name must begin with word filter and have a specific signature. For example, if we were going to create a filter method called SomeMethodName, our full filter method would look like: public function filterSomeMethodName($filterChain) { ... } The other approach is to write a separate class to perform the filter logic. When using the separate class approach, the class must extend CFilter and then override at least one of the preFilter() or postFilter() methods depending on whether the logic should be executed before the action is invoked, or after. Adding a filter So, let's add a filter to our IssueController class to handle the valid project. We'll take the simplest approach for now, and add a method that begins with the word filter directly to the class. As the invocation of this method is done by the Yii Framework itself, it is hard for us to take a test-first approach with this implementation. We'll break from our preferred approach a little bit in this case, and add this method to the IssueCcontroller without first writing a test. Open up protected/controllers/IssueController.php and add the following method to the bottom of the class: public function filterProjectContext($filterChain) { $filterChain->run(); } Okay, we now have a filter defined, but it does not do much yet. It simply executes $filterChain->run(), which continues the filtering process and allows execution of the action methods that are being filtered by this method. This brings up another point. How do we define for which action methods we should use this filter? Iteration 3: Adding tasks [ 114 ] Specifying the filtered actions CController, the Yii Framework base class for our controller classes has a filters() method that needs to be overridden in order to specify the actions on which to apply filters. In fact, this method has already been overridden in our IssueController class. This was done for us when we used the Gii tool to autogenerate this class. It already added a simple accessControl filter, which is defined in the CController base class, to handle some basic authorization to ensure that the user has sufficient permission to perform certain actions. We'll be covering user authentication and authorization in the next chapter. For now, we just need to add to this filter configuration array. To specify that our new filter should apply to the create action, alter the IssueController::filters() method by adding the following highlighted code : /** * @return array action filters */ public function filters() { return array( 'accessControl', // perform access control for CRUD operations 'projectContext + create', //check to ensure valid project context ); } The filters() method should return an array of filter configurations. The previous method returns a configuration that specifies that the projectContext filter, which is defined as a method within the class, should apply to the actionCreate() method. The configuration syntax allows for '+' and '-' symbols to be used to specify whether or not a filter should or apply. For example, if we decided that we wanted this filter to apply to all the actions except the actionUpdate() and actionView() action methods, we could specify: return array( 'projectContext - update, view' , ); You should not specify both the plus and the minus operator at the same time. Only one should be used for any given filter configuration. The plus operator means 'Only apply the filter to the following actions'. The minus operators means 'Apply the filter to all actions except the following'. If neither the '+' nor the '-' is in the configuration, the filter will be applied to all actions. Chapter 6 [ 115 ] At the moment, we'll keep this restricted to just the create action. So, as defined previously with the + create configuration, our filter method will be called when any user attempts to create a new issue. Adding some filter logic Okay, so now we have a filter defined and we have configured it to be called upon every attempted actionCreate() method call within the Issuecontroller class. However, it still does not perform the needed logic. As we want to ensure the project context before the action is attempted, we need to put the logic in the filter method before the call to $filterChain->run(). We'll add a project property to the controller class itself. We'll then use a querystring parameter in our URLs to indicate the project identifier. Our pre-action filter will check to see if the existing project attribute is null. If so, it will use the querystring parameter to attempt to select the project based on the Primary Key identifier. If successful, the action will execute, and if it fails an exception will be thrown. Here is the code that is required in the IssueController class to perform all of this: class IssueController extends CController { .... /** * @var private property containing the associated Project model instance. */ private $_project = null; /** * Protected method to load the associated Project model class * @project_id the primary identifier of the associated Project * @return object the Project data model based on the primary key */ protected function loadProject($project_id) { //if the project property is null, create it based on input id if($this->_project===null) { $this->_project=Project::model()->findbyPk($project_id); if($this->_project===null) { throw new CHttpException(404,'The requested project does not exist.'); } Iteration 3: Adding tasks [ 116 ] } return $this->_project; } /** * In-class defined filter method, configured for use in the above filters() method * It is called before the actionCreate() action method is run in order to ensure a proper project context */ public function filterProjectContext($filterChain) { //set the project identifier based on either the GET or POST input //request variables, since we allow both types for our actions $projectId = null; if(isset($_GET['pid'])) $projectId = $_GET['pid']; else if(isset($_POST['pid'])) $projectId = $_POST['pid']; $this->loadProject($projectId); //complete the running of other filters and execute the requested action $filterChain->run(); } ... } With this in place, now attempt to create a new issue by clicking the Create Issue link from the issue listing page at this URL, http://hostname/tasctrak/index. php?r=issue/list You should be met with an Error 404 error message which also displays the error text we specified previously, The requested project does not exist. This is good. It shows we have properly implemented the code to prevent a new issue from being created when no project has been identified. The quickest way to get past this error is to simply add a pid querystring parameter to the URL used for creating new issues. Let's do that so we can supply the filter with a valid project identifier, and proceed to the form to create a new issue. Chapter 6 [ 117 ] Adding the project ID Back in Chapter 5, we added several new projects to the application as we were testing and implementing the CRUD operations on Projects. So, it is likely that you still have a valid project in your development database. If not, simply use the application to create a new project again. Once complete, take note of the project ID created, as we need to add this ID to the new issue URL. The link we need to alter is in the view file for the issue listing page: /protected/ views/issue/index.php. At the top of that file you will see the create new link specified in the menu as shown in the following highlighted code: $this->menu=array( array('label'=>'Create Issue', 'url'=>array('create')), array('label'=>'Manage Issue', 'url'=>array('admin')), ); To add a querystring parameter to this link, we simply append a name=>value pair in the array defined for the url. The code we added for the filter is expecting the querystring parameter to be pid (for project ID). Also, as we are using the first (project ID = 1) project for this example, we alter the Create Issue link as follows: array('label'=>'Create Issue', 'url'=>array('create', 'pid'=>1)), Now when you view the issue listing page, you will see that the Create Issue hyperlink opens a URL with a querystring parameter appended to the end: http://localhost/trackstar/index.php?r=issue/create&pid=1 This querystring parameter allows the filter to properly set the project context. So, this time when you click the link, rather than getting the 404 error, the create new issue form will be displayed. Altering the project details page Adding the project ID to the URL for the create new issue link was a good first step to ensure our filter was working as expected. However, now we have hard-coded the link to always associate a new issue with the project ID '=' 1. Of course, this is not what we want. What we want to do is to have the menu option for creating a new issue be a part of the project details page. This way, once you have chosen a project from the project listing page, the specific project context will be known, and we can dynamically append that project ID to the create new issue link. Let's make that change. Iteration 3: Adding tasks [ 118 ] Open up the project details view, /protected/views/project/view.php. At the top of this file, you will notice the menu items contained within the $this->menu array. We need to add another create a new issue link to the end of this list of defined menu links: $this->menu=array( array('label'=>'List Project', 'url'=>array('index')), array('label'=>'Create Project', 'url'=>array('create')), array('label'=>'Update Project', 'url'=>array('update', 'id'=>$model->id)), array('label'=>'Delete Project', 'url'=>'#', 'linkOptions'=>array('s ubmit'=>array('delete','id'=>$model->id),'confirm'=>'Are you sure you want to delete this item?')), array('label'=>'Manage Project', 'url'=>array('admin')), array('label'=>'Create Issue', 'url'=>array('issue/create', 'pid'=>$model->id)), ); What we have done is moved the menu option to create a new issue to the page that lists the details for a specific project. We used a link similar to the one before, but this time we had to specify the full controllerId/actionId pair (issue/create). Also, rather than hardcode the project ID to be 1, we have used the $model variable within the view file, which is the AR class for the specific project. This way, regardless of the project we choose, this variable will always reflect the correct project id attribute for that project. Removing the project input form field Now that we have the project context properly set when creating a new issue, we can remove the Project field as a user input form field. However, we do still need the project ID to be submitted with the form. As we know the project ID before we render this input form, we can set the project model attribute in the create action. This way, the $model instance that is passed to the view file will already have the proper project ID set. First, let's alter the IssueController::actionCreate() method to set the project_id property of the Issue model instance just after it is created: public function actionCreate() { $model=new Issue; $model->project_id = $this->_project->id; ... } Chapter 6 [ 119 ] Now the project_id property is set and will be available in the form file. Open up the view file for the new issue form, /protected/views/issue/_form. php. Remove the following lines that are associated with the Project input field: labelEx($model,'project_id'); ?> textField($model,'project_id'); ?> error($model,'project_id'); ?>
Replace them with a hidden field: hiddenField($model,'project_id'); ?>
Now when we submit the form, the project_id attribute will be correctly set. Even though we don't have our Owner and Requester drop-down menu set yet, we can submit the form and a new issue will be created with the proper project ID set. Returning back to the owner and requester dropdowns Finally, we can turn back to what we set out to do, which is to change the Owner and Requester fields to be dropdown choices of valid members of that project. In order to do this properly, we need to associate some users with a project. As user management is the focus of Chapter 7 and Chapter 8, we will do this quickly by adding the association directly to the database via SQL. We already added two new test users as part of our seed data in our earlier DDL statements. As a reminder, that insert statement was as follows: INSERT INTO 'tbl_user' ('email', 'username', 'password') VALUES ('test1@notanaddress.com','Test_User_One', MD5('test1')), ('test2@notanaddress.com','Test_User_Two', MD5('test2')) ; This created two new users in our system with ID's 1 and 2. Let's manually assign these two users to Project #1. Iteration 3: Adding tasks [ 120 ] To do so, run the following insert statement against your trackstar_dev and trackstar_test databases: INSERT INTO 'tbl_project_user_assignment' ('project_id', 'user_id') VALUES (1,1), (1,2); After running the preceding SQL, we have two valid members assigned to Project #1. One of the wonderful features of relational Active Record within Yii, is the ability to access valid members of a project to which an issue belongs directly from the issue $model instance itself. When we used the Gii tool to initially create our issue model class, it was smart enough to look at the underlying database and build in the relevant relationships. This can be seen in the relations() method within /protected/models/Issue.php. As we created this class after adding the appropriate relationships to the database, the method should look similar to this: /** * @return array relational rules. */ public function relations() { // NOTE: you may need to adjust the relation name and the related // class name for the relations automatically generated below. return array( 'owner' => array(self::BELONGS_TO, 'User', 'owner_id'), 'project' => array(self::BELONGS_TO, 'Project', 'project_id'), 'requester' => array(self::BELONGS_TO, 'User', 'requester_id'), ); } As the NOTE suggests, you may have slightly different attributed names and may want to adjust them as needed. This array configuration defines properties on the model instance that are themselves other AR instances. With these relations in place, we can access the related AR instances incredibly easily. For example, say we want to access the Project model class to which an issue is associated. We can do so by using the following syntax: //create the model instance by primary key: $model = Issue::model()->findbyPk(1); //access the associated Project AR instance $project = $model->project; Chapter 6 [ 121 ] Now, because we created our Project model class prior to having other tables and relationships defined in our database, there are no relations defined yet. However, now that we have some relationships defined, we need to add these to the Project::relations() method. Open the Project AR class in /protected/models/ Project.php, and replace the entire relations() method with the following: /** * @return array relational rules. */ public function relations() { // NOTE: you may need to adjust the relation name and the related // class name for the relations automatically generated below. return array( 'issues' => array(self::HAS_MANY, 'Issue', 'project_id'), 'users' => array(self::MANY_MANY, 'User', 'tbl_project_ user_assignment(project_id, user_id)'), ); } With these in place, we can easily access all of the issues and/or users associated with a project with incredibly easy syntax as follows: //create the Project model instance by primary key: $model = Project::model()->findbyPk(1); //get an array of all associated Issue AR instances $allIssues = $model->issues; //get an array of all associated User AR instance $allUsers = $model->users; //get the User AR instance representing the owner of //the first issue associated with this project $ownerOfFirstIssue = $model->issues[0]->owner; Normally we would have to write complicated SQL join statements to access such related data. Using relational AR in Yii saves us from this complexity and tedium. We can now access these relationships in a very elegant and concise object oriented manner. Iteration 3: Adding tasks [ 122 ] Generating the data to populate the drop-down menu Now, there are a couple of ways by which we could use this data to populate our needed dropdowns for the Requester and Owner fields. We'll follow a similar approach as we did for the Status and Type drop-down data, and place the logic inside a model class. In this case, the Project AR class makes the most sense, as valid users are associated with a project, and not with an issue. As we are going to add a new public method to the Project AR class, we can once again use our TDD approach. So, let's quickly write a test that fails. Once again, remember that we have now setup a trackstar_test database against which to test. If you are following along, please ensure this database schema is in sync with the trackstar_dev database. Open the /protected/tests/unit/ProjectTest.php file and add the following test: public function testGetUserOptions() { $project = $this->projects('project1'); $options = $project->userOptions; $this->assertTrue(is_array($options)); } Now run the test. >>phpunit unit/ProjectTest.php PHPUnit 3.3.17 by Sebastian Bergmann. ....E Time: 0 seconds There was 1 error: 1) ProjectTest::testGetUserOptions CException: Property "Project.userOptions" is not defined.... FAILURES! Tests: 5, Assertions: 10, Errors: 1. Chapter 6 [ 123 ] Okay, we have a test that fails. It is failing for obvious reasons, as we are testing a method in the Project AR class that does not yet exist. So let's add it. Open up the file /protected/models/Project.php, and add the following method to the bottom of the class: /** * @return array of valid users for this project, indexed by user IDs */ public function getUserOptions() { $usersArray = array(); return $usersArray; } If we run our tests again, we see we are back in the "green". However, we only have a method that returns an empty array. What we need is a valid user array that can be used to populate the form dropdowns. Let's get our test back in the "red" by testing to ensure the count of the returned array is > 0. Alter the test method to be: public function testGetUserOptions() { $project = $this->projects('project1'); $options = $project->userOptions; $this->assertTrue(is_array($options)); $this->assertTrue(count($options) > 0); } Running the test again should now result in the following error: There was 1 failure: 1) ProjectTest::testGetUserOptions Failed asserting that labelEx($model,'create_time'); ?> textField($model,'create_time'); ?> error($model,'create_time'); ?>
labelEx($model,'create_user_id'); ?> textField($model,'create_user_id'); ?> error($model,'create_user_id'); ?>
labelEx($model,'update_time'); ?> textField($model,'update_time'); ?> error($model,'update_time'); ?>
labelEx($model,'update_user_id'); ?> textField($model,'update_user_id'); ?> error($model,'update_user_id'); ?>
Iteration 3: Adding tasks [ 128 ] The following screenshot shows what our new issue creation form now looks like with all of these changes: Finishing the rest of the CRUD The goal of this iteration is to implement all the CRUD operations for issues. We have finalized the create functionality, but we still need to complete the read, update and delete of issues. Luckily, most of the foundation has already been laid by using the Gii CRUD generation functionality. However, as we want to manage issues all within the context of a project, we need to make some adjustments to how you access this functionality. Chapter 6 [ 129 ] Listing the issues Even though there is the actionIndex() method in the IssueController class that displays a list of all issues in the database, we don't have a need for this functionality as it is currently coded. Rather than a separate standalone page that lists all the issues in the database, we want to only list the issues that are associated with a specific project. So, we'll alter the application to display the listing of issues as part of the project details page. As we are taking advantage of the relational AR model in Yii, it will be a snap to make this change. Altering the ProjectController First, let's alter the actionView() method in the ProjectController class. As we want to display a list of the issues associated with a specific project, we can do this on the same page as the project details page. The method actionView() is the method that displays the project details. Alter that method to be: /** * Displays a particular model. */ public function actionView() { $issueDataProvider=new CActiveDataProvider('Issue', array( 'criteria'=>array( 'condition'=>'project_id=:projectId', 'params'=>array(':projectId'=>$this->loadModel()->id), ), 'pagination'=>array( 'pageSize'=>1, ), )); $this->render('view',array( 'model'=>$this->loadModel(), 'issueDataProvider'=>$issueDataProvider, )); } Iteration 3: Adding tasks [ 130 ] Here we are using the CActiveDataProvider framework class to provide data in terms of ActiveRecord objects. It will use the associated AR model class to retrieve data from the database in a manner that can be used very easily with the Zii widget CListView to display items in a list rendered in a manner specified in a view file. We have used the criteria property to specify the condition that it should only retrieve issues associated with the project being displayed. We also used the pagination property to limit the issue list to just one issue per page. We set this very low so we can quickly demonstrate the paging features by just adding two issues. We'll demonstrate this soon. The last thing we did was add this data provider to the array defined in the render() to make it available to the view file in a $issueDataProvider variable. Altering the project view file We'll use the Zii widget CListView to display our list of issues on the project details page. Open up /protected/views/project/view.php, and add this to the bottom of that file: Project Issues
widget('zii.widgets.CListView', array( 'dataProvider'=>$issueDataProvider, 'itemView'=>'/issue/_view', )); ?> Here we are setting the dataProvider property of CListView to be our issue data provider we created above. And then we are configuring it to use the protected/ views/issue/_view.php file as a template for rendering each item in the data provider. This file was already created for us by the Gii tool when we generated our CRUD for issues. We are just using it here to display issues on the project details page. We need to also make a couple of changes to the /protected/views/issue/_view. php file that we specified as a layout template for each issue. Alter the entire contents of that file to be the following: getAttributeLabel('name')); ?>: name), array('issue/ view', 'id'=>$data->id)); ?>
Chapter 6 [ 131 ] getAttributeLabel('descripti on')); ?>: description); ?>
getAttributeLabel('type_ id')); ?>: type_id); ?>
getAttributeLabel('status_ id')); ?: status_id); ?>
Now if we save and view our results by looking at the project details page for Project # 1 (http://localhost/tasctrak/index.php?r=project/view&id=1), and assuming you have created a couple of test issues under that project, you should see a page like the one in the following screen: Iteration 3: Adding tasks [ 132 ] As we set the pagination property of our data provider very low (remember we set it to just 1), we can add one more issue to demonstrate the built-in paging functionality. Adding one more issue changes the display of issues to have links that allow us to go from page to page within our Project Issues listing, as depicted in the following screenshot: Making some final tweaks We now have a list of our issues associated with a project that are displayed from within the project details page. We also have the ability to view the details of an issue "R"ead, as well as links to "U"pdate and "D"elete issues. So, for the most part our CRUD operations are in place. However, there are still a few items that need to be addressed before we can close out this iteration. One thing we notice is that the issues display list is showing numeric ID numbers for the Type, Status, Owner and Requester fields. We should change this so that the text values for those are displayed instead. Also, as issues are under a specific project already, it is a bit redundant to have the project ID displayed as part of the issue list data. So, we can remove that. Finally, we need to address some of the navigational links that are displayed on the various other issue related forms to ensure we are always returning to this project details page as the starting place for all of our issue management. We'll tackle these one at a time. Getting the status and type text to display Previously we added public methods to the Issue AR class to retrieve the Status and Type options to populate our dropdowns on the issue creation form. We need to add similar methods on this AR class to return the text for the specific identifier for display on our issues listing. Chapter 6 [ 133 ] As these will be public methods on the issue AR class, we should implement it using our TDD approach. To speed things up a bit, we'll do both of these at the same time. Also, as we get a hang of TDD a little bit, we'll start to take bigger steps. We can always return to a more granular approach. First we need to add some fixture data to ensure we have a couple of issues associated with a project. We also need to make sure our issue tests are using the project fixture data as well as issues belong to projects. First, add a new fixtures data file for issues, /protected/tests/fixtures/tbl_ issue.php and add to it the following content: array( 'name' => 'Test Bug 1', 'description' => 'This is test bug for project 1', 'project_id' => 1, 'type_id' => 0, 'status_id' => 1, 'owner_id' => 1, 'requester_id' => 2, 'create_time' => '', 'create_user_id' => '', 'update_time' => '', 'update_user_id' => '', ), 'issueFeature'=>array( 'name' => 'Test Bug 2', 'description' => 'This is test bug for project 2', 'project_id' => 2, 'type_id' => 1, 'status_id' => 0, 'owner_id' => 2, 'requester_id' => 1, 'create_time' => '', 'create_user_id' => '', 'update_time' => '', 'update_user_id' => '', ), ); Iteration 3: Adding tasks [ 134 ] Now we need to configure our IssueTest class to use some fixture data. Add the following fixtures array at the top of the issue test class: public $fixtures=array( 'projects'=>'Project', 'issues'=>'Issue', ); With our fixture data in place, we can add two new tests to the IssueTest unit test class for testing the status and type text: public function testGetStatusText() { $this->assertTrue('Started' == $this->issues('issueBug')- >getStatusText()); } And also this test: public function testGetTypeText() { $this->assertTrue('Bug' == $this->issues('issueBug')- >getTypeText()); } Now if we run the test, we should get a failure due to the fact that we have not yet added these public methods to our AR class: >>phpunit unit/IssueTest.php PHPUnit 3.4.12 by Sebastian Bergmann. ..EE Time: 2 seconds, Memory: 12.25Mb There were 2 errors: 1) IssueTest::testGetStatusText Exception: Unknown method 'issues' for class 'IssueTest'. … 2) IssueTest::testGetTypeText Exception: Unknown method 'issues' for class 'IssueTest'. … FAILURES! Tests: 4, Assertions: 10, Errors: 2. Chapter 6 [ 135 ] So, we've got our failing test, let's add the necessary code to our /protected/ models/Issue.php file to get them to pass. Add the following two new public methods to the Issue class to retrieve the status and type text for the current issue: /** * @return string the status text display for the current issue */ public function getStatusText() { $statusOptions=$this->statusOptions; return isset($statusOptions[$this->status_id]) ? $statusOptions[$this->status_id] : "unknown status ({$this->status_ id})"; } /** * @return string the type text display for the current issue */ public function getTypeText() { $typeOptions=$this->typeOptions; return isset($typeOptions[$this->type_id]) ? $typeOptions[$this- >type_id] : "unknown type ({$this->type_id})"; } Now let's run our tests again: >>phpunit unit/IssueTest.php .... Time: 1 second, Memory: 12.25Mb OK (4 tests, 12 assertions) We have both tests passing and back in the 'green'. Iteration 3: Adding tasks [ 136 ] Adding the text display to the form Now we have our two new public methods that will return the valid status and type text for our listing to display, we need to make use of them. Alter the following lines of code in /protected/views/issue/_view.php: Change the following command: type_id); ?> to: getTypeText()); ?> and change this command: status_id); ?> to this: getStatusText()); ?> After these changes, our Issues listing page, http://localhost/trackstar/index. php?r=issue no longer displays integer values for our issue Type and Status fields. It now looks like what is displayed in the following screenshot: As we are using the same view file to display our Issues listing on our project detail pages, these changes are reflected there as well. Chapter 6 [ 137 ] Changing the issue detail view We also need to make these and a few other changes to the detailed view of the Issue. Currently, if we view the Issue details, it should look like the following screenshot: This is using a view file we have not altered at all as of yet. It is still displaying the project ID, which we don't need to display, as well as the type and status as integer values, rather than their associated text values. Opening the view file used to render this display, /protected/views/issue/view.php, we notice that it is using the Zii extension widget, CDetailView, which we have not seen before. This is similar to the CListView widget used to display the listing, but is used to display the details of a single data model instance (or associative array), rather than for displaying a list view of many. The relevant code from this file showing the use of this widget is as follows: widget('zii.widgets.CDetailView', array( 'data'=>$model, 'attributes'=>array( 'id', 'name', 'description', 'project_id', 'type_id', 'status_id', 'owner_id', 'requester_id', Iteration 3: Adding tasks [ 138 ] 'create_time', 'create_user_id', 'update_time', 'update_user_id', ), )); ?> Here we are setting the data model of the CDetailView widget to be the Issue model class and then setting a list of attributes of the model to be displayed in the rendered detail view. An attribute can be specified as a string in the format of Name:Type:Label, of which both Type and Label are optional, or as an array itself. Here, just the name of the attributes are specified. If we specify an attribute as an array, we can customize the display further by declaring a value element. We will take this approach in order to specify the model class methods getTypeText() and getStatusText() be used as the values for the Type and Status fields respectively. Let's change this use of CDetailView to use the following configuration: widget('zii.widgets.CDetailView', array( 'data'=>$model, 'attributes'=>array( 'id', 'name', 'description', array( 'name'=>'type_id', 'value'=>CHtml::encode($model->getTypeText()) ), array( 'name'=>'status_id', 'value'=>CHtml::encode($model->getStatusText()) ), 'owner_id', 'requester_id', ), )); ?> Here we have removed a few attributes from displaying at all. The project_id, create_time, update_time, create_user_id, and update_user_id. We will handle the population and display of some of these later, but for now we can just remove them from the detail display. Chapter 6 [ 139 ] We also changed the declaration of the type_id and status_id attributes to use an array specification so that we could use the value element. We have specified that the corresponding Issue::getTypeText() and Issue::getStatusText() methods be used for getting the values of these attributes. With these changes in place, the Issue details page looks like the following: Okay, we are getting much closer to what we want, but there are still a couple of changes we need to make. Getting the owner and requester names to display Things are looking better, but we still see integer identifiers displaying for the owner and requester, rather than the actual user names. We'll take a similar approach to what we did for the type and status text displays. We'll add two new public methods on the Issue model class to return the names of these two properties. Using relational AR As the issues and users are represented as separate database tables and related through a foreign key relationship, we an actually access the owner and requester username directly from $model in the view file. Utilizing the power of Yii's relational AR model features, displaying the username attribute of the related User model class instance is a snap. Iteration 3: Adding tasks [ 140 ] As we have mentioned, the model class Issue::relations() method is where the relationships are defined. If we take a peek at this method, we see the following: /** * @return array relational rules. */ public function relations() { // NOTE: you may need to adjust the relation name and the related // class name for the relations automatically generated below. return array( 'owner' => array(self::BELONGS_TO, 'User', 'owner_id'), 'project' => array(self::BELONGS_TO, 'Project', 'project_ id'), 'requester' => array(self::BELONGS_TO, 'User', 'requester_ id'), ); } The highlighted code is what is most relevant for our needs. There are both owner and requester attributes defined as relations to the User model class. These definitions specify that the values of these attributes are User model class instances. The owner_id and the requester_id specify the unique Primary key of their respective User class instances. So, we can access these just as we do for other attributes of the Issue model class. So, to display the username of the owner and requester User class instances, we once again change our CDetailView configuration to be: widget('zii.widgets.CDetailView', array( 'data'=>$model, 'attributes'=>array( 'id', 'name', 'description', array( 'name'=>'type_id', 'value'=>CHtml::encode($model->getTypeText()) ), array( 'name'=>'status_id', 'value'=>CHtml::encode($model->getStatusText()) ), array( Chapter 6 [ 141 ] 'name'=>'owner_id', 'value'=>CHtml::encode($model->owner->username) ), array( 'name'=>'requester_id', 'value'=>CHtml::encode($model->requester->username) ), ), )); ?> After making these changes, our Issues detail listing is starting to look pretty good. The following figure shows the progress thus far: Making some final navigation tweaks We are very close to completing the functionality we set out to implement within this iteration. The only thing left is to clean up our navigation just a little. You may have noticed that there are still some options available that allow the user to navigate to an entire listing of issues, or to create a new issue, outside of a project context. For the purposes of the TrackStar application, everything we do with issues should be within the context of a specific project. Earlier, we enforced this project context for creating a new issue (which is a good start), but we still need to make a few changes. One thing that we notice is that the application still allows the user to navigate to a listing of all issues, across all projects. For example, on an Issue detail page, like http://localhost/trackstar/index.php?r=issue/view&id=1, we see in the right column menu navigation there are the links List Issue and Manage Issue, corresponding to http://localhost/trackstar/index.php?r=issue/ index and http://localhost/trackstar/index.php?r=issue/admin respectively (remember that to access the admin page, you have to be logged in as admin/ admin). These still display all issues, across all projects. So, we need to limit this list to a specific project. Iteration 3: Adding tasks [ 142 ] As these links originate from the Issue details page, and that specific issue has an associated project, we can first alter the links to pass in a specific project ID, and thehe uof that project ID as both the IssueController::actionIndex, and IssueController::actionAdmin() methods. First let's alter the links. Open up /protected/views/issue/view.php file and locate the array of menu items at the top of the file. Change the menu configuration to be: $this->menu=array( array('label'=>'List Issue', 'url'=>array('index', 'pid'=>$model- >project->id)), array('label'=>'Create Issue', 'url'=>array('create', 'pid'=>$model->project->id)), array('label'=>'Update Issue', 'url'=>array('update', 'id'=>$model- >id)), array('label'=>'Delete Issue', 'url'=>'#', 'linkOptions'=>array('s ubmit'=>array('delete','id'=>$model->id),'confirm'=>'Are you sure you want to delete this item?')), array('label'=>'Manage Issue', 'url'=>array('admin', 'pid'=>$model- >project->id)), ); The changes made are highlighted. We have added a new querystring parameter to the new Create Issue link, as well as to the Issue listing page and the issue admin listing page. We already knew we had to make this change for the Create link, as we have previously implemented a filter to enforce a valid project conssue. We won't have to make any further changes relative to this link. But for the index and admin links, we will need to alter their corresponding action methods to make use of this new querystring variable. As we have already configured a filter to load the associated project using the querysting variable, let's take advantage of this. We'll need to change the filter configuration so that our filter method is called prior to execution of both the IssueController::actionIndex() and IssueController::actionAdmin() methods. Change the filters method as shown: public function filters() { return array( 'accessControl', // perform access control for CRUD operations 'projectContext + create index admin', //perform a check to ensure valid project context ); } Chapter 6 [ 143 ] With this in place, the associated project will be loaded and available for use. Let's use it in our IssueController::actionIndex() method. Alter that method to be: public function actionIndex() { $dataProvider=new CActiveDataProvider('Issue', array( 'criteria'=>array( 'condition'=>'project_id=:projectId', 'params'=>array(':projectId'=>$this->_project->id), ), )); $this->render('index',array( 'dataProvider'=>$dataProvider, )); } Here, as we have done before, we are simply adding a condition to the creation of the model data provider to only retrieve issues associated with the project. This will limit the list of issues to just the ones under the project. We need to make the same change to the admin listing page. However, this view file, /protected/views/issue/admin.php is using the results of the model class Issue::search() method to provide the listing of issues. So, we actually need to make two changes to enforce the project context with this listing. First, we need to alter the IssueController::actionAdmin() method to set the correct project_id attribute on the model instance it is sending to the view. The following highlighted code shows this change: public function actionAdmin() { $model=new Issue('search'); if(isset($_GET['Issue'])) $model->attributes=$_GET['Issue']; $model->project_id = $this->_project->id; $this->render('admin',array( 'model'=>$model, )); } Iteration 3: Adding tasks [ 144 ] Then we need to add to our criteria in the Issue::search() model class method. The following highlighted code identifies the change we need to make to this method: public function search() { // Warning: Please modify the following code to remove attributes that // should not be searched. $criteria=new CDbCriteria; $criteria->compare('id',$this->id); $criteria->compare('name',$this->name,true); $criteria->compare('description',$this->description,true); $criteria->compare('type_id',$this->type_id); $criteria->compare('status_id',$this->status_id); $criteria->compare('owner_id',$this->owner_id); $criteria->compare('requester_id',$this->requester_id); $criteria->compare('create_time',$this->create_time,true); $criteria->compare('create_user_id',$this->create_user_id); $criteria->compare('update_time',$this->update_time,true); $criteria->compare('update_user_id',$this->update_user_id); $criteria->condition='project_id=:projectID'; $criteria->params=array(':projectID'=>$this->project_id); return new CActiveDataProvider(get_class($this), array( 'criteria'=>$criteria, )); } With these changes in place, the issues listed on the admin page are now restricted to be only those associated with the specific project. Chapter 6 [ 145 ] There are several places throughout the view files under /protected/ views/issues/ that contain links that require a pid querystring to be added in order to work properly. We leave it as an exercise to the reader to make the appropriate changes following the same approach as provided in these examples. As we proceed with our application's development, we'll assume all links to create a new issue or to display a list of issues are properly formatted to contain the appropriate pid querystring parameter. Summary We were able to cover a lot of different topics in this iteration. Based on the relationship between issues, projects, and users within our application, the implementation of our issue management functionality was significantly more complicated than our project entity management we worked on in the previous iteration. Fortunately, Yii was able to come to our rescue many times to alleviate the pain of having to write all of the code needed to address this complexity. Specifically, we covered: • Using the Gii code generator tool for Active Record model creation as well as for the initial implementation of all basic CRUD operations against the Issue entity • Designing and building database tables with explicit relationships • Using relational Active Record • Adding drop-down menu input type form elements • Controller filters We have made a lot of progress on our basic application thus far, and have done so without having to write a lot of code. The Yii Framework itself has done most of the heavy lifting. We now have a working application that allows us to manage projects and also manage issues within those projects. This is the heart of what our application is trying to achieve. We should feel proud of the accomplishments thus far. However, we still have a long way to go before this application is truly ready for production use. A major missing piece is all of the needed functionality around user management. This is going to be the focus of the next two iterations. Iteration 4: User Management and Authentication We have made a lot of progress in a short amount of time. The basic functionality foundations for our TrackStar application have been laid. We now have the ability to manage projects and issues within projects, and this is the primary purpose of this application. Of course, there is still much left to do. Back in Chapter 3, when we were introducing this application, we described it as a user-based application that allows for the creation of user accounts, and grants access to the application features once a user has been authenticated and authorized. In order for this application to be useful to more than one person we need to add the ability to manage users within projects. This is going to be the focus of the next two iterations. Iteration planning When we used the yiic command line tool to initially create our TrackStar application, we noticed that basic login functionality was automatically created for us. The login page allows for two username/password credential combinations, demo/demo and admin/admin. You may recall that we had to log in to the application in order to perform some of our CRUD operations on our project and issue entities. This basic authentication skeleton code does provide a good start, but we need to make a few changes in order to support any number of users. We also need to add user CRUD functionality to the application to allow us to manage these multiple users. This iteration is going to focus on extending the authentication model to use the User table and add the needed functionality to allow for basic user data management. Iteration 4: User Management and Authentication [ 148 ] In order to achieve the above outlined goals, we should identify all the more granular items we will work on within this iteration. The following list identifies these items: • Create the controller classes that will house the functionality to allow us to: °° Create new users °° Fetch a list of existing users from the database °° Update/edit existing users °° Delete existing users • Create the view files and presentation tier logic that will: °° Display the form to allow for new project creation °° Display a listing of all the existing projects °° Display the form to allow for a user to edit an existing project °° Add a delete button to the project listing to allow for project deletion • Make adjustments to the create new user form so that it can be used by external users as a self-registration process • Alter the authentication process to use the database to validate the login credentials Running the test suite It's always best to run our test suite before we start adding new functionality. With each iteration, as we add to our application functionality, we add to our test suite. As our test suite grows, so does our application's ability to provide us feedback on its general health. Making sure everything is still working as expected will boost our confidence as we begin making changes. From the tests folder, /protected/tests/, run all unit tests as once: % phpunit unit/ PHPUnit 3.4.12 by Sebastian Bergmann. .......... Time: 0 seconds OK (10 tests, 26 assertions) Everything looks good, so let's dive in to this iteration. Chapter 7 [ 149 ] Creating our User CRUD As we are building a user-based web application, we must have the means to add and manage users. We added a tbl_user table to our database model in Chapter 6. You may recall that we left it as an exercise for the reader to create the associated AR model class. If you are following along and did not create the needed user model class, you will need to do so now. As a brief reminder on using the Gii code creation tool to create the model class. Navigate to the Gii tool via http://localhost/trackstar/ index.php?r=gii and choose the Model Generator link. Leave the table prefix as tbl. Fill in the Table Name field as tbl_user, which will auto-populate the Model Class name field as User. Once the form is filled out, click the Preview button to get a link to a popup that will show you all of the code about to be generated. Then click the Generate button to actually create the new User.php model class file in the /protected/models/ directory With the User AR class in place, creating the CRUD scaffolding is a snap. As we have done previously, we will once again we lean on the Gii code generation tool for this. As a reminder, here are the necessary steps: 1. Navigate to the tool via http://localhost/trackstar/index.php?r=gii. 2. Choose the Crud Generator link from the list of available generators. 3. Type in User for the Model Class name field. The corresponding Controller ID will auto-populate with user. 4. You will then be presented with options to preview each file prior to generating. When satisfied, click the Generate button, which will generate all of the associated CRUD files in their proper locations. With this in place, we can view our user listing page at http://localhost/ trackstar/index.php?r=user. In the previous iteration, we manually created a couple of users in our system, so that we could properly handle the relationships between projects, issues and users. So, we should see a couple of users listed on this page. Iteration 4: User Management and Authentication [ 150 ] The following screenshot shows how this page is displaying for us: We can also view the new Create User form by visiting http://localhost/ tasctrak/index.php?r=user/create. If you are not currently logged in, you will be routed to the login page before being able to view the form. So you might have to log in using demo/demo or admin/admin to view this form. Having created and used our CRUD operation functionality first on our project entity, and then again with Issues, we are very familiar at this point with how these features are initially implemented by the Gii code generation tool. The input forms provided for creating and updating are a great start, but often need some adjusting to meet the specific application requirements. The form generated for creating a new user is no exception. It has an input form field for every single column that has been defined in the tbl_user table. We don't want to expose all of these fields for user input. The columns for last login time, creation time and user, and update time and user should all be set programmatically after the form is submitted. Updating our common audit history columns Back in Chapters 5 and 6, when we introduced our Project and Issue CRUD functionality, we also noticed that our forms had more input fields than they should. As we have defined all of our database tables to have the same creation and update time and user columns, every one of our auto-created input forms has these fields exposed. We completely ignored these fields when dealing with the project creation form back in Chapter 5. Then, with the new issue creation form in Chapter 6, we removed the fields from in the form, but we never added the logic to properly set these values when a new row is added. Chapter 7 [ 151 ] Let's take a minute to add this logic. As all of our entity tables—tbl_project, tbl_issue, and tbl_user—have the same columns defined, we will add the required logic to a common base class and then have each of the individual AR classes extend from this new base class. As you might have guessed, we'll write a test first before we start adding in the needed application code. We already have a test in place ProjectTest::testCreate(), in tests/unit/ProjectTest.php, for testing the creation of a new project. We'll alter this existing test method to test our new process of updating our common audit history columns. The first thing we need to change in our ProjectTest::testCreate() method is to remove the explicit setting of these columns when we call the setAttributes() method for the newly created project: $newProject->setAttributes(array( 'name' => $newProjectName, 'description' => 'This is a test for new project creation', // - remove - 'createTime' => '2009-09-09 00:00:00', // - remove - 'createUser' => '1', // - remove - 'updateTime' => '2009-09-09 00:00:00', // - remove - 'updateUser' => '1', )); Now we need to add in the explicit setting of the user ID and remove the false parameter sent when saving the Active Record, as we now want the validation to be triggered. The reason we want to trigger the AR validation is because we are going to tap into the validation workflow in order to update these fields. The code below shows the entire method with the new changes highlighted: public function testCreate() { //CREATE a new Project $newProject=new Project; $newProjectName = 'Test Project Creation'; $newProject->setAttributes(array( 'name' => $newProjectName, 'description' => 'This is a test for new project creation', )); //set the application user id to the first user in our users fixture data Yii::app()->user->setId($this->users('user1')->id); //save the new project, triggering attribute validation $this->assertTrue($newProject->save()); Iteration 4: User Management and Authentication [ 152 ] //READ back the newly created Project to ensure the creation worked $retrievedProject=Project::model()->findByPk($newProject->id); $this->assertTrue($retrievedProject instanceof Project); $this->assertEquals($newProjectName,$retrievedProject->name); //ensure the user associated with creating the new project is the same as the applicaiton user we set //when saving the project $this->assertEquals(Yii::app()->user->id, $retrievedProject- >create_user_id); } The new assertion added is testing that the create_user_id column of the Project was properly updated with the current application's user ID. This should be enough to confirm that our approach is working. If you now run this test from the command line, you should see the test fail, which is what we expect. The test fails because we have yet to add in the logic required to set this field. Now let's get this test to pass. We are going to create a new class to house the logic needed to update our common audit history fields. This class is going to be a base class from which all our application AR classes can extend. The reason we are creating this new class, rather than just adding the logic directly to our Project model class, is because our other model classes, Issue and User, also need this logic. Rather than duplicate the code in every AR model class, this approach will allow us to properly set these fields for every AR model class in just one place. We will also make this new class abstract, as it should not be instantiated directly. We need to manually create a new file, protected/models/ TrackStarActiveRecord.php, and add the following code:: isNewRecord) { // set the create date, last updated date and the user doing the creating $this->create_time=$this->update_time=new CDbExpression('NOW()'); Chapter 7 [ 153 ] $this->create_user_id=$this->update_user_id=Yii::app()- >user->id; } else { //not a new record, so just set the last updated time and last updated user id $this->update_time=new CDbExpression('NOW()'); $this->update_user_id=Yii::app()->user->id; } return parent::beforeValidate(); } } Here we are overriding the CActiveRecord::beforeValidate() method. This is one of the many events that CActiveRecord exposes to allow customization of its process workflow. As a quick reminder, if you do not explicitly send false as a parameter when calling the save() method on an AR class, the validation process will be triggered. This process performs the validations as specified in the rules() method within the AR class. There are two methods exposed that allow us to tap in to the validation workflow and perform any necessary logic either right before or right after the validation is performed: beforeValidate() and afterValidate(). In this case, we have decided to explicitly set our audit history fields just prior to performing the validation. You probably noticed the use of CDbExpression in the previous code to set the timestamp for both the creation and update time. Starting from version 1.0.2 of Yii, an attribute can be assigned a value of CDbExpression type before the record is saved. That database expression will then be executed to provide the value for the attribute during the saving process. Using NOW() in the previous code is specific to MySQL. This may not work if you are following along using a different database. You can always take a different approach for setting this value. For example, using the PHP time function and formatting it appropriately for the column's data type: $this->createTime=$this- >updateTime=date( 'Y-m-d H:i:s', time() ); We determine whether or not we are dealing with a new record (that is, an insert) or an existing record (that is, an update) and set our fields appropriately. We then make sure to invoke the parent implementation by returning parent::beforeValidate() to ensure it has a chance to do everything it needs to do. Iteration 4: User Management and Authentication [ 154 ] To try this out, we now need to alter each of the three existing AR classes—Project. php, User.php, and Issue.php—to extend from this new abstract class rather than directly from CActiveRecord. So, for example, rather than the following: class Project extends CActiveRecord { We need to change it to: class Project extends TrackStarActiveRecord { And similarly for our other model classes. Once you have done this for the Project model AR class, rerun the tests to ensure they pass. With this now in place, we can remove these fields from each of the forms for creating new projects, issues, and users (we already removed them from the issues form in the previous iteration). The HTML for these form fields are defined in protected/views/project/_form.php, protected/views/issue/_form.php, and protected/views/user/_form.php respectively. The lines we need to remove from each of these files are the following: Chapter 6 [ 131 ] getAttributeLabel('descripti on')); ?>: description); ?>
getAttributeLabel('type_ id')); ?>: type_id); ?>
getAttributeLabel('status_ id')); ?: status_id); ?>
labelEx($model,'create_time'); ?> textField($model,'create_time'); ?> error($model,'create_time'); ?>
labelEx($model,'create_user_id'); ?> textField($model,'create_user_id'); ?> error($model,'create_user_id'); ?>
labelEx($model,'update_time'); ?> textField($model,'update_time'); ?> error($model,'update_time'); ?>
labelEx($model,'update_user_id'); ?> textField($model,'update_user_id'); ?> error($model,'update_user_id'); ?>
Chapter 7 [ 155 ] And from the user creation form, protected/views/user/_form.php, we can also remove the last login time field: labelEx($model,'last_login_time'); ?> textField($model,'last_login_time'); ?> error($model,'last_login_time'); ?>
As we are removing these from being form inputs, we should also remove the validation rules defined for these fields in the associated rules method. These validation rules are defined to ensure the data submitted by the user is correctly formatted. As these fields are not going to be filled in by the user, we can remove the rules. In the User::rules() method, the two rules we should remove are: array('create_user_id, update_user_id', 'numerical', 'integerOnly'=>true), array('last_login_time, create_time, update_time', 'safe'), The Project and Issue AR classes have similar rules defined, but not identical. When removing those rules, be sure to leave in the rules that do still apply to the user input fields. The removal of the rule for the last_login_time attribute above was intentional. We should prevent this from being shown as a user input field as well. This field needs to be updated automatically upon a successful login. As we had the view file open and were removing the other fields, we decided to remove this one now as well. However, we will wait to add the necessary application logic until after we make a few other changes and cover a few other topics. Actually, while we still have our hands in this validation rules method for the User class, we should make another change. We want to ensure that the e-mail, as well as the username, for every user is unique. We should validate this requirement when the form is submitted. We can add these two rules by adding the following line of code to this rules() method: array('email, username', 'unique'), Iteration 4: User Management and Authentication [ 156 ] The entire User::rules() method should now look like the following: public function rules() { // NOTE: you should only define rules for those attributes that // will receive user inputs. return array( array('email', 'required'), array('email, username, password', 'length', 'max'=>256), array('email, username', 'unique'), // The following rule is used by search(). // Please remove those attributes that should not be searched. array('id, email, username, password, last_login_time, create_time, create_user_id, update_time, update_user_id', 'safe', 'on'=>'search'), ); } The unique declaration in the previous rule is an alias that refers to the Yii's built- in validator, CUniqueValidator. This validates the uniqueness of the model class attribute against the underlying database table. With the addition of this validation rule, we will receive an error when attempting to enter either an e-mail and/or username that has already been entered. When we first created our tbl_user table in Chapter 6, we added two test users, so we would have some data to play with. The first of these two users has an e-mail address of test1@notanaddress.com. Try to add another user using the same e-mail address. The following screenshot shows the error message received and the highlighting of the field in error after such an attempt: Chapter 7 [ 157 ] Adding a password confirmation field We should add a new field to force the user to confirm the password they entered. This is a standard practice on new user registration forms and helps the user avoid making a mistake when entering this important piece of information. Fortunately, Yii comes with another built-in validator, CCompareValidator, which does exactly what you think it might do. It compares the values of two attributes, and returns an error if they are not equal. In order to take advantage of this built-in validation, we need to add a new attribute to our model class. Add the following attribute to the top of the User model AR class: public $password_repeat; We named this attribute by appending _repeat to the name of the attribute we want to compare against. The compare validator will allow you to specify any two attributes to compare, or compare an attribute to a constant value. If no comparison attribute or value is specified when declaring the compare rule, it will default to looking for an attribute beginning with the same name as the one being compared with the addition of _repeat appended to the end. This is why we named the attribute in this manner. Now we can add a simple validation rule to the User::rules() method as follows: array('password', 'compare'), We want to mark all of the fields on the form as being required. Currently, our required rule is being applied to the e-mail field only. While we are making changes to this User::rules() method, let's add username and password to this list as well: array('email, username, password', 'required'), As we have explicitly added the $password_repeat attribute to the User AR class, and it is not a column in the underlying database table, we need to also tell the model class to allow this field to be set in a bulk manner when the setAttributes() method is called. We do this by explicitly adding our new attribute to the safe attributes list for our User model class. To do this, add the following to the User::rules() array: array('password_repeat', 'safe'), To explain this in a little more detail. When our form is submitted back to the UserController::actionCreate() method, it uses the following code to set the User model class attributes in a bulk manner: $model->attributes=$_POST['User']; Iteration 4: User Management and Authentication [ 158 ] What happens here is that for every key in the $_POST['User'] array that matches the name of a safe attribute in the $model class, that class attribute's value is set to the corresponding value in the array. By default, for a CActiveRecord model class, all underlying database columns, except the Primary Key, are considered safe. As our new $password_repeat is not a column of tbl_user, we need to explicitly add it to this list of safe attributes. We still need to add this password confirmation field to the form, so let's do that now. To add this new field to the HTML form, open up protected/views/user/_form. php, and add the following code block below the password field: label($model,'password_repeat'); ?> passwordField($model,'password_repeat',array('si ze'=>60,'maxlength'=>256)); ?> error($model,'password_repeat'); ?>
With all of these form changes in place, the create new user form should look as depicted in the following screen: Now, if we attempt to submit the form with different values in the Password and Password Repeat fields, we will be met with an error as shown in the following screenshot: Chapter 7 [ 159 ] Adding password encryption One last change we should make before we leave the new user creation process is to encrypt the password before we store it. It is the least we can do, from a security standpoint, to perform a one-way encryption algorithm on sensitive user information before we add it to persistent storage. We will add this logic to the User.php AR class by taking advantage of another one of CActiveRecord's methods that allow us to customize the default active record workflow. This time we'll override the afterValidate() method and apply a simple MD5 encryption to the password before we save the record. Open the User AR class and add the following to the bottom of the class: /** * perform one-way encryption on the password before we store it in the database */ protected function afterValidate() { parent::afterValidate(); $this->password = $this->encrypt($this->password); } public function encrypt($value) { return md5($value); } Iteration 4: User Management and Authentication [ 160 ] With this in place, it will encrypt the password using a simple one-way MD5 encryption just after all of the other attribute validations are performed. This approach works fine for brand new records, but for updates, it runs the risk of encrypting an already encrypted value. We could handle this a number of ways, but to keep things simple for now, we will need to ensure we ask the user to supply a valid password every time they desire to update their user data. We now have the ability to add new users to our application. As we initially created this form using the Gii tool's Crud Generator command, we also have read, update, and delete functionality for users. Try it out by adding some new users, viewing a list of those users, updating their information, and then deleting a few of the entries to ensure everything is working as expected. Remember that you will need to be logged in as admin, as opposed to demo, in order to perform the deletes. Authenticating users using the database As we know, a basic login form and user authentication process was created for us simply by using the yiic command to create our new application. This authentication scheme is very simple. It interrogates the input form username/password values, and if they are either demo/demo or admin/admin, the authentication passes, otherwise it fails. This is obviously not intended to be the long term solution, but rather a foundation on which to build. We are going to build upon this by altering the authentication process to use our user database table that we already have as part of our model. But before we start changing the default implementation, let's take a closer look at how Yii implements an authentication model. Introducing the Yii authentication model Central to the Yii authentication framework is an application component, called user, which, in the most general case, is an object implementing the IWebUser interface. The specific class used by our default implementation is the framework class, CWebUser. This user component encapsulates all the identity information for the current user of the application. This component was configured for us as part of the auto-generated application code when we initially created our application using the yiic tool. The configuration can be seen in the protected/config/main.php file, under the components array element: 'user'=>array( // enable cookie-based authentication 'allowAutoLogin'=>true, ), Chapter 7 [ 161 ] As it is configured as an application component, with the key 'user', we can access it at any place throughout our application using Yii::app()->user. We also notice that the class property, allowAutoLogin, is being set here as well. This property is false by default, but setting it to true enables user information to be stored in persistent browser cookies. This data is then used to automatically authenticate the user upon subsequent visits. This is what will allow us to have a Remember Me checkbox on the login form so that, if the user chooses, they can be automatically logged in to the application upon subsequent visits to the site. The Yii authentication framework defines a separate entity to house the actual authentication logic. This is called an identity class, and in its most general form is a class that implements the IUserIdentity interface. One of the primary roles of this class is to encapsulate the authentication logic to easily allow for different implementations. Depending on the application requirements, we may need to validate a username and password against values stored in a database, or allow users to log in with their OpenID credentials, or integrate with an existing LDAP approach. Separating the logic that is specific to the authentication approach from the rest of the application login process allows us to easily switch between such implementations. The identity class provides this separation. When we initially created our application, the identity class file protected/ components/UserIdentity.php was generated for us. It extends the Yii Framework class, CUserIdentity, which is a base class for authentication implementations that use a username and password. Let's take a closer look at the code that was generated for this class: password 'demo'=>'demo', 'admin'=>'admin', ); if(!isset($users[$this->username])) $this->errorCode=self::ERROR_USERNAME_INVALID; else if($users[$this->username]!==$this->password) $this->errorCode=self::ERROR_PASSWORD_INVALID; else $this->errorCode=self::ERROR_NONE; return !$this->errorCode; } } The bulk of the work in defining an identity class is the implementation of the authenticate() method. This is where we place the code that is specific to the authentication approach. This implementation simply uses the hard-coded username/password values of demo/demo and admin/admin. It checks these values against the username and password class properties (properties defined in the parent class, CUserIdentity) and if they don't match, it will set and return an appropriate error code. In order to better understand how these pieces fit into the entire end-to-end authentication process, let's walk through the logic starting with the login form. If we navigate to the login page: http://localhost/trackstar/index. php?r=site/login, we see a simple form allowing the input of a username, a password and an optional checkbox for the Remember Me Next Time functionality that we discussed before. Submitting this form invokes the logic contained in the SiteController::actionLogin() method. The following sequence diagram depicts the class interaction that occurs during a successful login from the moment the form is submitted. Chapter 7 [ 163 ] The process starts with setting the class attributes on the form model class, LoginForm, to the form values submitted. The LoginForm->validate() method is then called, which validates these attribute values based on the rules defined in the rules() method. This method is defined as follows: public function rules() { return array( // username and password are required array('username, password', 'required'), // rememberMe needs to be a boolean array('rememberMe', 'boolean'), // password needs to be authenticated array('password', 'authenticate'), ); } The last of these rules stipulates that the password attribute be validated using the custom method authenticate(), which is also defined in the LoginForm class as follows: /** * Authenticates the password. * This is the 'authenticate' validator as declared in rules(). */ public function authenticate($attribute,$params) { $this->_identity=new UserIdentity($this->username,$this- >password); if(!$this->_identity->authenticate()) $this->addError('password','Incorrect username or password.'); } Continuing to follow the sequence diagram, the password validation within LoginForm calls the authenticate() method within the same class. This method creates a new instance of the authentication identity class being used, in this case it is /protected/components/UserIdentity.php, and then calls its authenticate() method. This method, UserIdentity::authenticate() is as follows: /** * Authenticates the password. * This is the 'authenticate' validator as declared in rules(). */ public function authenticate($attribute,$params) { if(!$this->hasErrors()) // we only want to authenticate when no Iteration 4: User Management and Authentication [ 164 ] input errors { $identity=new UserIdentity($this->username,$this->password); $identity->authenticate(); switch($identity->errorCode) { case UserIdentity::ERROR_NONE: $duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days Yii::app()->user->login($identity,$duration); break; case UserIdentity::ERROR_USERNAME_INVALID: $this->addError('username','Username is incorrect.'); break; default: // UserIdentity::ERROR_PASSWORD_INVALID $this->addError('password','Password is incorrect.'); break; } } } This is implemented to use the username and password to perform its authentication. In this implementation, as long as the username/password combination is either demo/demo or admin/admin, this method will return true. As we are walking through a successful login, the authentication succeeds and the login() method on the user application component is called. As mentioned, by default the web application is configured to use the Yii Framework class, CWebuser as the user application component. Its login() method takes in an identity class and an optional duration parameter used to set the time to live on the browser cookie. In the above code, we see that this is set to 30 days if the Remember Me checkbox was checked when the form was submitted. If you do not pass it a duration, it is set to 0. A value of zero will result in no cookie being created. The login method takes the information contained in the identity class and saves it in persistent storage for the duration of the user session. By default, this storage is the PHP session storage. After all of this completes, the validate() method on LoginForm that was initially called by our controller class returns true, which indicates a successful login. The controller class then redirects to the URL value in Yii::app()->user->returnUrl. You can set this on certain pages throughout the application if you want to ensure the user be redirected back to their previous page, that is, wherever they were in the application before they decided (or were forced) to log in. This value defaults to the application entry URL. Chapter 7 [ 165 ] Changing the authenticate implementation Now that we understand the entire authentication process, we can easily see where we need to make the change to use our tbl_user table to validate the username and password credentials supplied in the login form. We can simply alter the authenticate() method in the user identity class to verify the existence of a matching row with the supplied username and password values. Since, at the moment, there is nothing else in our UserIdentity.php class except the authenticate method, let's completely replace the contents of this file with the following code: findByAttributes(array('username'=>$this- >username)); if($user===null) { $this->errorCode=self::ERROR_USERNAME_INVALID; } else { if($user->password!==$user->encrypt($this->password)) { $this->errorCode=self::ERROR_PASSWORD_INVALID; } else { $this->_id = $user->id; if(null===$user->last_login_time) { $lastLogin = time(); } Iteration 4: User Management and Authentication [ 166 ] else { $lastLogin = strtotime($user->last_login_time); } $this->setState('lastLoginTime', $lastLogin); $this- >errorCode=self::ERROR_NONE; } } return !$this->errorCode; } public function getId() { return $this->_id; } } There are a few things going on with this new code that should be pointed out. First, it is now attempting to retrieve a row from the tbl_user table, by way of creating a new User model AR class instance, where the username is the same as the UserIdentity class attribute value (remember that this is set to be the value from the login form). As we enforced the uniqueness of the username when creating a new user, this should find at most one matching row. If it does not find a matching row, an error message is sent to indicate that the username is incorrect. If a matching row is found, it compares the passwords. As we are encrypting our passwords, it has to use the encryption method, User::encrypt(), that we added to the User class previously. If these do not match, it sets an error message to indicate an incorrect password. If the authentication is successful, a couple other things happen before the method returns. First, we have set a new attribute on the UserIdentity class for the user ID. The default implementation in the parent class is to return the username for the ID. As we are using a database, and have numeric Primary Keys as our unique user identifier, we want to make sure this numeric ID is what is set and returned throughout the application when the user ID is requested. That is, when the code: Yii::app()->user->id is executed, we want to make sure that the unique ID from the database is returned, not the username. Extending application user attributes The second thing happening here is the setting of an attribute on the user identity to be the last login time returned from the database. The user application component, CWebUser, derives its user attributes from the explicit ID and name attributes defined in the identity class, and then from name=>value pairs set in array called the identity Chapter 7 [ 167 ] states. These are the extra user values that should be persisted throughout a user's session. As an example of this, we are setting the attribute named lastLoginTime to be the value of the last_login_time field in the database. This way, at any place in the application, this attribute can be accessed via: Yii::app()->user->lastLoginTime; As the initial user rows go into the table with null values for the last login time, there is a quick check for null so that we can store an appropriate time when the user logs in for the very first time. We have also taken the time to format the date for better readability. The reason we take a different approach when storing the last login time versus the ID is that id just happens to be an explicitly defined property on the CUserIdentity class. So, other than name and id, all other user attributes that need to be persisted throughout the session can be set in a similar manner. When cookie-based authentication is enabled (by setting CWebUser::allowAutoLogin to be true), these user identity states will be stored in cookie. Therefore, you should not store sensitive information (for example, password) in the same manner as we have stored the user's last login time. With these changes in place, you will now need to provide a correct username and password combination for a user defined in the tbl_user table in the database. Using demo/demo or admin/admin will, of course, no longer work. Give it a try. You should be able to log in as any one of the users you created earlier in this chapter. If you followed along and have the same user data as we do, the following credentials should work: Username: Test_User_One Password: test1 Now that we have altered the login process to authenticate against the database, we won't be able to access the delete functionality for any of our project, issue or user entities. The reason for this is that there are authorization checks in place to ensure that the user is an admin prior to allowing access. Currently, none of our database users have been configured to be admins. Don't worry, authorization is the focus of the next iteration, so we will be able to access that functionality again soon. Iteration 4: User Management and Authentication [ 168 ] Updating the user last login time As we mentioned earlier in this chapter, we removed the last login time as an input field on the user creation form, but we still need to add the logic to properly update this field. As we are tracking the last login time in the tbl_user database table, we need to update this field accordingly after a successful login. As the actual login happens in the LoginForm::login() method in the form model class, let's update this value there. Add the following highlighted line to the LoginForm::login() method: /** * Logs in the user using the given username and password in the model. * @return boolean whether login is successful */ public function login() { if($this->_identity===null) { $this->_identity=new UserIdentity($this->username,$this- >password); $this->_identity->authenticate(); } if($this->_identity->errorCode===UserIdentity::ERROR_NONE) { $duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days Yii::app()->user->login($this->_identity,$duration); User::model()->updateByPk($this->_identity->id, array('last_ login_time'=>new CDbExpression('NOW()'))); return true; } else return false; } Here we are calling its updateByPk() method as an efficient approach to simply update the User record, specifying the Primary Key as well as an array of name=>value pairs for the columns we want to update. Chapter 7 [ 169 ] Displaying the last login time on the home page Now that we are updating the last login time in the db, and saving it to persistent session storage when logging in, let's go ahead and display this time on our welcome screen that a user sees after a successful login. This will also help make us feel better because we know that all of this is working as expected. Open up the default view file that is responsible for displaying our homepage: protected/views/site/index.php. Add the following highlighted lines of code just below the welcome statement: Welcome to name); ?> user->isGuest):?>
You last logged in on user->lastLoginTime ); ?>.
And as we are in there, let's go ahead and remove all of the other autogenerated help text, which is everything below these lines we just added. Once you save your changes and log in again, you should see something similar to the screenshot below, which displays the welcome message following by a formatted time indicating your last successful login: Iteration 4: User Management and Authentication [ 170 ] Summary This iteration was the first of two iterations focused on user management, authentication and authorization. We created the ability to manage CRUD operations for application users, making many adjustments to the new user creation process along the way. We added a new base class for all of our Active Record classes, so that we can easily manage our audit history table columns that are present on all of our tables. We also updated our code to properly manage the user's last login time, which we are storing in the database. In doing so, we learned about tapping into the CActiveRecord validation workflow to allow for pre and post-validation processing. We then focused on understanding the Yii authentication model in order to enhance it to meet our application's requirements: that the user credentials be validated against the values stored in the database. Now that we have covered authentication, we can turn focus to second part of Yii's auth-and-auth framework, authorization. This will be the focus of the next iteration. Iteration 5: User Access Control User based web applications, like our TrackStar application, typically need to control access to certain functionality based on who is making the request. When we speak of user access control, we are referring, at a high-level, to some questions the application needs to ask when requests are being made such as: • Who is making the request? • Does that user have the appropriate permission to access the requested functionality? The answers to these questions help the application respond appropriately. The work completed in the last iteration provides the application with the ability to answer the first question. Our implementation of basic user management extended the application user authentication process to use the database. The application now allows users to establish their own authentication credentials and validates the username and password against the database stored values upon user login. After a successful login, the application now knows exactly who is making subsequent requests. This iteration is going to focus on helping the application answer the second question. Once the user has provided appropriate identification, the application needs a way to determine if they also have the permission to perform the requested action. We'll extend our basic authorization model by taking advantage of Yii's user access control features. Yii provides both a simple access control filter as well as a more sophisticated role-based access control (RBAC) implementation as means to help us address our user authorization requirements. We'll be taking a closer look at both of these as we work to implement the user access requirements for the TrackStar application. Iteration 5: User Access Control [ 172 ] Iteration planning When we first introduced our TrackStar application back in Chapter 3, The TrackStar Application, we mentioned that the application has two high-level user types: anonymous and authenticated. This is simply making a distinction between a user that has successfully logged in, and one who has not. We have also introduced the idea of authenticated users having different roles within a project. We established that, within a project, a user can be in one of three roles: • A project owner (is granted all administrative access to the project) • A project member (is granted more limited access to project features and functionality) • A project reader (only has access to read the content associated with a project, not change it in any way) The focus of this iteration is to implement an approach to managing the access control granted to application users. We need a way to create and manage our roles and permissions, assign them to users, and enforce the access control rules we want for each user role. In order to achieve this goal, we need to identify all the more granular items we will work on within this iteration. The following is a list of these items: • Implement a strategy to force the user to log in before gaining access to any project or issue related functionality • Create user roles and associate those roles with a specific functionality permission structure • Implement the ability to assign users to roles (and their associated permissions) • Ensure our role and permission structure exists on a per project basis (that is, allow users to have different permissions within different projects) • Implement the ability to associate users to projects and, at the same time, to roles within that project • Implement the necessary authorization access checking throughout the application to appropriately grant or deny access to the application user based on their permissions Luckily, Yii comes with a lot of built-in functionality to help us implement these requirements. So, let's get started. Chapter 8 [ 173 ] Running our existing test suite As always, we should kick things off by running all of our existing unit tests to ensure that the tests pass: % cd WebRoot/protected/tests/ % phpunit unit/ PHPUnit 3.4.12 by Sebastian Bergmann. ................ Time: 3 seconds OK (10 tests, 27 assertions) Everything looks good, so we can start making changes. accessControl filter We introduced filters back in Chapter 6, Iteration 3: Adding Tasks when we added one to help us verify the project context when dealing with our Issue related CRUD operations. The Yii Framework provides a filter called accessControl. This filter can be directly used in controller classes to provide an authorization scheme to verify whether or not a user can access a specific controller action. In fact, the astute reader will remember that when we were implementing our filterProjectContext filter back in Chapter 6, we noticed that access control filter was already included in the filters list for both our IssueController and ProjectController classes, as follows: /** * @return array action filters */ public function filters() { return array( 'accessControl', // perform access control for CRUD operations ); } This was included in the autogenerated code produced by using the Gii code generator to create our skeleton CRUD operations on the Issue and Project AR classes. Iteration 5: User Access Control [ 174 ] The default implementation is set up to allow anyone to view a list of existing issues and projects. However, it restricts access of creating and updating to authenticated users, and further restricts the Delete action to a special admin user. You might remember that when we first implemented CRUD operations on projects, we had to log in before we were able to create new ones. The same was true when dealing with issues and again with users. The mechanism controlling this authorization and access is exactly this accessControl filter. Let's take a closer look at this implementation within the ProjectController.php class file. There are two methods relevant to access control in this file, ProjectController::filters() and ProjectController::accessRules(). The code for the first method is listed as follows: /** * @return array action filters */ public function filters() { return array( 'accessControl', // perform access control for CRUD operations ); } The following code is used for the second method: /** * Specifies the access control rules. * This method is used by the 'accessControl' filter. * @return array access control rules */ public function accessRules() { return array( array('allow', // allow all users to perform 'index' and 'view' actions 'actions'=>array('index','view'), 'users'=>array('*'), ), array('allow', // allow authenticated user to perform 'create' and 'update' actions 'actions'=>array('create','update'), 'users'=>array('@'), ), array('allow', // allow admin user to perform 'admin' and 'delete' actions Chapter 8 [ 175 ] 'actions'=>array('admin','delete'), 'users'=>array('admin'), ), array('deny', // deny all users 'users'=>array('*'), ), ); } The filters() method is already familiar to us. It is where we specify all the filters to be used in the controller class. In this case, we have only one, accessControl, which refers to a filter provided by the Yii Framework. This filter uses the other method, accessRules(), which defines the rules that drive the access restrictions. In the accessRules() method mentioned previously, there are four rules specified. Each rule is represented as an array. The first element of the array is either allow or deny. These indicate the granting or denying of access respectively. The rest of the array consists of name=>value pairs specifying the remaining parameters of the rule. Let's look at the first rule defined previously: array('allow', // allow all users to perform 'index' and 'view' actions 'actions'=>array('index','view'), 'users'=>array('*'), ), This rule allows the index and view controller actions to be executed by any user. The asterisk '*' special character is a way to specify any user (anonymous, authenticated, or otherwise). The second rule is as follows: array('allow', // allow authenticated user to perform 'create' and 'update' actions 'actions'=>array('create','update'), 'users'=>array('@'), ), It allows for any authenticated user to access the create and update controller actions. The '@' special character is a way to specify any authenticated user. Iteration 5: User Access Control [ 176 ] The third rule is as follows: array('allow', // allow admin user to perform 'admin' and 'delete' actions 'actions'=>array('admin','delete'), 'users'=>array('admin'), ), This specifies that a specific user, named admin, is allowed to access the actionAdmin() and actionDelete() controller actions. The fourth rule is as follows: array('deny', // deny all users 'users'=>array('*'), ), It denies access to all controller actions to all users. Access rules can be defined using a number of context parameters. The previously mentioned rules define actions and users to create the rule context, but there are several others listed as follows: • Controllers: This rule specifies an array of controller IDs to which the rule should apply. • Roles: This rule specifies a list of authorization items (roles, operation, permissions) to which the rule applies. This makes used of the RBAC feature we will be discussing in the next section. • Ips: This rule specifies a list of client IP addresses to which this rule applies. • Verbs: This rule specifies which HTTP request types (GET, POST, and so on) apply to this rule. • Expression: This rule specifies a PHP expression whose value indicates whether or not the rule should be applied. • Actions: This rule specifies the action method, by use of the corresponding action ID, to which the rule should match. • Users: This rule specifies the users to which the rule should apply. The current application user's name attribute is used for matching. Three special characters can also be used here: °° *: any user °° ?: anonymous users °° @: authenticated users Chapter 8 [ 177 ] The access rules are evaluated one by one in the order by which they are specified. The first rule that matches the current pattern determines the authorization result. If this rule is an allow rule, the action can be executed; if it is a deny rule, the action cannot be executed; if none of the rules matches the context, the action can still be executed. It is for this reason that the fourth rule is stipulated. If we did not stipulate a rule that denied all actions to all users at the end of our rules list, then we would not achieve our desired access restrictions. As an example, take the second rule. It specifies that authenticated users are allowed access to the create and update actions. However, it does not stipulate that anonymous users be denied access. It says nothing about anonymous users. The fourth rule ensures that all other requests that do not match one of the first three specific rules be denied access. With this already in place, altering our application to deny anonymous users access to all project, issue, and user related functionality is a snap. All we have to do is change the special character '*' of the users array value to the '@' special character. This will only allow authenticated users to access the actionIndex() and actionView() controller actions. All other actions are already restricted to authenticated users. Let's make this change in all of our controllers. Open up all three of the following files: ProjectController.php, IssueController.php, and UserController.php files and alter the first rule in the access control rules to be: array('allow', // allow only authenticated users to perform 'index' and 'view' actions 'actions'=>array('index','view'), 'users'=>array('@'), ), After making these changes, the application will require a login prior to accessing any of our project, issue, or user functionality. We still allow anonymous user access to the SiteController class action methods, which we kept because this is where our login actions are located. We have to be able to access the login page if we are not already logged in. Iteration 5: User Access Control [ 178 ] Role-based access control Now that we have used the simple accessControl filter as a broad stroke to limiting access to authenticated users, we need to turn focus to meeting some more granular access control needs of our application. As we mentioned, users will play certain roles within a project. The project will have users of type owner, who can be thought of as project administrators. They will be granted all access to manipulate the project. The project will also have users of type member, who will be granted some access to project functionality, but a subset of what owners are able to perform. Finally, the project can have users of type reader, who are only able to view project related content and not alter it in any way. To achieve this type of access model based on the role of a user, we turn to the RBAC feature of Yii. RBAC is an established approach in computer systems security to managing the access permissions of authenticated users. In short, the RBAC approach defines roles within an application. Permissions to perform certain operations are also defined and then associated with roles. Users are then assigned to a role and through the role association, acquire the permissions defined for that role. There is plenty of documentation available for curious readers about the general RBAC concept and approach. One good source of information is Wikipedia: http://en.wikipedia. org/wiki/Role-based_access_control. We'll focus on the specifics of Yii's implementation of RBAC. Yii's implementation of RBAC is simple, elegant, and powerful. At the foundation of RBAC in Yii is the idea of the authorization item. The authorization item is simply a permission to do things in the application. These permissions can be categorized as roles, tasks, or operations, and, as such, form a permission hierarchy. Roles can consist of tasks (or other roles), tasks can consist of operations (or other tasks) and operations are the most granular permission level. For example, in our TrackStar application, we need a role of type owner. So, we would create an authorization item of type role with the name owner. This role could then consist of tasks such as a "user management" and "issue management". These tasks could then further consist of the atomic operations that make up these tasks. For example, the user management task could consist of the operations create new user, edit user, and delete user. This hierarchy allows for inheritance of these permissions so that, given this example, if a user is assigned to the owner role, they inherit the permission to perform create, edit, and delete user operations. Chapter 8 [ 179 ] Typically in RBAC, you assign a user to one or more roles and the user inherits the permissions that have been assigned to those roles. This holds true for RBAC in Yii as well. However, in this model, we can associate users to any authorization item, not just ones of type role. This allows us the flexibility to associate a permission to a user at any level of granularity. If we only want to grant the delete user operation to a specific user, and not give them all the access that an owner role would have, we can simply associate the user to this atomic operation. This makes RBAC in Yii very flexible. Configuring the authorization manager Before we can establish an authorization hierarchy, assign users to roles, and perform access permission checking, we need to configure the authorization manager application component, authManager. This component is responsible for storing the permission data and managing the relationships between permissions as well as providing the methods to check whether or not a user does have access to perform a particular operation. Yii provides two types of authorization managers: CPhpAuthManager and CDbAuthManager. CPhpAuthManager uses a PHP script file to store the authorization data. CDbAuthManager, as you might have guessed, stores the authorization data in a database. The authManager is configured as an application component. Configuring the authorization manager consists simply of specifying which of these two types to use and then setting its initial class property values. As we are already using a database in the TrackStar application, it makes sense for us to make use of the CDbAuthManager implementation. To make this configuration, open up the main config file, protected/config/main.php, and add the following to the application components array: 'authManager'=>array( 'class'=>'CDbAuthManager', 'connectionID'=>'db', ), This establishes a new application component named authManager, specifies the class type to be CDbAuthManager, and sets the connectionID class property to be our database connection component. Now we can access this anywhere in our application using Yii::app()->authManager. Iteration 5: User Access Control [ 180 ] Creating the RBAC database tables As mentioned, the CDbAuthManager class uses database tables to store the permission data. It expects a specific schema. That schema is identified in the framework file YiiRoot/framework/web/auth/schema.sql. It is a simple, yet elegant, schema consisting of three tables, AuthItem, AuthItemChild, and AuthAssignment. The AuthItem table holds the information defining the authorization item, that is the role, task or operation. The AuthItemChild table houses the parent/child relationships that form our hierarchy of authorization items. Finally, the AuthAssignment table is an association table that holds the association between a user and an authorization item. The basic DDL statements for the tables are the following: create table AuthItem ( name varchar(64) not null, type integer not null, description text, bizrule text, data text, primary key (name) ); create table AuthItemChild ( parent varchar(64) not null, child varchar(64) not null, primary key (parent,child), foreign key (parent) references AuthItem (name) on delete cascade on update cascade, foreign key (child) references AuthItem (name) on delete cascade on update cascade ); create table AuthAssignment ( itemname varchar(64) not null, userid varchar(64) not null, bizrule text, data text, primary key (itemname,userid), foreign key (itemname) references AuthItem (name) on delete cascade on update cascade ); Chapter 8 [ 181 ] This schema is taken directly from the Yii Framework file /framework/ web/auth/schema.sql and does not exactly adhere to our table naming conventions that we use for our other tables. These are the default table names expected by CDbAuthManager class. However, you can configure this class to use different table names. For simplicity, we use the schema exactly as defined in the framework. Creating the RBAC authorization hierarchy After adding the previously mentioned tables to our _dev and _test databases, we need to populate them with our roles and permissions. We will do this using the API provided by the authManager. To keep things simple, we are going to only define roles and basic operations. We will not set up any formal RBAC tasks for now. The following figure displays the basic hierarchy we wish to define: Iteration 5: User Access Control [ 182 ] The diagram shows inheritance from the top down. So, Owners have all the permissions listed, plus they inherit all the permissions from both the Member and Reader roles. Likewise, member inherits permissions from the Reader. What we now need to do is establish this permission hierarchy in the application. As previously mentioned, the best way to do this is to write code to utilize the authManager API. As an example, the following code creates a new role and a new operation and then adds the relationship between the role and the permission: $auth=Yii::app()->authManager; $role=$auth->createRole('owner'); $auth->createOperation('createProject','create a new project'); $role->addChild('createProject'); In the preceding code, we first get an instance of the authManager. We then use its createRole(), createOperation(), and addChild() API methods to create a new owner role, and a new operation named createProject. We then add the permission to the owner role. This only demonstrates the creation of a small part of our needed hierarchy, all of the remaining relationships we outlined in the previous figure need to be created in a similar manner. To accomplish the building of our needed permission hierarchy, we are going to write a simple shell command, which is to be executed at the command line. This will extend the command options of the yiic command-line tool we used to create our initial application. Writing a console application command We introduced the yiic command-line tool back in Chapter 2, when we created a new HelloWorld! application, and again in Chapter 4 when we used it to initially create the structure of our TrackStar Web application. The yiic tool is a console application in Yii that executes tasks in the form of commands. We have used the webapp command to create a new applications, and back in Chapter 2, we also used the yiic shell command to create a new controller class. We have been using the newer Gii code generator tool when initially creating our model classes and our CRUD scaffolding code. However, there are commands available with the yiic tool for creating these as well. As a reminder, the yiic shell command allows you to interact with a web application on the command line. You can execute it from the folder that contains the entry script for the application. Then, within the context of the specific application, it provides tools to automatically generate new controllers, views and data models. Chapter 8 [ 183 ] Console applications in Yii are easily extended by writing custom commands, and this is exactly what we are going to do. We are going to extend the yiic shell command tool set by writing a new command-line tool to allow us to build our RBAC authorization hierarchy in a consistent and repeatable manner. Writing a new command for a console application is quite simple. It is simply a class that extends from CConsoleCommand which, at a minimum, implements the needed run() method that will be executed when the command is called. The name of the class should be exactly the same as the desired command name, followed by Command. In our case, our command will simply be rbac, so we'll name our class RbacCommand. Lastly, in order to make this command available to the yiic console application, we need to save our class into the /protected/commands/shell/ folder. So, create a new file called RbacCommand.php, and add the following PHP code: _authManager=Yii::app()->authManager)===null) { Iteration 5: User Access Control [ 184 ] echo "Error: an authorization manager, named 'authManager' must be configured to use this command.\n"; echo "If you already added 'authManager' component in application configuration,\n"; echo "please quit and re-enter the yiic shell.\n"; return; } //provide the oportunity for the use to abort the request echo "This command will create three roles: Owner, Member, and Reader and the following premissions:\n"; echo "create, read, update and delete user\n"; echo "create, read, update and delete project\n"; echo "create, read, update and delete issue\n"; echo "Would you like to continue? [Yes|No] "; //check the input from the user and continue if they indicated yes to the above question if(!strncasecmp(trim(fgets(STDIN)),'y',1)) { //first we need to remove all operations, roles, child relationship and assignments $this->_authManager->clearAll(); //create the lowest level operations for users $this->_authManager->createOperation("createUser","create a new user"); $this->_authManager->createOperation("readUser","read user profile information"); $this->_authManager->createOperation("updateUser","update a users information"); $this->_authManager->createOperation("deleteUser","remove a user from a project"); //create the lowest level operations for projects $this->_authManager->createOperation("createProject","cre ate a new project"); $this->_authManager->createOperation("readProject","read project information"); $this->_authManager->createOperation("updateProject","up date project information"); $this->_authManager->createOperation("deleteProject","del ete a project"); //create the lowest level operations for issues Chapter 8 [ 185 ] $this->_authManager->createOperation("createIssue","crea te a new issue"); $this->_authManager->createOperation("readIssue","read issue information"); $this->_authManager->createOperation("updateIssue","upda te issue information"); $this->_authManager->createOperation("deleteIssue","dele te an issue from a project"); //create the reader role and add the appropriate permissions as children to this role $role=$this->_authManager->createRole("reader"); $role->addChild("readUser"); $role->addChild("readProject"); $role->addChild("readIssue"); //create the member role, and add the appropriate permissions, as well as the reader role itself, as children $role=$this->_authManager->createRole("member"); $role->addChild("reader"); $role->addChild("createIssue"); $role->addChild("updateIssue"); $role->addChild("deleteIssue"); //create the owner role, and add the appropriate permissions, as well as both the reader and member roles as children $role=$this->_authManager->createRole("owner"); $role->addChild("reader"); $role->addChild("member"); $role->addChild("createUser"); $role->addChild("updateUser"); $role->addChild("deleteUser"); $role->addChild("createProject"); $role->addChild("updateProject"); $role->addChild("deleteProject"); //provide a message indicating success echo "Authorization hierarchy successfully generated."; } } } Iteration 5: User Access Control [ 186 ] The comments in the previous code should help tell the story of what is happening here. We provide a simple getHelp() method so that our new command can be quickly understood by other users. This is also consistent with the other commands offered by yiic. All of the real action happens in the run() method. It ensures the application has a vaild authManager application component defined. It then allows the user to have a last chance to cancel the request before proceeding. If the user of this command indicates they want to continue, it will proceed to clear all previously entered data in the RBAC tables and then create a new authorization hierarchy. The hierarchy that is created here is exactly the one we discussed previously. We can see that, even based on our fairly simple hierarchy, there is still a significant amount of code needed. Typically, one would need to develop a more intuitive UI wrapped around these authorization manager APIs to provide an easy interface to manage roles, tasks, and operations. For the purposes of our TrackStar application, we can simply set up the needed database tables, execute this logic once to establish the initial relationships, and then hope we don't have to make too many changes to it. This is a great solution for establishing a quick RBAC permission structure, but not ideal for the long-term maintenance of a permission structure that might change significantly. In a real-world application, you will most likely need a different, more interactive tool to help maintain the RBAC relationships. The Yii extension library (http://www.yiiframework.com/ extensions/) provides some packaged solutions for this. Let's try out this new command. Navigate to the root of your application and execute the shell command (Remember YiiRoot stands for where you have installed the Yii Framework): % YiiRoot/framework/yiic shell Yii Interactive Tool v1.1 (based on Yii v1.1.2) Please type 'help' for help. Type 'exit' to quit. >> Now type help to see a list of available commands: >> help At the prompt, you may enter a PHP statement or one of the following commands: - controller - crud - form - help Chapter 8 [ 187 ] - model - module - rbac Type 'helpAdd User To project->name; ?>
user->hasFlash('success')):?> user->getFlash('success'); ?>
beginWidget('CActiveForm'); ?>
Iteration 5: User Access Control [ 210 ] Most of this we have seen before. We are defining active labels and active form elements that tie directly to our ProjectUserForm form model class. We populate our dropdown using the static method we implemented earlier on the project model class. We also added a simple link to the menu op to take us back to the project details page. The highlighted code above is new to us. This is an example of using the flash message that we introduced and used in the actionAdduser() method. We access the message we set using setFlash() by asking the same user component if it has a flash message, using hasFlash('succcess'). We feed the hasFlash() method the exact name we gave it when we set the message. This is a nice way to present the user with some simple feedback about their previous request. One other small change we made as to add a simple link from the project details page so we could access this form form the application. The following line was added to the project show.php view file's list of link options: [$m odel->projectId)); ?>] This gives us access to the new form. Putting it all together With all of these changes in place, we can navigate to our new form by viewing one of the project details pages. For example, viewing project id #1 through the URL: http://localhost/trackstar/index.php?r=project/view&id=1. In the right column menu of operations is a hyperlink Add User To Project and clicking on that link should display the following page: Chapter 8 [ 211 ] You can use the forms we have previously built to create new projects and users to ensure you have a few added to the application. Then you can play around with adding users to projects. As you type in the Username field, you will see suggestions for auto-completion. If you attempt to add a user that is not in the user database table, you should see an error telling you so. If you attempt to enter a user that has already been added to the project, you will see an error message. On successful additions, you will see a short flash message indicating success. Checking authorization level The last thing we need to do in this iteration is to add the authorization checks for the different functionality that we have implemented. Earlier in this chapter we outlined and then implemented the RBAC authorization hierarchy for the different roles we have. Everything is in place to allow or deny access to functionality based on the permissions that have been granted to users within projects, with one exception. We have not yet implemented the necessary access checking when attempting to request functionality. The application is still using the simple access filter that is defined on each of our project, issue and user controllers. We'll do this for one of our permissions and then leave the remaining implementation as an exercise for the reader. We can notice from looking back at our authorization hierarchy that only project owners should be able to add new users to a project. So, let's start with that. What we will do is not even display the link on the project details page unless the current user is in the owner role for that project (you might want to make sure you have added at least one owner and one member or reader to a project so you can test it when complete). Open up the protected/views/project/view.php view file where we placed the link on the menu items for adding a new user. Remove that array element from the menu array items, and then push it on the end of the array only if the checkAccess() method returns true. The following code shows how the menu items should be defined: $this->menu=array( array('label'=>'List Project', 'url'=>array('index')), array('label'=>'Create Project', 'url'=>array('create')), array('label'=>'Update Project', 'url'=>array('update', 'id'=>$model->id)), array('label'=>'Delete Project', 'url'=>'#', 'linkOptions'=>array ('submit'=>array('delete','id'=>$model->id),'confirm'=>'Are you sure you want to delete this item?')), array('label'=>'Manage Project', 'url'=>array('admin')), array('label'=>'Create Issue', 'url'=>array('issue/create', 'pid'=>$model->id)), Iteration 5: User Access Control [ 212 ] ); if(Yii::app()->user->checkAccess('createUser',array('project'=>$mod el))) { $this->menu[] = array('label'=>'Add User To Project', 'url'=>array('adduser', 'id'=>$model->id)); } This implements the same approach we had discussed earlier in the chapter. We call checkAccess() on the current user, and send in the name of the permission we want to check. Also, as our roles are within the context of projects, we send in the project model instance as an array input. This will allow the business rule to execute what has been defined in the authorization assignment. Now if we log in as a project owner for a particular project and navigate to that project details page, we'll see the menu option for adding a new user to the project. Conversely, if you log in in as a user in the member or reader role of that same project, and again navigate to the details page, this link will not display. This, of course, will not prevent a savvy user from gaining access to this functionality by navigating using the URL directly. For example, even while logged in to the application as a user in the reader role for, say, project id #2, if I navigate directly to the URL: http://hostname/tasctrak/index.php?r=project/adduser&id=2 I can still access the form. To prevent this, we need to add our access check directly to the action method itself. So, in the actionAdduser() method in the project controller class, we can add the check: public function actionAdduser() { $project = $this->loadModel(); if(!Yii::app()->user->checkAccess('createUser', array('project'=>$project))) { throw new CHttpException(403,'You are not authorized to per-form this action.'); } $form=new ProjectUserForm; // collect user input data … Now when we attempt to access this URL directly, we will be denied access unless we in the project owner role for the project. We won't go through implementing the access checks for all of the other functionality. Each would be implemented in a similar manner. Chapter 8 [ 213 ] Summary We have covered a lot in this iteration. First we were introduced to the basic access control filter that Yii provides as one method to allow and deny access to specific controller action methods. We used this approach to ensure that users be logged into that application before gaining access to any of the main functionality. We then took a detailed walk through Yii's RBAC model which allows for much more sophisticated approach to access control. We built an entire user authorization hierarchy based on application roles. In the process, we were introduced to writing console applications in Yii, and to some of the benefits of this wonderful feature. We then built in new functionality to allow the addition of users to projects and being able to assign them to appropriate roles within those projects. Finally, we discovered how to implement the needed access checks throughout the application to utilize the RBAC hierarchy to appropriately grant/deny access to feature functionality. Iteration 6: Adding User Comments With the implementation of user management in the past two iterations, our Trackstar application is really starting to take shape. The bulk of our primary application feature functionality is now behind us. We can now start to focus on some of the nice-to-have features. The first of these features that we will tackle is the ability for users to leave comments on project issues. The ability for users to engage in a dialogue about project issues is an important part of what any issue tracking tool should provide. One way to achieve this is to allow users to leave comments directly on the issues. The comments will form a conversation about the issue and provide an immediate, as well as historical context to help track the full lifespan of any issue. We will also use comments to demonstrate using Yii widgets and establishing a portlet model for delivering content to the user (for more information on Portlets, visit http://en.wikipedia.org/wiki/Portlet). Iteration planning The goal of this iteration is to implement feature functionality in the Trackstar application to allow users to leave and read comments on issues. When a user is viewing the details of any project issue, they should be able to read all comments previously added as well as create a new comment on the issue. We also want to add a small fragment of content, or portlet, to the project-listing page that displays a list of recent comments left on all of the issues. This will be a nice way to provide a window into recent user activity and allow easy access to the latest issues that have active conversations. Iteration 6: Adding User Comments [ 216 ] The following is a list of high-level tasks that we will need to complete in order to achieve these goals: • Design and create a new database table to support comments • Create the Yii AR class associated with our new comments table • Add a form directly to the issue details page to allow users to submit comments • Display a list of all comments associated with an issue directly on the issues details page • Take advantage of Yii widgets to display a list of the most recent comments on the projects listing page Creating the model As always, we should run our existing test suite at the start of our iteration to ensure all of our previously written tests are still passing as expected. By this time, you should be familiar with how to do that, so we will leave it to the reader to ensure that all the unit tests are passing before proceeding. We first need to create a new table to house our comments. Below is the basic DDL definition for the table that we will be using: CREATE TABLE tbl_comment ( `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, `content` TEXT NOT NULL, `issue_id` INTEGER, `create_time` DATETIME, `create_user_id` INTEGER, `update_time` DATETIME, `update_user_id` INTEGER ) As each comment belongs to a specific issue, identified by the issue_id, and is written by a specific user, indicated by the create_user_id identifier, we also need to define the following foreign key relationships: ALTER TABLE `tbl_comment` ADD CONSTRAINT `FK_comment_issue` FOREIGN KEY (`issue_id`) REFERENCES `tbl_issue` (`id`); ALTER TABLE `tbl_comment` ADD CONSTRAINT `FK_comment_author` FOREIGN KEY (`create_user_id`) REFERENCES `tbl_user` (`id`); Chapter 9 [ 217 ] If you are following along, please ensure this table is created in both the trackstar_dev and trackstar_test databases. Once a database table is in place, creating the associated AR class is a snap. We have seen this many times in previous iterations. We know exactly how to do this. We simply use the Gii code creation tool's Model Generator command and create an AR class called Comment. If needed, refer back to Chapters 5 and 6 for all the details on using this tool to create model classes. Since we have already created the model class for issues, we will need to explicitly add the relations to to the Issue model class for comments. We will also add a relationship as a statistical query to easily retrieve the number of comments associated with a given issue (just as we did in the Project AR class for issues). Alter the Issue::relations() method as such: public function relations() { return array( 'requester' => array(self::BELONGS_TO, 'User', 'requester_id'), 'owner' => array(self::BELONGS_TO, 'User', 'owner_id'), 'project' => array(self::BELONGS_TO, 'Project', 'project_id'), 'comments' => array(self::HAS_MANY, 'Comment', 'issue_id'), 'commentCount' => array(self::STAT, 'Comment', 'issue_id'), ); } Also, we need to change our newly created Comment AR class to extend our custom TrackStarActiveRecord base class, so that it benefits from the logic we placed in the beforeValidate() method. Simply alter the beginning of the class definition as such: array(self::BELONGS_TO, 'User', 'create_user_id'), 'issue' => array(self::BELONGS_TO, 'Issue', 'issue_id'), ); } Creating the Comment CRUD Once we have an AR class in place, creating the CRUD scaffolding for managing the related entity is equally as easy. Again, use the Gii code generation tool's Crud Generator command with the AR class name, Comment, as the argument. Again, we have seen this many times in previous iterations, so we will leave this as an exercise for the reader. Again, if needed, refer back to Chapters 5 and 6 for all the details on using this tool to create CRUD scaffolding code. Although we will not immediately implement full CRUD operations for our comments, it is nice to have the scaffolding for the other operations in place. As long as we are logged in, we should now be able to view the autogenerated comment submission form via the following URL: http://localhost/trackstar/index.php?r=comment/create Altering the scaffolding to meet requirements As we have seen many times before, we often have to make adjustments to the autogenerated scaffolding code in order to meet the specific requirements of the application. For one, our autogenerated form for creating a new comment has an input field for every single column defined in the tbl_comment database table. Chapter 9 [ 219 ] We don't actually want all of these fields to be part of the form. In fact, we want to greatly simplify this form to have only a single input field for the comment content. What's more, we don't want the user to access the form via the above URL, but rather only by visiting an issue details page. The user will add comments on the same page where they are viewing the details of the issue. We want to build towards something similar to what is depicted in the following screenshot: In order to achieve this, we are going to alter our Issue controller class to handle the post of the comment form as well as alter the issue details view to display the existing comments and new comment creation form. Also, as comments should only be created within the context of an issue, we'll add a new method to the Issue model class to create new comments. Iteration 6: Adding User Comments [ 220 ] Adding a comment Let's start by writing a test for this new public method on the Issue model class. Open up the IssueTest.php file and add the following test method: public function testAddComment() { $comment = new Comment; $comment->content = "this is a test comment"; $this->assertTrue($this->issues('issueBug')->addComment($comment)); } This, of course, will fail until we add the method to our Issue AR class. Add the following method to the Issue AR class: /** * Adds a comment to this issue */ public function addComment($comment) { $comment->issue_id=$this->id; return $comment->save(); } This method ensures the proper setting of the comment issue ID before saving the new comment. Run the test again to ensure it now passes. With this method in place, we can now turn focus to the issue controller class. As we want the comment creation form to display from and post its data back to the IssueController::actionView() method, we will need to alter that method. We will also add a new protected method to handle the form POST request. First, alter the actionView() method to be the following: public function actionView() { $issue=$this->loadModel(); $comment=$this->createComment($issue); $this->render('view',array( 'model'=>$issue, 'comment'=>$comment, )); } Chapter 9 [ 221 ] Then add the following protected method to create a new comment and handle the form post request for creating a new comment for this issue: protected function createComment($issue) { $comment=new Comment; if(isset($_POST['Comment'])) { $comment->attributes=$_POST['Comment']; if($issue->addComment($comment)) { Yii::app()->user->setFlash('commentSubmitted',"Your comment has been added." ); $this->refresh(); } } return $comment; } Our new protected method, createComment() is responsible for handling the POST request for creating a new comment based on the user input. If the comment is successfully created, the page will be refreshed displaying the newly created comment. The changes made to IssueController::actionView() are responsible for calling this new method and also feeding the new comment instance to the view. Displaying the form Now we need to alter our view. First we are going to create a new view file to render the display of our comments and the comment input form. As we'll render this as a partial view, we'll stick with the naming conventions and begin the filename with a leading underscore. Create a new file called _comments.php under the protected/ views/issue/ folder and add the following code to that file: Fields with * are required.
labelEx($model,'username'); ?> widget('CAutoComplete', array( 'model'=>$model, 'attribute'=>'username', 'data'=>$usernames, 'multiple'=>false, 'htmlOptions'=>array('size'=>25), )); ?> error($model,'username'); ?>
labelEx($model,'role'); ?> dropDownList($model,'role', Project::getUserRoleOptions()); ?> error($model,'role'); ?>
endWidget(); ?> on create_ time)); ?>
Iteration 6: Adding User Comments [ 222 ] content)); ?>
beginWidget('CActiveForm', array( 'id'=>'comment-form', 'enableAjaxValidation'=>false, )); ?>
With all of this in place, we can visit an issue listing page, for example http://hostname/trackstar/index.php?r=issue/view&id=1 And we see the following comment input form at the bottom of the page: Iteration 6: Adding User Comments [ 224 ] If we attempt to submit the comment without specifying any content, we see an error as depicted in the following screenshot: And then, if we are logged in as Test User One and we submit the comment My first test comment, we are presented with the following display: Creating a recent comments widget Now that we have the ability to leave comments on issues, we are going to turn our focus to the second primary goal of this iteration. We want to display to the user a list of all of the recent comments that have been left on various issues across all of the projects. This will provide a nice snapshot of user communication activity within the application. We also want to build this small block of content in a manner that will allow it to be re-used in various different locations throughout the site. This is very much in the style of web portal applications such as news forums, weather reporting applications and sites such as Yahoo and iGoogle. These small snippets of content are often referred to as portlets, and this is why we referred to building a portlet architecture at the beginning of this iteration. Again, you can refer to http://en.wikipedia.org/wiki/Portlet for more information on this topic. Chapter 9 [ 225 ] Introducing CWidget Lucky for us, Yii is readymade to help us achieve this architecture. Yii provides a component class, called CWidget, which is intended for exactly this purpose. A Yii widget is an instance of this class (or its child class), and is a presentational component typically embedded in a view file to display self-contained, reusable user interface features. We are going to use a Yii widget to build a recent comments portlet and display it on the main project details page so we can see comment activity across all issues related to the project. To demonstrate the ease of re-use, we'll take it one step further and also display a list of project-specific comments on the project details page. To begin creating our widget, we are going to first add a new public method on our Comment AR model class to return the most recently added comments. As expected, we will begin by writing a test. But before we write the test method, let's update our comment fixtures data so that we have a couple of comments to use throughout our testing. Create a new file called tbl_comment.php within the protected/tests/fixtures folder. Open that file and add the following content: array( 'content' => 'Test comment 1 on issue bug number 1', 'issue_id' => 1, 'create_time' => '', 'create_user_id' => 1, 'update_time' => '', 'update_user_id' => '', ), 'comment2'=>array( 'content' => 'Test comment 2 on issue bug number 1', 'issue_id' => 1, 'create_time' => '', 'create_user_id' => 1, 'update_time' => '', 'update_user_id' => '', ), ); Now we have consistent, predictable, and repeatable comment data to work with. Iteration 6: Adding User Comments [ 226 ] Create a new unit test file, protected/tests/unit/CommentTest.php and add the following content: 'Comment', ); public function testRecentComments() { $recentComments=Comment::findRecentComments(); $this->assertTrue(is_array($recentComments)); } } This test will of course fail, as we have not yet added the Comment::findRecentComments() method to the Comment model class. So, let's add that now. We'll go ahead and add the full method we need, rather than adding just enough to get the test to pass. But if you are following along, feel free to move at your own TDD pace. Open Comment.php and add the following public static method: public static function findRecentComments($limit=10, $projectId=null) { if($projectId != null) { return self::model()->with(array( 'issue'=>array('condition'=>'project_id='.$projectId)))- >findAll(array( 'order'=>'t.create_time DESC', 'limit'=>$limit, )); } else { //get all comments across all projects return self::model()->with('issue')->findAll(array( 'order'=>'t.create_time DESC', 'limit'=>$limit, )); } } Chapter 9 [ 227 ] Our new method takes in two optional parameters, one to limit the number of returned comments, the other to specify a specific project ID to which all of the comments should belong. The second parameter will allow us to use our new widget to display all comments for a project on the project details page. So, if the input project id was specified, it restricts the returned results to only those comments associated with the project, otherwise, all comments across all projects are returned. More on relational AR queries in Yii The above two relational AR queries are a little new to us. We have not been using many of these options in our previous queries. Previously we have been using the simplest approach to executing relational queries: 1. Load the AR instance. 2. Access the relational properties defined in the relations() method. For example if we wanted to query for all of the issues associated with, say, project id #1, we would execute the following two lines of code: // retrieve the project whose ID is 1 $project=Project::model()->findByPk(1); // retrieve the project's issues: a relational query is actually being performed behind the scenes here $issues=$project->issues; This familiar approach uses what is referred to as a Lazy Loading. When we first create the project instance, the query does not return all of the associated issues. It only retrieves the associated issues upon an initial, explicit request for them, that is, when $project->issues is executed. This is referred to as lazy because it waits to load the issues. This approach is convenient and can also be very efficient, especially in those cases where the associated issues may not be required. However, in other circumstances, this approach can be somewhat inefficient. For example, if we wanted to retrieve the issue information across N projects, then using this lazy approach would involve executing N join queries. Depending on how large N is, this could be very inefficient. In these situations, we have another option. We can use what is called Eager Loading. Iteration 6: Adding User Comments [ 228 ] The Eager Loading approach retrieves the related AR instances at the same time as the main AR instances are requested. This is accomplished by using the with() method in concert with either the find() or findAll() methods for AR query. Sticking with our project example, we could use Eager Loading to retrieve all issues for all projects by executing the following single line of code: //retrieve all project AR instances along with their associated issue AR instances $projects = Project::model()->with('issues')->findAll(); Now, in this case, every project AR instance in the $projects array already has its associated issues property populated with an array of issues AR instances. This result has been achieved by using just a single join query. We are using this approach in both of the relational queries executed in our findRecentComments() method. The one we are using to restrict the comments to a specific project is slightly more complex. As you can see, we are specifying a query condition on the eagerly loaded issue property for the comments. Let's look at the following line: Comment::model()->with(array('issue'=>array('condition'=>'project_ id='.$projectId)))->findAll(); This query specifies a single join between the tbl_comment and the tbl_issue tables. Sticking with project id #1 for this example, the previous relational AR query would basically execute something similar to the following SQL statement: SELECT tbl_comment.*, tbl_issue.* FROM tbl_comment LEFT OUTER JOIN tbl_issue ON (tbl_comment.issue_id=tbl_issue.id) WHERE (tbl_issue. project_id=1) The added array we specify in the findAll() method simply sets an order by clause and a limit clause to the executed SQL statement. One last thing to note about the two queries we are using is how the column names that are common to both tables are disambiguated. Obviously when the two tables that are being joined have columns with the same name, we have to make a distinction between the two in our query. In our case, both tables have the create_time column defined. We are trying to order by this column in the tbl_comment table and not the one defined in the issue table. In a relational AR query in Yii, the alias name for the primary table is fixed as t, while the alias name for a relational table, by default, is the same as the corresponding relation name. So, in our two queries, we specify t.create_time to indicate we want to use the primary table's column. If we wanted to instead order by the issue create_time column, we would alter, the second query for example, as such: Chapter 9 [ 229 ] return Comment::model()->with('issue')->findAll(array( 'order'=>'issue.create_time DESC', 'limit'=>$limit, )); Completing the test Okay, now that we fully understand what our new method is doing, we need to complete testing of it. In order to fully test our new method, we need to make a few changes to our fixture data. Open each of the fixture data files: tbl_project.php, tbl_issue.php, and tbl_comment.php and ensure each of these entries is in place: Add the following code in tbl_project: 'project3'=>array( 'name' => 'Test Project 3', 'description' => 'This is test project 3', 'create_time' => '', 'create_user_id' => '', 'update_time' => '', 'update_user_id' => '', ), In tbl_issue, add the following code: 'issueFeature2'=>array( 'name' => 'Test Feature For Project 3', 'description' => 'This is a test feature issue associated with project # 3 that is completed', 'project_id' => 3, 'type_id' => 1, 'status_id' => 2, 'owner_id' => 1, 'requester_id' => 1, 'create_time' => '', 'create_user_id' => '', 'update_time' => '', 'update_user_id' => '', ), Iteration 6: Adding User Comments [ 230 ] Finally, add the following code in tbl_comment: 'comment3'=>array( 'content' => 'The first test comment on the first feature issue associated with Project #3', 'issue_id' => 3, 'create_time' => '', 'create_user_id' => '', 'update_time' => '', 'update_user_id' => '', ), We now have a total of three comments in our test database. Two of them associated with project #1 and one associated with project #3. Now we can alter our test method to test: • Requesting all comments • Limiting the number of returned comments to just two • Restricting the returned comments to only those associated with project #3 The following method tests all three scenarios: public function testRecentComments() { //retrieve all the comments for all projects $recentComments = Comment::findRecentComments(); $this->assertTrue(is_array($recentComments)); $this->assertEquals(count($recentComments),3); //make sure the limit is working $recentComments = Comment::findRecentComments(2); $this->assertTrue(is_array($recentComments)); $this->assertEquals(count($recentComments),2); //test retrieving comments only for a specific project $recentComments = Comment::findRecentComments(5, 3); $this->assertTrue(is_array($recentComments)); $this->assertEquals(count($recentComments),1); } Chapter 9 [ 231 ] We also need to ensure that our CommentTest class is using the fixture data for comments, issues, and projects. Make sure the following fixtures are defined at the top of our CommentTest class: 'Comment', 'projects'=>'Project', 'issues'=>'Issue', ); Now, if we run this test again, we should have all six assertions passing: >>phpunit unit/CommentTest.php PHPUnit 3.4.12 by Sebastian Bergmann. . Time: 0 seconds OK (1 test, 6 assertions) Armed with the knowledge of the benefits of Lazy Loading versus Eager Loading in Yii, we should make an adjustment to how the Issue model is loaded within the IssueController::actionView() method. Since we have altered the issues detail view to display our comments, including the author of the comment, we know it will be more efficient to use the Eager Loading approach to load our comments along with their respective authors when we make the call to loadModel() in this method. To do this, we can add a simple input flag to this loadModel() method to indicate whether or not we want to load the comments as well. Alter the IssueController::loadModel() method as shown below: public function loadModel($withComments=false) { if($this->_model===null) { if(isset($_GET['id'])) { if($withComments) { $this->_model=Issue::model()->with(array( 'comments'=>array('with'=>'author'))) ->findbyPk($_GET['id']); } else Iteration 6: Adding User Comments [ 232 ] { $this->_model=Issue::model()->findbyPk($_GET['id']); } } if($this->_model===null) throw new CHttpException(404,'The requested page does not exist.'); } return $this->_model; } Now we can change the call to this method in IssueController::actionView(), as such: public function actionView() { $issue=$this->loadModel(true); With this in place, we will load all of our comments, along with their respective author information, with just one database call. Creating the widget Now we are ready to create our new widget to use our new method to display our recent comments. As we previously mentioned a widget in Yii is a class that extend from the framework class CWidget or one of its child classes. We'll add our new widget to the protected/components/ directly, as the contents of this folder are already specified in the main configuration file to be auto-loaded within the application. This way we won't have to explicitly import the class every time we wish to use it. We'll name our widget RecentComments, so we need to add a php file of the same name to this directly. Add the following class definition to this newly created RecentComment. php file: _comments = Comment::model() ->findRecentComments($this->displayLimit, $this->projectId); } public function getRecentComments() { return $this->_comments; } public function run() { // this method is called by CController::endWidget() $this->render('recentComments'); } } The primary work involved when creating a new widget is to override the init() and run() methods of the base class. The init() method initializes the widget and is called after its properties have been initialized. The run() method executes the widget. In this case, we simply initialize the widget by requesting recent comments based on the $displayLimit and $projectId properties. The execution of the widget itself simply renders its associated view file, which we have yet to create. view files, by convention, are placed in views/ directly within the same folder where the widget resides, and have the same name as the widget, but start with a lowercase letter. Sticking with convention, create a new file whose fully qualified path is protected/ components/views/renderComments.php. Once created, add the following markup to that file: Fields with * are required.
errorSummary($model); ?> labelEx($model,'content'); ?> textArea($model,'content',array('rows'=>6, 'cols'=>50)); ?> error($model,'content'); ?>
endWidget(); ?> - getRecentComments() as $comment): ?>
issue->name), array('issue/view', 'id'=>$comment->issue->id)); ?>
' . $comment->content, 'lastUpdate'=>strtotime($comment->create_time), 'author'=>$comment->author->username, ); } //now use the Zend Feed class to generate the Feed // generate and render RSS feed $feed=Zend_Feed::importArray(array( 'title' => 'Trackstar Project Comments Feed', 'link' => $this->createUrl(''), 'charset' => 'UTF-8', 'entries' => $entries, ), 'rss'); $feed->send(); } This is all fairly simple. First we check the input request querystring for the existence of a pid parameter, which we take to indicate a specific project ID. Remember that we want to optionally allow the data feed to restrict the content to comments associated with a single project. Next we use the same method that we used in the previous iteration to populate our widget to retrieve a list of up to 20 recent comments, either across all projects, or if the project ID is specified, specific to that project. Chapter 10 [ 243 ] You may remember that this method returns an array of Comment AR class instances. We iterate over this returned array and convert the data into the format expected by the Zend_Feed component. Zend_Feed expects a simple array containing elements which are themselves arrays containing the data for each comment entry. Each individual entry is a simple associative array of name=>value pairs. To comply with the specific RSS format, each of our individual entries must minimally contain a title, a link, and a description. We have also added two optional fields, one called lastUpdate, which Zend_Feed translates to the RSS field, pubDate, and one to specify the author. There are a few extra helper methods we take advantage of in order to get the data in the correct format. For one, we use the controller's createAbsoluteUrl() method, rather than just the createUrl() method in order to generate a fully qualified URL. Using createAbsoluteUrl() will generate a link like the following http://localhost/trackstar/index.php?r=issue/view &id=5 as opposed to just /index.php?r=issue/view&id=5. Also, to avoid errors such as "unterminated entity reference" being generated from PHP's DOMDocument::createElement(), which is used by Zend_Feed to generate the RSS XML, we need to convert all applicable characters to HTML entities by using our handy helper function, CHTML::encode. So, we encode the link such that a URL that looks like: http://localhost/trackstar/index.php?r=issue/view&id=5 will be converted to: http://localhost/trackstar/index.php?r=issue/view&id=5 Once all of our entries have been properly populated and formatted, we use Zend_ Feed's importArray() method which expects an array to construct the RSS feed. Finally, once the Zend feed class is built from the input array of entries and returned, we call the send() method on that class. This returns the properly formatted RSS XML and appropriate headers to the client. We need to make a couple of configuration changes to the CommentController.php file and class before this will work. First, we need to import the /vendors/Zend/ Feed.php file as well as the Rss.php file under the Feed/ folder. Add the following statements to the top of CommentController.php: Yii::import('application.vendors.*'); require_once('Zend/Feed.php'); require_once('Zend/Feed/Rss.php'); Iteration 7: Adding An RSS Web Feed [ 244 ] Then, alter the CommentController::accessRules() method to allow any user to access our newly added actionFeed() method: public function accessRules() { return array( array('allow', // allow all users to perform 'index' and 'view' actions 'actions'=>array('index','view', 'feed'), 'users'=>array('*'), ), … This is really all there is to it. If we now navigate to http://localhost/trackstar/ index.php?r=comment/feed, we can view the results of our effort. As browsers handle the display of RSS feeds differently, what you see might differ from the following screenshot. The following screenshot is what you should see you are if viewing the feed in the Firefox browser: Creating user friendly URLs So far, throughout the development process, we have been using the default format of our Yii application URL structure. This format, discussed back in Chapter 2, uses a querystring approach. We have the main parameter, 'r', which stands for route, followed by a controllerID/actionID pair, and then optional querystring Chapter 10 [ 245 ] parameters as needed by the specific action methods being called. The URL we created for our new feed is no exception. It is a long, cumbersome and dare we say ugly URL. There has got to be a better way! Well, in fact, there is. We could make the above URL look cleaner and more self-explanatory by using the so-called path format, which eliminates the query string and puts the GET parameters into the path info part of URL: Taking our comment feed URL as an example, instead of: http://localhost/trackstar/index.php?r=comment/feed we would have: http://localhost/trackstar/index.php/comment/feed/ What's more, we don't even need to always specify the entry script for each request. We can also take advantage of Yii's request routing configuration options to remove the need to specify the controllerID/actionID pair as well. Our request could then look like: http://localhost/trackstar/commentfeed Also, it is common, especially with feed URL, to have the .xml extension specified at the end. So, it would be nice if we could alter our URL to look like: http://localhost/trackstar/commentfeed.xml This greatly simplifies the URL for users and is also an excellent format for URLs to be properly indexed into major search engines (often referred to as "search engine friendly URLs"). Let's see how we can use Yii's URL management features to alter our URL to match the desired format. Using the URL manager The built-in URL manager in Yii is an application component that can be configured in the protected/config/main.php file. Let's open up that file and add a new URL manager component declaration to the components array: 'urlManager'=>array( 'urlFormat'=>'path', ), As long as we stick with the default and name it urlManager, we do not need to specify the class of the component because it is pre-declared to be CUrlManager.php in the CWebApplication.php framework class. Iteration 7: Adding An RSS Web Feed [ 246 ] With this one simple addition, our URL structure has changed to the 'path' format throughout the site. For example, previously if we wanted to view, say, a specific issue whose ID is 1, we would make the request using the following URL: http://localhost/trackstar/index.php?r=issue/view&id=1 but with these changes in place, our URL now looks like: http://localhost/trackstar/index.php/issue/view/id/1 You'll notice the changes we have made have affected all the URLs generated throughout the application. To see this, visit our feed again by going to http://localhost/trackstar/index.php/comment/feed/. We notice that all of our issue links have been reformatted to this new structure for us. This is all thanks to our consistent use of the controller methods and other helper methods to generate our URLs. We can alter the URL format in just one single configuration file, and the changes will automatically propagate throughout the application. Our URLs are looking better, but we still have the entry script, index.php, specified and we are not yet able to append the .xml suffix on the end of our feed URL. So, we'll hide the index.php as part of the URL, and also setup the request routing to understand that a request for commentfeed.xml actually means a request for the actionFeed() method within the CommentController.php class. Let's actually tackle the latter, first. Configuring routing rules Yii's URL manager allows us to specify rules that define how URLs are parsed and created. A rule consists of defining a route and a pattern. The pattern is used to match on the path information part of the URL to determine which rule is used for parsing or creating URLs. The pattern may contain named parameters using the syntax ParamName:RegExp. When parsing a URL, a matching rule will extract these named parameters from the path info and put them into the $_GET variable. When a URL is being created by the application, a matching rule will extract the named parameters from $_GET and put them into the path info part of the created URL. If a pattern ends with '/*', it means additional GET parameters may be appended to the path info part of the URL. To specify URL rules, set the set the CUrlManager's rules property as an array of rules in the format pattern=>route. As an example, let's look at the following two rules: 'urlManager'=>array( 'urlFormat'=>'path', 'rules'=>array( Chapter 10 [ 247 ] 'issues'=>'issue/index', 'issue/
Some Header Content Here
In fact, let's try this out. Create a new file called newlayout.php and place it in the default folder for layout files, /protected/views/layouts/. Add the above HTML content to this file and save it. Now we'll put this to use by altering our site controller to use this new layout. Open up SiteController.php and override the layout property set in the base class by explicitly adding it to this class, as such: class SiteController extends Controller { public $layout='newlayout'; This will set the layout file to newlayout.php, but only for this controller. Now, every time we make the call to the render() method within SiteController, the newlayout.php layout file will be used. One page that SiteController is responsible for rendering is the login page. Let's take a look at that page to verify these changes. If we navigate to http://localhost/trackstar/site/login (assuming we are not already logged in), we will see something similar to the following screenshot: Chapter 11 [ 257 ] If we simply comment out the $layout attribute we just added, and refresh the login page again, we are back to using the original main.php layout and our page is now back to what it looked like before. Deconstructing the main.php layout file So far, all of our application pages have been using the main.php layout file to provide the primary layout markup. Before we go making changes to our page layout and design, it would serve us well to take a closer look at this main layout file. The following is a listing of the entire contents of that file: name); ?>
widget('zii.widgets.CBreadcrumbs', array( 'links'=>$this->breadcrumbs, )); ?> name); ?>
The first tag with a class of "container" is required by the Blueprint framework in order to display the content as a grid. Again, using the Blueprint CSS Grid framework, or any other CSS framework is not at all a requirement of Yii. It is just there to help you jumpstart your design layout if desired. The next three lines layout the first of the main content we see on these pages. It displays the name of the application in large letters. So far, this has been displaying the text 'My Web Application'. I am sure that has been driving some of you crazy. Although we may change this later to use a logo image, let's go ahead and change this to the real name of our application, 'TrackStar'. We could hardcode this name right here in the HTML. However, if we alter our application configuration to reflect our new name, the changes will propagate everywhere throughout the site wherever Yii::app()->name is being used. I am sure you could make this simple change in your sleep at this point. Simply open up the main configuration file where our application configuration settings are defined, /protected/config/main.php and change the value of the 'name' property from: 'name'=>'My Web Application', To: 'name'=>'TrackStar' Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 262 ] Save the file, refresh your browser and the header on the home page should now look something similar to the following screen: One thing we immediately notice in the above image is that the change has been made in two places. It just so happens that the view file responsible for our home page content, /protected/views/site/index.php, also uses the application name property. As we made the change in the application configuration file, it is reflected in both places. Displaying menu navigation items The main site navigation controls are often repeated across multiple pages in a web application, and housing this in a layout makes it easy to reuse. The next block of markup and code in our main layout file defines the top-level menu items: Chapter 11 [ 263 ] Here we see that one of the official Zii extensions, called CMenu, is being used. We introduced Zii back in Chapter 9. To jog your memory, the Zii extension library is a set of extensions developed by the Yii developer team. This library comes packaged with the download of the Yii Framework. Any of these extensions are easily used within a Yii application by simply referring to the desired extension class file using a path alias in the form of zii.path.to.ClassName. The root alias, zii, is predefined by the application, and the rest of the path is relative to this framework folder. So, as this Zii menu extension resides on your filesystem at Path-to-your-Yii- Framework/zii/widgets/CMenu.php, we can simply use zii.widgets.CMenu when referring to this in our application code. Without having to know too much about the specifics of CMenu, we can see it that it takes in an array of associative arrays that provide the menu item label, a URL to which that item should link, and an optional third value, visible, that can be set to a boolean value indicating whether or not that menu item should display. This is used here when defining the 'login' and 'logout' menu items. Obviously, we only want the 'login' menu item to display as a clickable link if the user is not already logged in. And, conversely, we would only want the "Logout" menu link to display if the user is already logged-in. The use of the visible element in the array that defines these menu items allows you to display these links dynamically based on whether the user is logged in or not. The use of Yii::app()->user->isGuest is used for this. This returns true if the user is not logged in (that is, they are a guest of the application) or false if the user is logged in. I am sure that you have already noticed that the 'login' option turns into a 'logout' option in our application's main menu whenever you are logged in, and vice versa. Let's update our menu to provide a way to navigate to our specific TrackStar functionality. First off, we don't want anonymous users to be able to access any real functionality except the login. So we want to make sure that the login page is more or less the home page for anonymous users. Also, the main home page for logged-in users should just be a listing of their projects. We'll achieve this by making the following changes: 1. Change our default home URL for the application to be the project listing page, rather than just site/index as it is now. 2. Change the default action within our default controller, SiteController, to be the login action. This way, any anonymous user that visits the top-level URL, http://localhost/trackstar/, will be redirected to the login page. 3. Alter our actionLogin() method to redirect the user to the project listing page if they are already logged in. 4. Change the 'home' menu item to read 'project', and change the URL to be the project listing page. Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 264 ] These are actually very simple changes to make. Starting at the top, we can change the 'homeUrl' application property in our main application configuration file. Open up protected/config/main.php and add the following name=>value pair to the returned array: 'homeUrl'=>'/trackstar/project', This is all that is needed to make that change. For the next change, open up protected/controllers/SiteController.php and add the following to the top of the controller class: public $defaultAction = 'login'; This sets the default action to be 'login'. Now if you visit your top-level URL for the application, http://localhost/trackstar/, you should be taken to the login page. The only issue with this is that you will continue to be taken to the login page from this top-level URL regardless of whether you are already logged in or not. Let's fix this by implementing step 3 above. Change the actionLogin() method within SiteController to include the following code at the beginning of the method: public function actionLogin() { if(!Yii::app()->user->isGuest) { $this->redirect(Yii::app()->homeUrl); } This will redirect all logged-in users to the application homeUrl that we just previously set to be the project listing page. Finally, let's alter the input array to our CMenu widget to change the specification for the "Home" menu item. Alter that block of code in the main.php layout file and replace: array('label'=>'Home', 'url'=>array('/site/index')), with: array('label'=>'Projects', 'url'=>array('/project')), With this replacement, all of our previously outlined changes are in place. If we now visit the TrackStar application as an anonymous user, we are directed to the login page. If we click on the Projects link, we are still directed to the login page. We can still access the About and Contact pages, which is fine for an anonymous user. If we log in we are directed to the project listing page. Now if we click the Projects link, we are allowed to see the project listings. Chapter 11 [ 265 ] Creating a breadcrumb navigation Turning back to our main.php layout file, the three lines of code that follow our menu widget define another Zii extension widget called CBreadcrumbs: widget('zii.widgets.CBreadcrumbs', array( 'links'=>$this->breadcrumbs, )); ?> This widget is used to display a list of links indicating the position of the current page, relative to other pages, in the whole website. For example, a linked navigation list of the format: Projects >> Project 1 > > Edit indicates the user is viewing an Edit page for Project 1. This is helpful for the user to find their way back to where they started, which is a listing of all the projects, as well as easily see where they are in the website page hierarchy. This is why it is referred to as a breadcrumb. Many websites implement this type of UI navigational component in their design. To use this widget, we need to configure its links property, which specifies the links to be displayed. The expected value for this property is an array that defines the breadcrumb path from a starting point, down to the specific page being viewed. Using our previous example, we could specify the links array as such: array( 'Projects'=>array('project/index'), 'Project 1'=>array('project/view','id'=>1), 'Edit', ) The breadcrumbs widget, by default, adds in the very top level "Home" link automatically, based on the application configuration setting homeUrl. So, what would be generated from the above would be a breadcrumb like: Home >> Projects >> Project 1 >> Edit Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 266 ] As we explicitly set our application $homeUrl property to be the project listings page, our first two links are the same in this case. The code in the layout file sets the link property to be the $breadcrumbs property of the controller class that is rendering the view. You can see this explicitly being set in several of the view files that were autogenerated for us when we created our controller files using the Gii code generation tool. For example, if you take a look at protected/views/project/ update.php, you see at the very top of that file the following: breadcrumbs=array( 'Projects'=>array('index'), $model->name=>array('view','id'=>$model->id), 'Update', ); And if we navigate to that page in the site, we see the following navigational breadcrumb generated, just below the main navigation: Specifying the content being decorated by the layout The next line in the layout file is where the content of the view file that is being decorated by this layout file is placed: As was discussed earlier in this chapter, when you use $this->render() in a controller class to display a certain view file, the use of a layout file is implied. Part of what this method does is to place all of the content in the specific view file being rendered into a special variable called $content, which is then made available to the layout file. So, if we again take our project update view file as an example, the contents of $content would be the rendered content contained in the file protected/views/project/update.php. Chapter 11 [ 267 ] Defining the footer Just as with the header area, it is often the case that websites are designed to have consistent footer content repeated across many pages The final few lines of our main.php layout file define a consistent footer for very page: There is nothing special going on here but we should go ahead and update it to reflect our specific site. We can leave the Powered by Yii Framework line in there to help promote this great framework. So, just change the "My Company" in the above code to "TrackStar", and we're done. Refreshing the pages in the site now displays a consistent footer as depicted in the following figure: Nesting the layouts Though it is true that the original layout we have been seeing on our pages is utilizing the file protected/layouts/main.php, that is not the whole story. When our initial application was created, all of the controllers were created to extend from the base controller located at protected/components/Controller.php. If we take a peek into this file, we see that there is a layout property explicitly defined. But it does not specify the main layout file. It specifies "column1" as the default layout file for all child classes. You may have already noticed that when the new application was created, there were a few layout files generated for us as well, all in the protected/ views/layouts/ folder: • column1.php • column2.php • main.php So, unless this is being explicitly overridden in a child class, our controllers are defining column1.php as the primary layout file, not main.php. Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 268 ] So, why did we spend all that time going through main.php, you ask? Well, it turns out that the column1.php layout file is itself decorated by the main.php layout file. So, not only can normal view files be decorated by layout files, but layout files themselves can be decorated by other layout files, forming a hierarchy of nested layout files. This allows for great flexibility in design and also greatly minimizes the need for any repeated markup in view files. Let's take a closer look at column1.php to see how this is achieved. The contents of that file are as follows: beginContent('/layouts/main'); ?> endContent(); ?> Here we see the use of a couple of methods we have not seen before. The use of the base controller methods beginContent() and endContent() are being used to decorate the enclosed content with the specified view. The view being specified here is our main layout page 'layouts/main'. The beginContent() method actually makes use of the built-in Yii widget, CContentDecorator, whose primary purpose is to allow for nested layouts. So, whatever content is between the calls to beginContent() and endContent() will be decorated with the view specified in the call to beginContent(). If nothing is specified, it will use the default layout specified either at the controller level, or if not specified at the controller level, at the application level. The rest works just as a normal layout file. All of the markup in the specific view file will be contained in the variable $content when this column1.php layout file is rendered, and then the other markup contained in this layout file will be contained again in the variable $content made available to the final rendering of the main parent layout file, main.php. Let's walk through an example. If we take the rendering of the login view as an example, i.e. the following code in the SiteController::actionLogin() method: $this->render('login'); Behind the scenes, the following steps are taken: 1. Render all of the content in the specific view file /protected/views/site/ login.php and make that content available via the variable $content to the layout file specified in the controller, which in this case is column1.php. Chapter 11 [ 269 ] 2. As column1.php is itself being decorated by the layout main.php, the content between the beingContent() and endContent() calls is again rendered and made available to the main.php file, also again via the $content variable 3. The layout file main.php is rendered and returned to the user, incorporating both the content from the specific view file for the login page, as well as the nested layout file, column1.php. Another layout file that was autogenerated for us and being used in the application is column2.php. You probably won't be surprised to discover that this file lays out a two-column design. We can see this used in the project pages, where we have a little sub-menu Operations widget display along the right hand side. The contents of this layout are as follows, and we can see the same approach is being used to achieve the nested layout: beginContent('/layouts/main'); ?> endContent(); ?> Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 270 ] Creating themes Themes provide a systematic way of customizing the design layout of a web application. One of the many benefits of an MVC architecture is the separation of the presentation tier from both the rest of the back-end stuff. Themes make great use of this separation by allowing you to easily and dramatically change the overall look and feel of a web application during runtime. Yii allows for an extremely easy application of themes to provide great flexibility in your web application design. Building themes in Yii In Yii, each theme is represented as a folder consisting of view files, layout files, and relevant resource files such as images, CSS files, JavaScript files, and so on. The name of a theme is the same as its folder name. By default, all themes reside under the same folder WebRoot/themes. Of course, as is the case with all other application settings, this default folder can be configured to be a different one. To do so, simply alter the basePath and the baseUrl properties of the themeManager application component. Contents under a theme folder should be organized in the same way as those under the application base path. For example, all view files must be located under views/, layout view files under views/layouts/, and system view files under views/ system/. For example, if we have created a new theme, called custom, and we want to replace the update view of our ProjectController with a new view under this theme, we need to create a new update.php view file and save it in our application project as themes/custom/views/project/update.php. Creating a Yii theme Let's take this for a spin to give our TrackStar application a little facelift. We need to name our new theme and create a folder under the Webroot/themes folder with this same name. We'll exercise our extreme creativity and call our new theme, new. Create a new folder to hold this new theme located at Webroot/themes/new. Also under this newly created folder, create two other new folders called css/ and views/. The former is not required by the theming system, but helps us keep our CSS organized. The latter is required if we are going to make any alterations to our default view files, which we are. As we are going to change the main.php layout file just a little, we need yet another folder under this newly created views/ folder called layouts/ (remember the folder structure needs to mirror that in the default Webroot/protected/views/ folder). Chapter 11 [ 271 ] Now let's make some changes. As our view file markup is already referencing CSS class and ID names currently defined in the Webroot/css/main.css file, the fastest path to a new face on the application is to use this as a starting point, and make changes to it as needed to implement a new design. Of course, this is not a requirement, as we could re-create every single view file of our application in the new theme. However, to keep things simple, we'll create our new theme by making a few changes to the main.css file that was auto-generated for us when we created the application, as well as the primary layout file, main.php. To begin with, let's make a copy of these two files and place them in our new theme folder. Copy Webroot/css/main.css to Webroot/themes/new/css/main.css and also copy Webroot/protected/views/layouts/main.php to Webroot/themes/ new/views/layouts/main.php. Now, open the newly copied version of the main.css file remove the contents and then add all of the following: body { margin: 0; padding: 0; color: #555; font: normal 10pt Arial,Helvetica,sans-serif; background: #d6d6d6 url(background.gif) repeat-y center top; } #page { margin-bottom: 20px; background: white; border: 1px solid #898989; border-top:none; border-bottom:none; } #header { margin: 0; padding: 0; height:100px; background:white url(header.jpg) no-repeat left top; border-bottom: 1px solid #898989; } #content { padding: 20px; } #sidebar Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 272 ] { padding: 20px 20px 20px 0; } #footer { padding: 10px; margin: 10px 20px; font-size: 0.8em; text-align: center; border-top: 1px solid #C9E0ED; } #logo { padding: 10px 20px; font-size: 200%; /* HIDES LOGO TEXT */ text-indent:-5000px; } #mainmenu { background:white url(bg2.gif) repeat-x left top; border-top:1px solid #CCC; border-bottom: 1px solid #7d7d7d; } #mainmenu ul { padding:6px 20px 5px 20px; margin:0px; } #mainmenu ul li { display: inline; } #mainmenu ul li a { color:#333; background-color:transparent; font-size:12px; font-weight:bold; text-decoration:none; padding:5px 8px; } #mainmenu ul li a:hover, #mainmenu ul li a.active { color: #d11e1e; Chapter 11 [ 273 ] background-color:#ccc; text-decoration:none; } div.flash-error, div.flash-notice, div.flash-success { padding:.8em; margin-bottom:1em; border:2px solid #ddd; } div.flash-error { background:#FBE3E4; color:#8a1f11; border-color:#FBC2C4; } div.flash-notice { background:#FFF6BF; color:#514721; border-color:#FFD324; } div.flash-success { background:#E6EFC2; color:#264409; border-color:#C6D880; } div.flash-error a { color:#8a1f11; } div.flash-notice a { color:#514721; } div.flash-success a { color:#264409; } div.form .rememberMe label { display: inline; } div.view { Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 274 ] padding: 10px; margin: 10px 0; border: 1px solid #C9E0ED; } div.breadcrumbs { font-size: 0.9em; padding: 10px 20px; } div.breadcrumbs span { font-weight: bold; } div.search-form { padding: 10px; margin: 10px 0; background: #eee; } .portlet { } .portlet-decoration { padding: 3px 8px; background:white url(bg2.gif) repeat-x left top; } .portlet-title { font-size: 12px; font-weight: bold; padding: 0; margin: 0; color: #fff; } .portlet-content { font-size:0.9em; margin: 0 0 15px 0; padding: 5px 8px; background:#ccc; } .operations li a { Chapter 11 [ 275 ] font: bold 12px Arial; color: #d11e1e; display: block; padding: 2px 0 2px 8px; line-height: 15px; text-decoration: none; } .portlet-content ul { list-style-image:none; list-style-position:outside; list-style-type:none; margin: 0; padding: 0; } .portlet-content li { padding: 2px 0 4px 0px; } .operations { list-style-type: none; margin: 0; padding: 0; } .operations li { padding-bottom: 2px; } .operations li a { font: bold 12px Arial; color: #0066A4; display: block; padding: 2px 0 2px 8px; line-height: 15px; text-decoration: none; } .operations li a:visited { color: #d11e1e; } .operations li a:hover { background: #fff; } Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 276 ] You may have noticed that some of these changes are referencing image files that do not yet exist in our project. We have added a background.gif image reference in the body declaration, a new bg2.gif image referenced in the #mainmenu ID declaration and a new header.jpg image in the #header ID declaration. These can be viewed, downloaded and used by viewing the site online or accessing the images directly from http://www.yippyii.com/trackstar/themes/new/css/background.gif, http://www.yippyii.com/trackstar/themes/new/css/bg2.gif, and http://www.yippyii.com/trackstar/themes/new/css/header.jpg. We need to place these new images into the same CSS folder we are using for this theme, namely Webroot/themes/new/css/. After these changes are in place, we need to make a couple of small adjustments to our main.php layout file in this new theme. For one, we need to alter the markup in the element to properly reference our new main.css file. Currently the main.css file is being pulled in via this line: This is referencing the application request baseUrl property to construct the relative path to the CSS file. However, we want to use our new main.css file located in our new theme. For this, we can lean on the theme manager application component, defined by default to use the Yii built-in CThemeManager.php class. We access the theme manager in the same way as we access other application components. So, rather than use the request base URL, we should use the one defined by the theme manager, which knows what theme the application is using at any given time. So, we need to alter the above line in /themes/new/views/layouts/main.php as follows: Once we configure our application to use our new theme (something we have not yet done), this baseUrl will resolve to a relative path to where our theme folder resides. The other small change we need to make is to remove the display of the application title from the header. As we altered our CSS to use a new image file to provide our header and logo information, we don't need to display the application name in this section. So, again in /themes/new/views/layouts/main.php, we simply need to change this: Chapter 11 [ 277 ] To the following: We have put in a comment to remind us where our header image is defined. One final change we need to make is to the other two layout files used in the application that we are not copying over to our new theme folder, namely protected/ views/layouts/column1.php and protected/views/layouts/column2.php. As previously discussed in the section on nesting layouts, these two layout files also use the main layout file via explicit calls to the beginContent() and endContent(). These files were auto-generated by the Gii code generation tool, and are explicitly referencing the main layout file in protected/views/layouts/ folder. We need to change the input specified to the beginContent() method so that, if available, our new theme layout will be used. Open both the column1.php and column2.php files and change the following line of code: $this->beginContent('application.views.layouts.main'); To be the following: $this->beginContent('/layouts/main'); Now, once we configure the application to use our new theme, it will first look for a main.php layout in the themes folder and use that file. Configuring the application to use a theme Okay, with our new theme now created and in place, we need to tell the application itself to use it. Doing so is easy. We just alter the main application's theme property setting by changing the main application configuration file. By now, we are old pros at doing this. Simply add the following name=>value pair to the returned array in the /protected/config/main.php file: 'theme'=>'new', Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 278 ] Once this is saved, our application is now using our newly created theme, new, and our application has a brand new face. Taking a look at the login page, which is also our default home page if not logged-in, we now see what is depicted in the following figure: This, of course is not a huge change. We have kept the changes fairly minimal, but it does illustrate the process of creating a new theme. The application will first look for view files in this new theme and use them if they exists, otherwise, it will pull them from the default location. You can see how easy it is to give the application a new look and feel. You could create a new theme for each season, or maybe based on your different moods and then change the application to fit the season or mood quickly and easily as desired. Translating the site to other languages Before we leave this iteration, we are going to talk about internationalization (i18n) and localization (L10n) in Yii. Internationalization refers to the process of designing software applications in such a manner that it can be adapted to various languages without having to make underlying engineering changes. Localization refers to the process of adapting internationalized software applications for a specific geographic location or language by adding locale-dependent formatting and translating text. Yii provides support for these in the following ways: Chapter 11 [ 279 ] • It provides the locale data for nearly every language and region • It provides services to assist in the translation of text message and file • It provides locale-dependent date and time formatting • It provides locale-dependent number formatting Defining locale and language Locale refers to a set of parameters that define the user's language, country, and any other user interface preferences that may be relevant to a user's location. It is typically identified by a composite ID consisting of a language identifier and a region identifier. For example, a locale ID of en_US stands for the English language and the region of the United States. For consistency, all locale IDs in Yii are standardized to the format of either LanguageID or LanguageID_RegionID in lower case (for example, en or en_us). In Yii, locale data is represented as an instance of the CLocale class, or a child class thereof. It provides locale-specific information including currency and numeric symbols; currency, number, date, and time formats; date-related names like months, days of week, and so on. Given a locale ID, one can get the corresponding CLocal instance by either using the static method CLocal::getInstance($localeID) or using the application. The following example code creates a new instance based on the en_us local identifier using the application component: Yii::app()->getLocale('en_us'); Yii comes with locale data for nearly every language and region. The data comes from the Common Locale Data Repository (CLDR) (http://cldr.unicode.org/) and is stored in files that are named according to their respective locale id in the Yii Framework folder framework/i18n/data/. So, in the above example of creating a new CLocale instance, the data used to populate the attributes came from the file framework/i18n/data/en_us.php. If you look under this folder, you will see data files for a great many languages and regions. So, going back to our example, if we wanted to get, say, the names of the months in English specific to the US region, we could execute the following code: $locale = Yii::app()->getLocale('en_us'); print_r($locale->monthNames); Which would produce the following: Array ( [1] => January [2] => February [3] => March [4] => April [5] => May [6] => June [7] => July [8] => August [9] => September [10] => October [11] => November [12] => December ) Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 280 ] Where as if we wanted, say, the same month names for the Italian language, we could do the same, but create a different CLocale instance: $locale = Yii::app()->getLocale('it'); print_r($locale->monthNames); Which would produce the following: Array ( [1] => gennaio [2] => febbraio [3] => marzo [4] => aprile [5] => maggio [6] => giugno [7] => luglio [8] => agosto [9] => settembre [10] => ottobre [11] => novembre [12] => dicembre ) The first instance is based on the data file framework/i18n/data/en_us.php and the latter on framework/i18n/data/it.php. If desired, the application's localeDataPath property can be configured in order to specify a custom folder in which to add your custom locale data files. Performing language translation Perhaps the most desired feature of i18n is language translation. As mentioned previously, Yii provides both message translation and view translation. The former translates a single text message to a desired language, and the latter translates an entire file to the desired language. A translation request consists of the object to be translated (either a string of text or a file), the source language that the object is in and the target language to which the object is to be translated. A Yii application makes a distinction between its target language and its source language. The target language is the language (or locale) that we are targeting for the user, where the source language refers to the language in which the application files are written. So far, our TrackStar application has been written in English and also targeted to English language users. So our target and source languages thus far have been the same. The internationalization features of Yii, which include translation, are applicable only when these two languages are different. Performing message translation Message translation is performed by calling the application method: t(string $category, string $message, array $params=array ( ), string $source=NULL, string $language=NULL) This method translates the message from the source language to the target language. When translating a message, the category must be specified to allow a message to be translated differently under different categories (contexts). The category yii is reserved for messages used by the Yii Framework core code. Chapter 11 [ 281 ] Messages can also contain parameter placeholders which will be replaced with the actual parameter values upon calling Yii::t(). The following example depicts the translation of an error message. This message translation request would replace the {errorCode} placeholder in the original message with the actual $errorCode value: Yii::t('category', 'The error: "{errorCode}" was encountered during the last request.', array('{errorCode}'=>$errorCode)); The translated messages are stored in a repository called message source. A message source is represented as an instance of CMessageSource or its child class. When Yii::t() is invoked, it will look for the message in the message source and return its translated version if it is found. Yii comes with the following types of message sources: • CPhpMessageSource: This is the default message source. The message translations are stored as key-value pairs in a PHP array. The original message is the key and the translated message is the value. Each array represents the translations for a particular category of messages and is stored in a separate PHP script file whose name is the category name. The PHP translation files for the same language are stored under the same folder named as the locale ID. All these folders are located under the folder specified by basePath. • CGettextMessageSource: The message translations are stored as GNU Gettext files. • CDbMessageSource: The message translations are stored in database tables. A message source is loaded as an application component. Yii pre-declares an application component named messages to store messages that are used in a user application. By default, the type of this message source is CPhpMessageSource and the base path for storing the PHP translation files is protected/messages. An example will go a long way to helping bring all of this together. Let's translate the form field labels on our Login form into a fictitious language we'll call Reversish. Reversish is written by taking an English word or phrase and writing it in reverse. So, here are the Reversish translations of our login form field labels: English Reversish Username Emanresu Password Drowssap Remember me next time Emit txen em rebmemer Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 282 ] We'll use the default CPhpMessageSource implementation to house our message translations. So, the first thing we need to do is create a PHP file containing our translations. We'll make the locale ID be 'rev' and we'll just call the category 'default' for now. So, we need to create a new file under the messages base folder that follows the format /localeID/CategoryName.php. So, for this example, we need to create a new file located at /protected/messages/rev/default.php, and then add the following translation array: 'Emanresu', 'Password' => 'Drowssap', 'Remember me next time' => 'Emit txen em rebmemer', ); The next thing we need to do is to set the application target language to be Reversish. We could do this in the application configuration file, so that it would impact the entire site. However, as we only have translations for our login form, we'll just set it down in the SiteController::actionLogin() method, so that it will only apply when rendering the login form for now. So, open that file and set the application target language right at the beginning of that method: public function actionLogin() { Yii::app()->language = 'rev'; Now, the last thing we need to do is to make our calls to Yii::t() so that these form field labels are sent through the translation. These form field labels are defined in the LoginForm:: attributeLabels() method. Replace that entire method with the following: /** * Declares attribute labels. */ public function attributeLabels() { return array( 'rememberMe'=>Yii::t('default','Remember me next time'), 'username'=>Yii::t('default', 'Username'), 'password'=>Yii::t('default', 'Password'), ); } Chapter 11 [ 283 ] Now if we visit our login form again, we see a new Reversish version as depicted in the following screenshot: Performing file translation Yii also provides the ability to use different files based on the target locale ID setting of the application. File translation is accomplished by calling the application method CApplication::findLocalizedFile(). This method takes in the path to a file and this method will look for a file with the same name, but under a directory named the same as the target locale ID specified either as explicit input to the method, or what is specified in the application configuration. Let's try this out. All we really need to do is to create the appropriate translation file. We'll stick with translating the login form. So, create a new view file /protected/ views/site/rev/login.php and add the following contents that have already been translated to Reversish: pageTitle='Nigol'; $this->breadcrumbs=array( 'Nigol', ); ?> endContent(); ?> Not specifying an input file when calling beginContent() will result in it using the default layout for our module, which we just set to be our newly copied main.php file. Now let's make a few changes to our main.php layout file. We are going to add Admin Console to our application header text to underscore that we are in a separate part of the application. We will also alter our menu items to have a link to the admin home page, as well as a link to go back to the main site. We can remove the About and Contact links from this menu, as we don't need to repeat those options in our admin section. The changes to the file are highlighted below: Chapter 12 [ 295 ] ... ... We can leave the rest of the file unchanged. Now if we visit our admin module page, we see something similar to the following screenshot: If we click on the Back To Main Site link, we see that we are taken back to our newly themed version of our main application. Restricting admin access One problem you may have already noticed is that anyone, including guest users, can access our new admin module. We are building this admin module to expose application functionality that should only be accessible to users with administrative access. So, we need to address this issue. Iteration 9: Modules - Adding Administration [ 296 ] Luckily, we have already implemented an RBAC access model in our application back in Chapter 8. All we need to do now is extend it to include a new role for administrators and new permissions available to that role. If you recall from chapter 8, we used a Yii shell command to implement our RBAC structure. We need to add to that. So, open up the file containing that shell command, /protected/commands/shell/RbacCommand.php and add the following: //create a general task-level permission for admins $this->_authManager->createTask("adminManagement", "access to the application administration functionality"); //create the site admin role, and add the appropriate permissions $role=$this->_authManager->createRole("admin"); $role->addChild("owner"; $role->addChild("reader"); $role->addChild("member"); $role->addChild("adminManagement"); //ensure we have one admin in the system (force it to be user id #1) $this->_authManager->assign("admin",1); With these changes in place, we have to rerun our command to update the database with these changes. To do so, just fire-up the yiic shell, and execute the rbac command: % cd Webroot/trackstar % protected/yiic shell >> rbac With these changes to our RBAC model in place, we can add an access check to the AdminModule::beforeControllerAction() method so that nothing within the admin module will be executed unless the user has the admin role: public function beforeControllerAction($controller, $action) { if(parent::beforeControllerAction($controller, $action)) { // this method is called before any module controller action is performed // you may place customized code here if( !Yii::app()->authManager->checkAccess("admin", Yii::app()- >user->id) ) { throw new CHttpException(403,Yii::t('yii','You are not au- thorized to perform this action.')); } Chapter 12 [ 297 ] else { return true; } } else return false; } With this in place, if a user who has not been assigned the admin role now attempts to visit any page within the admin module, they will be met with an authorization error page. For example, if you are not logged in and you attempt to visit the admin page, you will be met with the following result: The same holds true for any user that has not been assigned to the admin role. Now we can conditionally add a link to the admin section of the site to our main application menu. This way, users with administrative access won't have to remember a cumbersome URL to navigate to the admin console. As a reminder, our main application menu is located in our application's theme default application layout file /themes/new/views/layouts/main.php. Open that file and add the following highlighted code to the menu section: Now, upon logging in to the application as a user with admin access, we will see a new link in our top navigation that will take us to our newly added admin section of the site. Adding a system-wide message As a module can really be thought of as a mini-application itself, adding functionality to a module is really the same process as adding functionality to the main application. Let's add some new functionality just for administrators; the ability to manage system-wide messages displayed to users when they first log into the application. Creating the database table As is often the case with brand new functionality, we need a place to house our data. We need to create a new table to store our system-wide messages. For our purposes, we can keep this simple. Here is the definition for our table: CREATE TABLE `tbl_sys_message` ( `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, `message` TEXT NOT NULL, `create_time` DATETIME, `create_user_id` INTEGER, `update_time` DATETIME, `update_user_id` INTEGER ) Chapter 12 [ 299 ] Create this new table in both the main trackstar_dev and our trackstar_test databases. Creating our model and CRUD scaffolding With the table in place, our next step is to generate the model class using our favorite tool, the Gii code generator. We'll first use the Model Generator option to create the model class, and then the Crud Generator to create our basic scaffolding to quickly interact with this model. Go ahead and navigate to the Gii tool form for creating a new model. This time, as we are doing this within the context of a module, we need to explicitly specify the model path. Fill out the form with the values depicted as shown in the following screenshot (though, of course, your Code Template path value should be specific to your local setup): Iteration 9: Modules - Adding Administration [ 300 ] Now we can create the CRUD scaffolding in the same way. Again, the only real difference between what we have done previously and what we are doing now is our specification that the location of the model class is in the admin module. After choosing the Crud Generator option from the Gii tool, fill out the Model Class and Controller ID form fields as shown in the following screenshot: This alerts the tool to the fact that our model class is under the admin module and that our controller class, as well as all other files related to this code generation should be placed within the admin module as well. Complete the creation by first clicking on the Preview button, and then Generate. The following is a list of all of the files that are created by this action: Chapter 12 [ 301 ] Adding a link to our new functionality Let's add a new menu item within the main admin navigation that links to our newly created message functionality. Open the file that contains our main menu navigation for our module, /protected/modules/admin/views/layouts/main.php, and add the following array item to the menu widget: array('label'=>'System Messages', 'url'=>array('/admin/sysMessage/ index')), As the auto-created controller and view files for our new system message functionality were created to use a 2-column layout file, we can do one of two things. We can alter the controller class to use our existing single column layout file, or we can add a 2 column layout file to our module layout files. The latter is going to be slightly easier and will also look better, as all of the view files are created to have their sub-menu items (that is, the links to all the CRUD functionality) display in a second right-hand column. Here is all we have to do: 1. Copy the 2 column layout from our main application to our module: That is, copy /protected/views/layouts/column2.php to /protected/modules/ admin/views/layouts/column2.php. 2. Remove /layouts/main as input to the beginContent() method call on the first line in the newly copied column2.php file. 3. Alter the SysMessage model class to extend TrackstarActiveRecord (If you recall, this adds the code to automatically update our create_time/ user and update_time/user properties. Alter the SysMessageController controller class to use the new column2.php layout file from within the module folder and not the one from the main application. The autogenerated code has specified $layout='application.views.layouts.column2', but we need this to be simply $layout='column2'. 4. As we are extending TrackstarActiveRecord, we can remove the unnecessary fields from our autogenerated sys messages creation form and remove their associated rules from the model class. Remove the following two rules from the SysMessage::rules() method: array('create_user, update_user', 'numerical', 'integerOnly'=>true), and array('create_time, update_time', 'safe'). You don't absolutely have to do this last step, but it is good to get in to the habit of only specifying rules for those fields that the user can input. Iteration 9: Modules - Adding Administration [ 302 ] One last change we should make is to update our simple access rules to reflect the requirement that only users in the admin role can access our action methods. This is mostly for illustrative purposes as we already took care of the access using our RBAC model approach in the AdminModule::beforeControlerAction method itself. We could actually just remove the accessRules entirely. However, let's just update them to reflect the requirement so you can see how that would work using the access rule approach. In the SysMessageController::accessRules() method, change the entire contents to the following: public function accessRules() { return array( array('allow', // allow only users in the 'admin' role access to our actions 'actions'=>array('index','view', 'create', 'update', 'admin', 'delete'), 'roles'=>array('admin'), ), array('deny', // deny all users 'users'=>array('*'), ), ); } Okay, with all of this in place, if we now access our new message input form by visiting http://localhost/trackstar/admin/sysMessage/create, we are presented with something similar to the following screenshot: Chapter 12 [ 303 ] Fill out this form with the message Hello Users! This is your admin speaking... and then click Submit. The application will redirect you to the details listing page for this newly created message as shown in the following screenshot: Displaying the message to users Now that we have a message in our system, let's display it to the user on the application's home page. Importing the new model class for application-wide access In order to access the newly created model from anywhere in our application, we need to import it as a part of the application configuration. Alter protected/ config/main.php to include the new admin module models folder: // autoloading model and component classes 'import'=>array( 'application.models.*', 'application.components.*', 'application.modules.admin.models.*', ), Iteration 9: Modules - Adding Administration [ 304 ] Selecting the most recently updated message We'll restrict the display to just one message, and we'll choose the most recently updated message, based on the update_time column in the table. As we want to add this to the main projects listing page, we need to alter the ProjectController::act ionIndex() method. Alter that method by adding the following highlighted code: public function actionIndex() { $dataProvider=new CActiveDataProvider('Project'); Yii::app()->clientScript->registerLinkTag( 'alternate', 'application/rss+xml', $this->createUrl('comment/feed')); //get the latest system message to display based on the update_time column $sysMessage = SysMessage::model()->find(array( 'order'=>'t.update_time DESC', )); if($sysMessage != null) $message = $sysMessage->message; else $message = null; $this->render('index',array( 'dataProvider'=>$dataProvider, 'sysMessage'=>$message, )); } Now we need to alter our view file to display this new bit of content. Add the following to views/project/index.php, just above the Chapter 12 [ 305 ] Now when we visit our projects listing page (that is, our application's home page) we can see it display as shown in the following screenshot: Adding a little design tweak Okay. This does what we wanted it to do, but this message does not really stand out very well to the user. Let's change that by adding a little snippet to our main css file (/themes/new/css/main.css): div.sys-message { padding:.8em; margin-bottom:1em; border:3px solid #ddd; background:#9EEFFF; color:#FF330A; border-color:#00849E; } With this in place, our message now really stands out on the page. The following screenshot shows the message with these changes in place: One might argue that this design tweak went a little too far. Users might get a headache if they have to stare at those message colors all day. Rather than toning down the colors, let's use a little JavaScript to fade the message out after five seconds. As we will display the message every time the user visits this home page, it might be nice to prevent them from having to stare at it for too long. Iteration 9: Modules - Adding Administration [ 306 ] We'll make things easy on ourselves and take advantage of the fact that Yii comes shipped with the powerful JavaScript framework jQuery. jQuery is an open source JavaScript library that simplifies the interaction between the HTML Document Object Model (DOM) and JavaScript. It is outside the scope of this book to dive into the details of jQuery, but it is well worth visiting its documentation to become a little acquainted with its features. As Yii comes shipped with jQuery, you can simply register jQuery code in view files and Yii will take care of including the core jQuery library for you. We'll also use the application helper component CClientScript to register our jQuery JavaScript code for us in the resulting web page. It will make sure it is placed in the appropriate place as well as properly tagged and formatted. So, let's alter what we previously added to include a snippet of JavaScript that will fade out the message. Replace what we just added to views/project/index.php with the following: clientScript->registerScript( 'fadeAndHideEffect', '$(".sys-message").animate({opacity: 1.0}, 5000). fadeOut("slow");' ); endif; ?> Now if we reload our main projects listing page, we see the message fade out after five seconds. For more information on cool jQuery effects you can easily add to your pages, take a look at the JQuery API documentation at: http://api.jquery.com/ category/effects/ Finally, to convince yourself everything is working as expected, you can add another system-wide message. As this newer message will have a more recent update_time property, it will be the one to display on the projects listing page. Chapter 12 [ 307 ] Summary In this iteration, we have introduced the concept of a Yii module and demonstrated its practicality by using one to create an administrative section of the site. We demonstrated how to create a new module, how to apply a theme, how to add application functionality within the module, and even how to take advantage of an existing RBAC model to apply authorization access controls to a functionality within a module. We also demonstrated how to use jQuery to add a dash of UI flare to our application. With the addition of this administrative interface, we now have all of the major pieces of the application in place. Though the application is incredibly simple, we feel it is time to get it ready for production. The next iteration will focus on preparing our application for production deployment. Iteration 10: Production Readiness Even though our application lacks a significant amount of feature functionality, our (albeit imaginary) deadlines are approaching and our (also imaginary) client is getting anxious about getting the application into a production environment. Although it may take some time before our application actually sees the light of day in production it is time to get the application "production ready". In this, our final development iteration, we are going to do just that. Iteration planning In order to achieve the goal of preparing our application for a production environment, we are going to focus on the following granular tasks: • Implement Yii's application logging framework to ensure we are logging information about critical production errors and events • Implement Yii's application error handling framework to ensure we understand how this works differently in a production environment than in a development environment • Implement application data caching to help improve performance Logging Logging is a topic that should arguably have been covered before this late stage in the application development. Informational, warning, and severe error messages are invaluable when it comes to troubleshooting software applications, most certainly those in a production environment being used by real users. Iteration 10: Production Readiness [ 310 ] Yii provides a flexible and extensible logging feature. Messages logged can be classified according to log levels and message categories. Using level and category filters, selected messages can be further routed to different destinations, such as written to files on disc, sent to administrators as e-mails or displayed to browser windows. Message logging Our application has actually been logging many informational messages upon each request the entire time. When the initial application was created, it was configured to be in debug mode and, while in this mode, the Yii Framework itself logs information messages. We can't actually see these messages because, by default, they are being logged to memory. So, they are around only for the lifetime of the request. Whether or not the application is in this debug mode is controlled by the following line in the root index.php file: defined('YII_DEBUG') or define('YII_DEBUG',true); To see what is being logged, let's whip up a quick little action method in our SiteController class to display the messages: public function actionShowLog() { echo "Logged Messages:
"; var_dump(Yii::getLogger()->getLogs()); } If we invoke this action by making the following request at: http://localhost/ trackstar/site/showLog, we see something similar to the following: Chapter 13 [ 311 ] If we comment out our global application debug variable, defined in index.php, and refresh the page, we'll notice that nothing was logged. This is because this system-level debugging information level logging is accomplished by calling Yii::trace, which only logs the message if the application is in this special debug mode. We can log messages using one of two static application methods: • Yii::log($message, $level, $category) • Yii::trace($message, $category) As mentioned, the main difference between these two methods is that Yii::trace logs the message only when the application is in debug mode. Categories and levels When logging a message, we need to specify its category and level. The category is represented by a string in the format of xxx.yyy.zzz, which resembles the path alias. For example, if a message is logged in our application's SiteController class, we may choose to use the category application.controllers.SiteController. The category is there to provide extra context to the message being logged. In addition to specifying the category, when using Yii::log, we can also specify a level for the message. The level can be thought of as the severity of the message. You can define your own levels, but typically they take on one of the following values: • Trace: This level is commonly used for tracing the execution flow of the application during development. • Info: This level is for logging general information, and it is the default level if none is specified. • Profile: This level is to be used with the performance profile feature, which is described below. • Warning: This level is for warning messages. • Error: This is level for fatal error messages. Iteration 10: Production Readiness [ 312 ] Adding a login message log As an example, let's add some logging to our user login method. We'll provide some basic debugging information at the beginning of the method to indicate the method is being executed. We'll then log an informational message upon a successful login as well as a warning message if the login fails. Alter our SiteController::actionLogin() method as follows: /** * Displays the login page */ public function actionLogin() { Yii::app()->language = 'rev'; Yii::trace("The actionLogin() method is being requested", "application.controllers.SiteController"); if(!Yii::app()->user->isGuest) { $this->redirect(Yii::app()->homeUrl); } $model=new LoginForm; // if it is ajax validation request if(isset($_POST['ajax']) && $_POST['ajax']==='login-form') { echo CActiveForm::validate($model); Yii::app()->end(); } // collect user input data if(isset($_POST['LoginForm'])) { $model->attributes=$_POST['LoginForm']; // validate user input and redirect to the previous page if valid if($model->validate() && $model->login()) { Yii::log("Successful login of user: " . Yii::app()->user- >id, "info", "application.controllers.SiteController"); $this->redirect(Yii::app()->user->returnUrl); } Chapter 13 [ 313 ] else { Yii::log("Failed login attempt", "warning", "application. controllers.SiteController"); } } // display the login form //public string findLocalizedFile(string $srcFile, string $srcLanguage=NULL, string $language=NULL) $this->render('login',array('model'=>$model)); } If we now successfully log in (or perform a failed attempt) and visit our page to view the logs, we don't see them (If you commented out the debug mode declaration, make sure you have put the application back in debug mode for this exercise). Again, the reason is that by default, the logging implementation in Yii simply stores the messages in memory. They disappear when the request completes. This is not terribly useful. We need to route them to a more persistent storage area so we can view them outside of the request in which they are generated. Message routing As we mentioned, by default, messages logged using Yii::log or Yii::trace are kept in memory. Typically, these messages are more useful if they are displayed in browser windows, or saved to some persistent storage such as in a file, or in a database or sent as an e-mail. Yii's message routing allows for the log messages to be routed to different destinations. In Yii, message routing is managed by a CLogRouter application component. It allows you to define a list of destinations to which the log messages should be routed. In order to take advantage of this message routing, we need to configure the CLogRouter application component in our protected/config/main.php config file. We do this by setting its routes property with the desired log message destinations. If we open our config file, we see that some configuration information has already been provided (again, courtesy of using the yiic webapp command to initially create our application). The following is already defined in our configuration: 'log'=>array 'class'=>'CLogRouter', 'routes'=>array( Iteration 10: Production Readiness [ 314 ] array( 'class'=>'CFileLogRoute', 'levels'=>'error, warning', ), // uncomment the following to show log messages on web pages /* array( 'class'=>'CWebLogRoute', ), */ ), ), The log application component is configured to use the framework class CLogRouter. You could also certainly create and use a custom child class of this if you have logging requirements not fully met by the base framework implementation, but in our case, this will work just fine. What follows the class definition in the previous configuration is the definition of the routes property. In this case, there is just one route specified. This one is using the Yii Framework message routing class, CFileLogRoute. The CFileLogRoute message routing class uses the filesystem to save the messages. By default, messages are logged in a file under the application runtime folder, /protected/runtime/ application.log. In fact, if you have been following along with us and have your own application, you can take a peek at this file and will see several messages that have been logged by the framework. The levels specification dictates that only messages whose log level is either error or warning will be routed to this file. The part of the configuration in the preceding code that is commented out specifies another route, CWebLogRoute. If used, this will route the message to be displayed on the currently requested web page. The following is a list of message routes currently available in version 1.1 of Yii: • CDbLogRoute: Saves messages in a database table • CEmailLogRoute: Sends messages to specified e-mail addresses • CFileLogRoute: Saves messages in a file under the application runtime folder • CWebLogRoute: Displays messages at the end of the current web page • CProfileLogRoute: Displays profiling messages at the end of the current web page The logging that we added to our SiteController::actionLogin() method used Yii::trace for one message and then used Yii::log for two more. When using Yii::trace, the log level is automatically set to trace. When using the Yii::log we Chapter 13 [ 315 ] specified an info log level if the login was successful and a warning level if the login attempt failed. Let's alter our log routing configuration to write the trace and info level messages to a new, separate file called infoMessages.log in the same folder as our application.log file. Also, let's configure it to write the warning messages to the browser. To do that, we make the following changes to the configuration: 'log'=>array( 'class'=>'CLogRouter', 'routes'=>array( array( 'class'=>'CFileLogRoute', 'levels'=>'error', ), array( 'class'=>'CFileLogRoute', 'levels'=>'info, trace', 'logFile'=>'infoMessages.log', ), array( 'class'=>'CWebLogRoute', 'levels'=>'warning', ), ... Now, after saving these changes, let's try out the different scenarios. First, try a successful login. Doing so will write two messages out to our new /protected/ runtime/infoMessages.log file, one for the trace and then one logging the successful login. After successfully logging in, viewing that file reveals the following (The full listing was truncated to save a few trees): … 2010/04/15 00:31:52 [trace] [application.controllers.SiteController] The actionLogin() method is being requested 2010/04/15 00:31:52 [trace] [system.web.CModule] Loading "user" application component 2010/04/15 00:31:52 [trace] [system.web.CModule] Loading "session" application component 2010/04/15 00:31:52 [trace] [system.web.CModule] Loading "db" application component 2010/04/15 00:31:52 [trace] [system.db.CDbConnection] Opening DB connection … 2010/04/15 00:31:52 [info] [application.controllers.SiteController] Successful login of user: 1 … Iteration 10: Production Readiness [ 316 ] Wow, there is a lot more in there than just our two messages. But our two did show up; they are bolded in the above listing. Now that we are routing all of trace messages to this new file, all of the framework trace messages are showing up here as well. This is actually very informative and helps you get a picture of the lifecycle of a request as it makes its way through the framework. There is a lot going on under the covers. We would obviously turn off this verbose level of logging when moving this application to production. In non-debug mode, we would only see our single info level message. But this level of detail can be very informative when trying to track down bugs and just figure out what the application is doing. It is comforting to know it is here when/if ever needed. Now let's try the failed login attempt scenario. If we now log out and try our login again, but this time specify incorrect credentials to force a failed login, we see our warning level display along the bottom of the returned web page, just as we configured it to do. The following screenshot shows this warning being displayed: When using the CLogRouter message router, the logfiles are stored under the logPath property and the filename is specified by the logFile. Another great feature of this log router is automatic logfile rotation. If the size of the logfile is greater than the value set in the maxFileSize (in kilobytes) property, a rotation is performed, which renames the current logfile by suffixing the filename with '1'. All existing logfiles are moved backwards one place, that is, '.2' to '.3', '.1' to '.2'. The property maxLogFiles can be used to specify how many files are to be kept. Handling errors Properly handling the errors that invariably occur in software applications is of the utmost importance. This, again, is a topic that arguably should have been covered prior to coding our application, rather than at this late stage. Luckily, though, as we have been leaning on tools within the Yii Framework to autogenerate much of our core application skeleton, our application is already taking advantage of some of Yii's error handling features. Chapter 13 [ 317 ] Yii provides a complete error handling framework based on PHP 5 exceptions, a built-in mechanism for handling program failures through centralized points. When the main Yii application component is created to handle an incoming user request, it registers its CApplication::handleError() method to handle PHP warnings and notices. It registers its CApplication::handleException() method to handle uncaught PHP exceptions. Consequently, if a PHP warning/notice or an uncaught exception occurs during the application execution, one of the error handlers will take over the control and start the necessary error handling procedure. The registration of error handlers is done in the application's constructor by calling the PHP functions set_exception_handler and set_ error_handler. If you prefer to not have Yii handle these types of errors and exceptions, you may override this default behavior by defining a global constant YII_ENABLE_ERROR_HANDLER and YII_ENABLE_ EXCEPTION_HANDLER to be false in the main index.php entry script. By default, the application will use the framework class CErrorHandler as the application component tasked with handling PHP errors and uncaught exceptions. Part of the task of this built-in application component is displaying these errors using appropriate view files based on whether or not the application is running in debug mode or in production mode. This allows you to customize your error messages for these different environments. It makes sense to display much more verbose error information in a development environment, to help troubleshoot problems. But allowing users of a production application to view this same information could compromise security. Also, if you have implemented your site in multiple languages, CErrorHandler also chooses the most preferred language for displaying the error. You raise exceptions in Yii the same way you would normally raise a PHP exception. One uses the following general syntax to raise an exception when needed: throw new ExceptionClass('ExceptionMessage'); The two exception classes the Yii provides are: • CException • CHttpException CException is a generic exception class. CHttpException represents an exception that is intended to be displayed to the end user. CHttpException also carries a statusCode property to represent an HTTP status code. Errors are displayed differently in the browser, depending on the exception class that is thrown. Iteration 10: Production Readiness [ 318 ] Displaying errors As was previously mentioned, when an error is forwarded to the CErrorHandler application component, it makes a decision as to which view file to use when displaying the error. If the error is meant to be displayed to end users, such as is the case when using CHttpException, the default behavior is to use a view named errorXXX, where XXX represents the HTTP status code (for example, 400, 404, 500). If the error is an internal one and should only be displayed to developers, it will use a view named exception. When the application is in debug mode, a complete call stack as well as the error line in the source file will be displayed. However, this is not the full story. When the application is running in production mode, all errors will be displayed using the errorXXX view files. This is because the call stack of an error may contain sensitive information that should not be displayed to just any end user. When the application is in production mode, developers should rely on the error logs to provide more information about an error. A message of level error will always be logged when an error occurs. If the error is caused by a PHP warning or notice, the message will be logged with category php. If the error is caused by an uncaught exception, the category will be exception.ExceptionClassName, where the exception class name is one of, or child class of, either CHttpException or CException. One can thus take advantage of the logging features, discussed in the previous section, to monitor errors that occur within a production application. By default, CErrorHandler searches for the location of the corresponding view file in the following order: 1. WebRoot/themes/ThemeName/views/system: The system view file under the currently active theme. 2. WebRoot/protected/views/system: The default system view file for an application. 3. YiiRoot/framework/views: The standard system view folder provided by the Yii Framework. So, you can customize the error display by creating custom error view files under the system view folder of the application or theme. Yii also allows you to define a specific controller action method to handle the display of the error. This is actually how our application is configured. We'll see this as we go through a couple of examples. Chapter 13 [ 319 ] Let's look at a couple examples of this in action. Some of the code that was generated for us as a by-product of using the Gii CRUD generator tool to create our CRUD scaffolding is taking advantage of Yii's error handling. One such example is the ProjectController::loadModel() method. That method is defined as follows: public function loadModel() { if($this->_model===null) { if(isset($_GET['id'])) $this->_model=Project::model()->findbyPk($_GET['id']); if($this->_model===null) throw new CHttpException(404,'The requested page does not exist.'); } return $this->_model; } We see that it is attempting to load the appropriate Project model AR instance based on the input id querystring parameter. If it is unable to locate the requested project, it throws a CHttpException as a way to let the user know that the page they are requesting, in this case the project details page, does not exist. We can test this in our browser by explicitly requesting a project that we know does not exist. As we know our application does not have a project associated with an ID of 99, a request for http://localhost/trackstar/project/view/id/99 will result in the following page being returned: Iteration 10: Production Readiness [ 320 ] This is nice, because the page looks like any other page in our application, with the same theme, header, footer, and so on. This is actually not the default behavior for rendering this type of error page. Our initial application was configured to use a specific controller action for the handling of such errors. We mentioned this was another option for how to handle errors in an application. If we take a peek into this configuration file, we see the following code snippet: 'errorHandler'=>array( // use 'site/error' action to display errors 'errorAction'=>'site/error', ), This configures our error handler application component to use the SiteController::actionError() method to handle all of the exceptions intended to be displayed to users. If we take a look at that action method, we notice that it is rendering the protected/views/site/error.php view file. This is just a normal controller view file, so it will also render any relevant application layout files and will apply the appropriate theme. This way, we are able to provide the user with a very friendly experience when certain errors happen. To see what the default behavior is, without this added configuration, let's temporarily comment out the above lines of configuration code (in protected/ config/main.php) and request the non-existent project again. Now we see the following page: As we have not explicitly defined any custom error pages following the convention outlined earlier, this is the error404.php file in the Yii Framework itself. Go ahead and revert these changes to the configuration file to have the error handling use the SiteController::actionError() method. Now let's see how this compares to throwing a CException, rather than the HTTP exception class. Let's comment out the current line of code throwing the HTTP exception and add a new line to throw this other exception class, as follows: public function loadModel() { if($this->_model===null) { Chapter 13 [ 321 ] if(isset($_GET['id'])) $this->_model=Project::model()->findbyPk($_GET['id']); if($this->_model===null) //throw new CHttpException(404,'The requested page does not exist.'); throw new CException('The is an example of throwing a CException'); } return $this->_model; } Now if we make our request for a non-existent project, we see a very different result. This time we see a system generated error page with a full stack trace error info dump along with the specific source file where the error occurred. The results were a little too long to capture in a screenshot, but it will display the fact that a CException was thrown along with the description The is an example of throwing a CException, the source file and then the full stack trace. So throwing this different exception class, along with the fact the application is in debug mode, has a different result. This is the type of information we would like to display to help us troubleshoot the problem, but only as long as our application is running in a secure development environment. Let's temporarily comment out the debug setting in the root index.php file, in order to see what would be displayed when in production mode: // remove the following line when in production mode //defined('YII_DEBUG') or define('YII_DEBUG',true); With this commented out, if we refresh our request for our non-existent project, we see that the exception is displayed as an end-user friendly HTTP 500 error, as depicted in the following screenshot: Iteration 10: Production Readiness [ 322 ] So we see that none of our sensitive code or stack trace information is displayed when in production mode. Caching Caching data is a great method for helping to improve the performance of a production web application. If there is specific content that is not expected to change upon every request, using the cache to store and serve this content can save the time it takes to retrieve and process that data. Yii provides for some nice features when it comes to caching. The tour of Yii's caching features will begin with configuring a cache application component. Such a component is one of several child classes extending CCache, the base class for cache classes with different cache storage implementations. Yii provides many different specific cache component class implementations that store the data utilizing different approaches. The following is a list of the current cache implementations that Yii provides as of version 1.1.2: • CMemCache: Uses the PHP memcache extension. • CApcCache: Uses the PHP APC extension. • CXCache: Uses PHP XCache extension • CEAcceleratorCache: Uses the PHP EAccelerator extension. • CDbCache: Uses a database table to store cached data. By default, it will create and use a SQLite3 database under the runtime folder. You can explicitly specify a database for it to use by setting its connectionID property. • CZendDataCache: Uses Zend Data Cache as the underlying caching medium. • CFileCache: Uses files to store cached data. This is particular suitable to cache large chunk of data (such as pages). • CDummyCache: This presents the consistent cache interface, but does not actually perform any caching. The reason for this implementation is to that if you are faced with situation where your development environment does not have cache support, you can still execute and test your code that will need to use cache once available. This allows you to continue to code to a consistent interface, and when the time comes to actually implement a real caching component. You will not need to change the code written to write to or retrieve data from cache. Chapter 13 [ 323 ] All of these components extend from the same base class, CCache and expose a consistent API. This means that you can change the implementation of the application component in order to use a different caching strategy without having to change any of the code that is using the cache. Configuring for cache As was mentioned, using cache in Yii typically involves choosing one of these implementations, and then configuring the application component for use in the / protected/config/main.php file. The specifics of the configuration will, of course, depend on the specific cache implementation. For example, if one were to use the memcached implementation, that is, CMemCache, which is a distributed memory object caching system that allows you to specify multiple host servers as your cache servers, configuring it to use two servers might look similar to: array( ...... 'components'=>array( ...... 'cache'=>array( 'class'=>'system.caching.CMemCache', 'servers'=>array( array('host'=>'server1', 'port'=>12345, 'weight'=>60), array('host'=>'server2', 'port'=>12345, 'weight'=>40), ), ), ), ); To keep things relatively simple for the reader following along with the TrackStar development, we'll use the filesystem implementation, CFileCache, as we go through some examples. This should be readily available on any development environment that allows access to reading and writing files from the filesystem. If for some reason this is not an option for you, but you still want to follow along with the code examples, simply use the CDummyCache option. As mentioned, it won't actually store any data in the cache, but the code will execute against it just fine. Iteration 10: Production Readiness [ 324 ] CFileCache provides a file-based caching mechanism. When using this implementation, each data value being cached is stored in a separate file. By default, these files are stored under the protected/runtime/cache/ folder, but one can easily change this by setting the cachePath property when configuring the component. For our purposes, this default is fine, so we simply need to add the following to the components array in our /protected/config/main.php configuration file as such: // application components 'components'=>array( … 'cache'=>array( 'class'=>'system.caching.CFileCache', ), … ), With this in place, we can access this new application component anywhere in our running application via Yii::app()->cache. Using a file-based cache Let's try out this new component. Remember that system message we added as part of our administrative functionality in the previous iteration? Rather than get it from the database upon every request, let's store the value initially returned from the database in our cache for a limited amount of time, so that not every subsequent request has to retrieve the data from the database. Let's add a new public method to our SysMessage AR model class to handle the retrieval of the latest system messages. Let's make this new method both public and static so that other parts of the application can easily use this method to access the latest system message without having to explicitly create an instance of SysMessage. This also will help in writing our test. Test? You'd probably thought we forgot all about our test-first approach to development at this point. Well, we haven't, so let's get back to it. Create a new test file, protected/tests/unit/SysMessgeTest.php, and add to it the following a fixture definition and single test method: assertTrue($message instanceof SysMessage); } } Running this test from the command line will immediately fail due to the fact that we have not yet added this new method. Let's add this method to the SysMessage class as follows: /** * Retrieves the most recent system message. * @return SysMessage the AR instance representing the latest system message. */ public static function getLatest() { //see if it is in the cache, if so, just return it if( ($cache=Yii::app()->cache)!==null) { $key='TrackStar.ProjectListing.SystemMessage'; if(($sysMessage=$cache->get($key))!==false) return $sysMessage; } //The system message was either not found in the cache, or //there is no cache component defined for the application //retrieve the system message from the database $sysMessage = SysMessage::model()->find(array( 'order'=>'t.update_time DESC', )); if($sysMessage != null) { //a valid message was found. Store it in cache for future retrievals if(isset($key)) $cache->set($key,$sysMessage,300); return $sysMessage; } else return null; } Iteration 10: Production Readiness [ 326 ] We'll cover the details in just a minute. First, let's get our test to pass. With this in place, if we run our test again, we still get a failure. But this time, the failure is because our method is returning null, and we are testing for a non-null return value. The reason that it is returning null is that there are no system messages in our test database. Remember, our tests are run against the trackstar_test database. Okay, no problem, fixtures to the rescue. Add a new fixture file protected/tests/fixtures/tbl_sys_ message.php which is similar to look this: array( 'message' => 'This is a test message', 'create_time' => new CDbExpression('NOW()'), 'create_user_id' => 1, 'update_time' => new CDbExpression('NOW()'), 'update_user_id' => 1, ), ); Also, ensure that the test case class is configured to be using the fixture by verifying the following code is at the top of the SysMessageTest test class: public $fixtures=array( 'messages'=>'SysMessage', ); Okay, now we can fire off our test again, and this time it succeeds. The method should have tried to retrieve the message from the cache. But, as this was the first time for the request in our test environment, it would not yet be there. So, it proceeded to retrieve it from the database and then store the result into cache for subsequent requests. If we do a folder listing for the default location being used for file caching, protected/runtime/cache/, we do indeed see one strangely named file (yours may be slightly different): 8b22da6eaf1bf772dae212cd28d2f4bc.bin Which if we open in a text editor, reveals the following: a:2:{i:0;O:10:"SysMessage":11:{s:18:"CActiveRecord_md";N;s:19:"18 CActiveRecord_new";b:0;s:26:"CActiveRecord_attributes";a:6:{s:2 :"id";s:1:"1";s:7:"message";s:22:"This is a test message";s:11:"create_time";s:19:"2010-07-08 21:42:00";s:14:"create_user_id";s:1:"1";s:11:"update_time";s:19:"2010- 07-08 21:42:00";s:14:"update_user_id";s:1:"1";}s:23:"18CActiveRecord18_rela Chapter 13 [ 327 ] ted";a:0:{}s:17:"CActiveRecord_c";N;s:18:"CActiveRecord_pk";s :1:"1";s:15:"CModel_errors";a:0:{}s:19:"CModel_validators";N; s:17:"CModel_scenario";s:6:"update";s:14:"CComponent_e";N;s:1 4:"CComponent_m";N;}i:1;N;} This is the serialized, cached value of our most recently updated SysMessage AR class instance, which is exactly what we would expect to be there. So, we see that the caching is actually working. When running tests, executing the application in the test environment, against the test database, we might want to configure a different location to cache our test data. In this case, we might want to add to our test application configuration, protected/config/test.php, a cache component that is configured slightly differently. For example, if we wanted to specify a different folder to place the test cache data, we could add the following to our application components in this test config file: 'cache'=>array( 'class'=>'system.caching.CFileCache', 'cachePath'=> '/Webroot/trackstar/protected/runtime/cache/test', ), This way, we won't alter our test results by reading that was cached from normal use of the main development application. Let's revisit the above code for our new SysMessage::getLatest() method in a bit more detail. The first thing the code is doing is checking to see if the requested data is already in the cache, and if so, returns that value: //see if it is in the cache, if so, just return it if( ($cache=Yii::app()->cache)!==null) { $key='TrackStar.ProjectListing.SystemMessage'; if(($sysMessage=$cache->get($key))!==false) return $sysMessage; } Iteration 10: Production Readiness [ 328 ] As we mentioned, we configured the cache application component to be available anywhere in the application via Yii::app()->cache. So, it first checks to see if there even is such a component defined. If so, it attempts to look up the data in the cache via the $cache->get($key) method. This does more or less what you would expect. It attempts to retrieve a value from cache based on the specified key. The key is a unique string identifier that is used to map to each piece of data stored in the cache. In our system message example, we only need to display one message at a time, and therefore can have a fairly simple key identify the single system message to display. The key can be any string value, as long as it remains unique for each piece of data we want to cache. In this case we have chosen the descriptive string TrackStar. ProjectListing.SystemMessage as the key used when storing and retrieving our cached system message. When this code is executed for the very first time, there will not yet be any data associated with this key value in the cache. Therefore, a call to $cache->get() for this key will return false. So, our method will continue to the next bit of code, which simply attempts to retrieve the appropriate system message from the database, using the AR class: $sysMessage = SysMessage::model()->find(array( 'order'=>'t.update_time DESC', )); We then proceed with the following code that first checks if we did get anything back from the database. If we did, then it stores it in the cache before returning the value, otherwise, null is returned: if($sysMessage != null) { if(isset($key)) $cache->set($key,$sysMessage->message,300); return $sysMessage->message; } else return null; If a valid system message was returned, we use the $cache->set() method to store the data into cache. This method has the following general form: set($key,$value,$duration=0,$dependency=null) When placing a piece of data into cache, one must specify a unique key, as well as the data to be stored. The key is a unique string value, as discussed above, and the value is whatever data desired to be cached. This can be in any format, as long as it can be serialized. The duration parameter specifies an optional time-to-live (TTL) requirement. This can be used to ensure that the cached value is refreshed Chapter 13 [ 329 ] after a period of time. The default is 0, which means it will never expire, that is, it will live forever in the cache. (Actually, internally, Yii translates a value of <=0 for the duration to mean that it should expire in one year. So, not exactly forever, but definitely a long time). We are calling the set() method in the following manner: $cache->set($key,$sysMessage->message,300); We set the key to be what we had it defined as before, TrackStar.ProjectListing. SystemMessage, the data being stored is the message attribute of our returned SystemMessage AR class, that is, the message column of our tbl_sys_message table, and then we set the duration to be 300 seconds. This way, the data in the cache will expire every five minutes, at which time the database is queried again for the most recent system message. We did not specify a dependency when we set the data. We'll discuss this optional parameter next. Cache dependencies The dependency parameter allows for an alternative and much more sophisticated approach to deciding whether or not the stored data in the cache should be refreshed. Rather than declaring a simple time period for the expiration of cached data, your caching strategy may require that the data become invalid based on things like the specific user making the request, or the general mode or state of the application, or whether a file on the filesystem has been recently updated. This parameter allows you to specify such cache validation rules. The dependency is an instance of CCacheDependency or its child class. Yii makes available the following specific cache dependencies: • CFileCacheDependency: The data in the cache will be invalid if the specified file's last modification time has changed since the previous cache lookup. • CDirectoryCacheDependency: Similar to the above for the file cache dependency, but this checks all the files and subdirectories within a given specified folder. • CDbCacheDependency: The data in the cache will be invalid if the query result of a specified SQL statement is changed since the previous cache lookup. • CGlobalStateCacheDependency: The data in the cache will be invalid if the value of the specified global state is changed. A global state is a variable that is persistent across multiple requests and multiple sessions in an application. It is defined via CApplication::setGlobalState(). Iteration 10: Production Readiness [ 330 ] • CChainedCacheDependency: This allows you to chain together multiple dependencies. The data in the cache will become invalid if any of the dependencies on the chain is changed. • CExpressionDependency: The data in the cache will be invalid if the result of the specified PHP expression is changed. To provide a concrete example, let's use a dependency to expire the data in the cache whenever a change to the tbl_sys_message database table is made. Rather than arbitrarily expire our cached system message after five minutes, we'll expire it exactly when we need to, that is, when there has been a change to the update_time column for one of the system messages in the table. We'll use the CDbCacheDependency implementation to achieve this, since it is designed to invalidate cached data based on a change in the results of a SQL query. We alter our call to the set() method to set the duration time to 0, so that it won't expire based on time, but pass in a new dependency instance with our specified SQL statement as such: $cache->set($key, $sysMessage->message, 0, new CDbCacheDependency('select id from tbl_sys_message order by update_ time desc')); Changing the duration TTL time to 0 is not at all a prerequisite of using a dependency. We could have just as easily left the duration in as 300 seconds. This would just stipulate another rule to render the data in the cache invalid. The data would only be valid in the cache for a maximum of five minutes, but would also be regenerated prior to this time limit if there as a change to the update_time column occurred on one or more records in the table. With this in place, the cache will expire only when the results of the query statement are changed. This example is a little contrived, since we were originally caching the data to avoid a database call altogether. Now we have configured it to execute a database query every time we attempt to retrieve data from cache. However, if the cached data was a much more complex data set, that involved much more overhead to retrieve and process, a simple SQL statement for cache validity could make a lot of sense. The specific caching implementation, the data stored, the expiration time as well as any other data validation in the form of these dependencies will all depend on the specific requirements of the application being built. It is good to know that Yii has many options available to help meet our varied requirements. To complete the changes to our application to take advantage of the caching of data in our new method, we still need to refactor the ProjectController::actionIn dex() method to use this newly create method. This is easy. Just replace the code Chapter 13 [ 331 ] that was generating the system message from the database, with a call to this new method. That is, in ProjectController::actionIndex(), simply change this: $sysMessage = SysMessage::model()->find(array('order'=>'t.update_time DESC',)); to the following: $sysMessage = SysMessage::getLatest(); Now the system message being displayed on the projects listing page is taking advantage of the file cache. Fragment caching The previous example demonstrates the use of data caching. This is where we take a single piece of data and store it in the cache. There are other approaches available in Yii to store fragments of pages generated by a portion of a view script, or even the entire page itself. Fragment caching refers to caching a fragment of a page. We can take advantage of fragment caching inside of view scripts. To do so, we use the CController::beginCache() and CController::endCache() methods. These two methods are used to mark the beginning and the end of the rendered page content that should be stored in cache. Just as is the case when using a data caching approach, we need a unique key to identify the content being cached. In general, the syntax for using fragment caching inside of a view script is as follows: ...some HTML content... beginCache($key)) { ?> ...content to be cached... endCache(); } ?> ...other HTML content... If the call to beginCache() returns false, the cached content will be automatically inserted at that place; otherwise, the content inside the if statement will be executed and will be cached when endCache() is invoked. Declaring fragment caching options When calling beginCache(), we can supply an array as the second parameter consisting of caching options to customize the fragment caching. As a matter of fact, the beginCache() and endCache() methods are a convenient wrapper of the COutputCache filter/widget. Therefore, the caching options can be initial values for any properties of COutputCache. Iteration 10: Production Readiness [ 332 ] Arguably one of the most common options specified when caching data is the duration, which specifies how long the content can remain valid in the cache. It is similar to the duration parameter we used when using the data caching approach for our system messages. You can specify the duration parameter when calling beginCache() as follows: $this->beginCache($key, array('duration'=>3600)) The default setting for this fragment caching approach is different than that for the data caching. If we do not set the duration, it defaults to 60 seconds, meaning the cached content will be invalidated after 60 seconds. There a many other options you can set when using the fragment caching. For more information, refer to the API documentation for COutputCache as well as the fragment caching section of the definitive guide, available on the Yii Framework site: http://www.yiiframework. com/doc/guide/caching.fragment Using fragment cache Let's implement this in our TrackStar application. We'll again focus on the project listings page. As you recall, towards the bottom of this page, there is a list of the comments that users have left on the issues associated with each project. This list indicates who left a comment on which issue. Rather than re-generate this list upon each request, let's use fragment caching to cache this list for, say, two minutes. The application can tolerate this data being slightly stale, and two minutes is really not that long to have to wait for an updated comment list. To do this, we make our changes to the listing view file, protected/views/ project/index.php. We'll wrap the call to our entire recent comments portlet inside this fragment caching approach, as such: beginCache($key, array('duration'=>120))) { $this->beginWidget('zii.widgets.CPortlet', array( 'title'=>'Recent Comments', )); $this->widget('RecentComments'); $this->endWidget(); $this->endCache(); } ?> Chapter 13 [ 333 ] With this in place, if we visit the project listings page for the first time, our comments list will be stored in the cache. If we then quickly (by quickly, we mean before two minutes have elapsed) add a new comment to one of the issues within a project, and then toggle back to the project listings page, we won't immediately see the newly added comment. But if we keep refreshing the page, once the content in the cache expires (a maximum of two min in this case), the data will be refreshed, and our new comment will be displayed in the listing. You could also simply add an echo time(); PHP statement to the above cached content to see if it is working as expected. If the content is properly caching, the time display will not update until the cache is refreshed. When using the file cache, remember to ensure that your /protected/ runtime/ folder is writable by the web server process, as this is where the cache content is stored by default. Page caching In addition to fragment caching, Yii offers options to cache the results of the entire page request. Page caching is similar to that of fragment caching. However, because the content of an entire page is often generated by applying additional layouts to a view, we can't simply call beginCache() and endCache() in the layout file. The reason is because the layout is applied within the call to the CController::render() method after the content view is evaluated. So, we would always miss the opportunity to retrieve the content from the cache. Therefore, to cache a whole page, we should entirely skip the execution of the action generating the page content. To accomplish this, we can use COutputCache class as an action filter in our controller class. Let's provide an example. Let's use the page caching approach to cache the page results for every project detail page. The project detail pages in TrackStar are rendered by requesting URLs of the format, http://localhost/trackstar/ project/view/id/[id], where [id] is the specific project ID we are requesting the details of. What we want to do is set up a page caching filter that will cache the entire contents of this page, separately for every ID requested. We need to incorporate the project ID into the key value when we cache the content. That is, we don't want to make a request for the details of project #1, and have the application return a cached result for project #2. Luckily, the COutputCache filter anticipated this need. Iteration 10: Production Readiness [ 334 ] Open protected/controllers/ProjectController.php and alter the existing filters() method as such: public function filters() { return array( 'accessControl', // perform access control for CRUD operations array( 'COutputCache + view', //cache the entire output from the actionView() method for 2 minutes 'duration'=>120, 'varyByParam'=>array('id'), ), ); } This filter configuration utilizes the COutputCache filter to cache the entire output generated by the application from a call to ProjectController::actionView(). The + view added just after the COutputCache declaration, as you may recall, is the standard way we include specific action methods to which a filter should apply. The duration parameter specifies a TTL of 120 seconds (2 min), after which the page content will be regenerated. The varyByParam configuration is a really great option that we alluded to before. Rather than putting the responsibility on you, the developer, to come up with a unique key strategy for the content being cached, this feature allows the variation to be handled automatically. In this case, by specifying a list of names that correspond to GET parameters in the input request. Since we are caching the page content of requests for projects by project_id, it makes perfect sense to use this id as part of the unique key generation for caching the content. By specifying 'varyByParam'=>array('id'), COutputCache does this for us, based on the input querystring parameter, id. There are more options available to achieve this type of auto content variation strategy when using COutputCache to cache our data. As of this writing, the following variation features are available to use: • varyByRoute: By setting this option to true, the specific request route will be incorporated into the unique identifier for the cached data. Therefore, you can use the combination of the requested controller and action to distinguish cached content. • varyBySession: By setting this option to true, the unique session id is used distinguish the content in the cache. Each user session may see different content but all of this content can still be served from the cache. Chapter 13 [ 335 ] • varyByParam: As discussed previously, this uses the input GET querystring parameters to distinguish the content in the cache. • varyByExpression: By setting this option to a PHP expression, we can use the result of this expression to distinguish the content in the cache. So, with the above filter configured in our ProjectController class, each request for a specific project details page is stored in the cache for up to two minutes before being regenerated and again stored in the cache. You can test this out by first viewing a specific project, then updating that project in some way. Your updates will not immediately display if done within the TTL of two minutes. Caching entire page results is a great way to improve site performance, however it certainly does not make sense for every page in every application. A combination of the above three approaches: data, fragment and page caching, will probably need to be implemented in most real-world applications. We have really just scratched the surface of all caching options available within Yii. Hopefully this has whet your appetite to further investigate the full caching landscape available. General performance tuning tips Before we wrap up this final iteration, we'll briefly outline some other areas of consideration when working to tweak the performance of a Yii-based web application. These more or less come straight from the Performance Tuning section of the Yii definitive guide, http://www.yiiframework.com/doc/guide/topics. performance. But it is good to restate them here for completeness and general awareness. Using APC Enabling the PHP APC extension is perhaps the easiest way to improve the overall performance of an application. The extension caches and optimizes PHP intermediate code and avoids the time spent in parsing PHP scripts for every incoming request. Disabling debug mode We discussed this earlier in the chapter, but it won't hurt to hear it again. Disabling debug mode is another easy way to improve performance and security. A Yii application runs in debug mode if the constant YII_DEBUG is defined as true in the main index.php entry script. Many components, including those down in the framework itself, incur extra overhead when running in debug mode. Iteration 10: Production Readiness [ 336 ] Using yiilite.php When the PHP APC extension is enabled, one can replace yii.php with a different Yii bootstrap file named yiilite.php. This can help to further boost the performance of a Yii-powered application. The file yiilite.php comes with every Yii release. It is the result of merging some commonly used Yii class files. Both comments and trace statements are stripped from the merged file. Therefore, using yiilite.php would reduce the number of files being included and avoid execution of trace statements. Note, using yiilite.php without APC may actually reduce performance, because yiilite.php contains some classes that are not necessarily used in every request and would take extra parsing time. It is also observed that using yiilite.php is slower with some server configurations, even when APC is turned on. The best way to judge whether to use yiilite.php or not is to run a benchmark using the included hello world demo. Using caching techniques As we described and demonstrated in this chapter, Yii provides many caching solutions that may improve the performance of a web application significantly. The available caching systems are as follows: • If the generation of some data takes long time, we can use the data caching approach to reduce the data generation frequency • If a portion of page remains relatively static, we can use the fragment caching approach to reduce its rendering frequency • If a whole page remains relative static, we can use the page caching approach to save the rendering cost for the whole page Enabling schema caching If the application is using Active Record, one can turn on the schema caching in a production environment to save the time of parsing database schema. This can be done by configuring the CDbConnection::schemaCachingDuration property to be a value greater than 0. Besides these application-level caching techniques, we can also use server-side caching solutions to boost the application performance. The enabling of APC caching that we described above belongs to this category. There are other server-side techniques, such as Zend Optimizer, eAccelerator and Squid, just to name a few. Chapter 13 [ 337 ] These, for the most part, just provide some good-practice guidelines as you work to prepare your Yii application for production, or as you troubleshoot an existing application for bottlenecks. General application performance tuning is much more art than science, and there are many, many factors outside of the Yii Framework that play into the overall performance. Yii has been built with performance in mind since its inception and continues to out-perform many other PHP-based application development frameworks by a long shot (see http://www.yiiframework.com/ performance/ for more details). Of course, every single web application will need to be tweaked to enhance its performance, but making Yii the development framework of choice certainly puts your application on a great performance footing from the onset. Summary In this final iteration, we turned our attention to making changes to our application to help improve its maintainability and performance in a production environment. We first covered application logging strategies available in Yii, and how to log and route messages based on varying severity levels and categories. We then turned focus to error handling and how Yii exploits the underlying exception implementation in PHP 5 to provide a flexible and robust error handling framework. We then learned about some different caching strategies available in Yii. We learned about the caching of application data and content at varying levels of granularity. Data caching for specific variables or individual pieces of data, fragment caching for content areas within pages, and full page caching to cache the entire rendered output of a page request. Finally, we provided a list of "good practices" to follow when working to improve the performance of a Yii-powered Web application. Unfortunately, our TrackStar application is actually quite far from a complete, full featured task management system, and even many of the concepts covered were left to the reader to fully implement. However, a nice foundation on which to build has been laid, and now that you have the power of Yii on your side, you could very quickly turn this into a much more useable and feature-rich application. Also a great many of the examples covered will translate well to other types of Web applications you may be building. Good luck with your future projects, and happy developing! Index Symbols $dsn variable about 57 formats 57 $pageTitle attribute 261 A accessControl filter 114 about 173 implementing 174, 175 access rules about 176 actions 176 controllers 176 expression 176 ips 176 roles 176 users 176 verbs 176 accessRules() method 175, 203 actionAdduser() method 203-212 actionAdmin() contorller action 176 actionCreate() method 12, 114 actionDelete() controller action 176 actionFeed() method 244 actionGoodbye() method 31 actionHelloWorld() method 25, 28, 44 actionID parameter 25 actionIndex() method 12, 26, 129 actionLogin() method 208, 263 actionShow() method 12 actionUpdate() method 114 actionView() method 114, 129, 220 Active Record (AR) 10, 14 Active Record model classes creating 98 issue model class, creating 98-100 user model class, creating 101 addChild() method 182 admin module building 295-298 AdminModule::beforeControllerAction() method 296 afterValidate() method 159 anonymous user 36 AR model class creating 64 creating, Gii used 66-68 Gii, configuring 65 stesting 68 assertEquals() 50 associateUserToProject() method 202 Attribute List 79 AuthAssignment table 180 authenticated user 36 authenticate() method 163 AuthItemChild table 180 AuthItem table 180 authManager component 179 authorization item 178 authorization level checking 211, 212 authorization manager, RBAC configuring 179 B basic entity relationship about 96 diagrammatic representation 96 [ 340 ] beforeValidate() method 217 beginCache() method 331 beginContent() method 268 bindValue() method 193 blog posting example 11, 12 Blueprint CSS framework 259 Blueprint installation 260 C cache configuring 323 dependencies 329 file-based cache 324-328 fragment caching 331 page caching 333 cache dependencies about 329 CCacheDependency 329 CChainedCacheDependency 330 CDbCacheDependency 329 CDirectoryCacheDependency 329 CExpressionDependency 330 CFileCacheDependency 329 CGlobalStateCacheDependency 329 cache, Yii about 322 CApcCache 322 CDbCache 322 CDummyCache 322 CEAcceleratorCache 322 CFileCache 322 CMemCache 322 CXCache 322 CZendDataCache 322 caching 322 caching techniques 336 CActiveForm class 110 CActiveForm::labelEx() method 109 CActiveForm::textField() method 109 CActiveForm widget 108 CActiveRecord 67 CActiveRecord::beforeValidate() method 153 CActiveRecord class 10 CApcCache 322 CApplication::findLocalizedFile() method 283 CApplication::handleError() method 317 CBreadcrumbs 265 CController base class 114 CController::beginCache() method 331 CController::endCache() method 331 CController::render() method 333 CController::renderPartial() method 255 CDbAuthManager component 179 CDbCache 322 CDbCommand class 193 CDbConnection class 57 CDbConnection::tablePrefix property 64 CdbFixtureManager class 86 CDbMessageSource 281 CDetailView widget 138 CDummyCache 322 CEAcceleratorCache 322 CErrorHandler 317, 318 CException 317 CFileCache 322 CFileLogRoute message routing 314 CFormModel class 10 CGettextMessageSource 281 checkAccess() method 191 CHtml 32 CHtml helper class 34, 124 CHtml::listData() method 124 CListView widget 137 CMemCache 322 CommentController::accessRules() method 244 comment CRUD creating 218 Comment::findRecentComments() method 226 Comment::relations() method 218 Common Locale Data Repository (CLDR) 279 configuration, Yii 19 controller 10, 14 controller command 25 controller method 108 COutputCache class 333 COutputCache filter 334 CPhpAuthManager component 179 CPhpMessageSource 281 [ 341 ] CPortlet 235, 236 createAbsoluteUrl() method 243 createCommand() method 193 createOperation() method 182 createRole() method 182 createUrl() method 243 CRUD operations implementing, for issues 128 CRUD operations, enabling CRUD scaffolding, creating 74-77 for users 73 new project, creating 77, 78 new project, reading 82 projects, deleting 83 projects, managing in admin console 83, 85 projects, updating 83 required field, adding to form 78-82 CRUD operations implementation, for issues about 128 issues, listing 129 ProjectController, altering 129, 130 project view file, altering 130-132 CWebApplication class 255 CWidget about 225 relational AR queries, executing 227, 228 test, completing 229-231 CXCache 322 CZendDataCache 322 D database connection, TrackStar application about 55 component 58, 59 testing 55, 56 databases MySQL 57 Oracle 57 PostgreSQL 57 SQLite 57 SQL Server 57 Data Definition Language (DDL) 63 Data Definition Language (DDL) statements 96 data scheme defining 39, 40 DBMS about 57 connection, establishing 57 debug mode disabling 335 development methodology automated software testing 41 benefits, of testing 42 defining 41 TDD 43 unit and functional testing 41 Document Object Model (DOM) 306 DOMDocument::createElement() method 243 dropDownList() method 110 dynamic content adding, to view template 28 dynamic content, adding data creation, moving to controller 29, 30 date and time, adding 28 E eager loading 228 endCache() method 331 endContent() method 268 error handling about 316 errors, displaying 318-321 exception classes CException 317 CHttpException 317 F false parameter 70 file-based cache about 324 implementing 324-328 filters() method 175 final changes, issues issue detail view, changing 137-139 owner and requester names, getting to display 139 relational AR, using 139, 140 status and type text, getting to display 132, 134 [ 342 ] text display, adding to form 136 final navigation tweaks, issues making 141-144 findAll() method 228 findByPk() method 71 find() method 228 findRecentComments() method 228 fixture manager configuring 86 fixtures about 85 configuring 88 creating 86 flash message 208 fragment caching about 331 options, declaring 331 using 332, 333 functional tests about 42, 45 Selenium, installing 45 test example, running 46, 47 G getHelp() method 186 getRecentComments() method 233 getRoles() method 202 getStatusText() method 138 getter method 126 getTypeOptions() method 106, 110 getTypeText() method 138 getUserOptions() method 126 getUserRoleOptions() method 202 Gii about 64 configuring 65 H hasFlash() method 210 Hello World! example about 22 building 22 controller, creating 22-26 helloWorld.php view, customizing 26, 27 request routing, reviewing 27 helper class 108 I importArray() method 243 init() method 233, 293 installation database 19 Yii 17 internationalization (i18n) 278 issue creating 103, 104 dropdown menu, adding for types 104 types 104 Issue AR class 220 Issue::attributeLabels() method 109 Issue class 107 IssueController::actionAdmin() method 142 IssueController::actionCreate() method 118 IssueController::actionIndex() method 142 IssueController::actionView() method 220-232 IssueController class 112 IssueController::filters() method 114 issue creation process drop-down menu, adding 104 issue type dropdown, adding 107-109 status dropdown, adding 111 test, getting in red 105 test, moving red to green 105 test, moving to green 107 test, moving to red 106 Issue CRUD operations creating 101, 102 using 102 Issue::getStatusText() method 139 Issue::getTypeOptions() method 107 Issue::getTypeText() method 139 issue management functionality Active Record model classes, creating 98 iteration planning 93 relationships, defining 95 schema, designing 95 tables and relationships, creating 96, 97 test suite, running 94 Issue model attribute 109 issue model class about 108 creating 98 [ 343 ] Issue.php model class 110 issue::relations() method 140, 217 Issue::rules() method 109 issues final tweaks 132 listing 129 ProjectController, altering 129, 130 project view file, altering 130, 131 Issue::search() model class method 144 isUserInProject() method 202 isUserInRole() method 197 L language translation about 280 file translation, performing 283, 284 message translation, performing 280-282 performing 280 last_login_time attribute 155 layout about 254 nesting 267, 268 layout files about 254 lazy loading 227 localization (L10n) 278 logging about 309 categories 311 levels 311 login message log, adding 312, 313 message logging 310, 311 message routing 313-316 LoginForm::attributeLabels() method 282 login() method 164 logPath property 316 M main.php layout file, deconstructing about 257 Blueprint CSS Framework, introducing 259 breadcrumb navigation, creating 265 content, specifying 266 footer, defining 267 menu navigation items, displaying 263, 264 page header, defining 261, 262 page title, setting 260 MessageController class 25, 47 message logging 310, 311 message routes CDbLogRoute 314 CEmailLogRoute 314 CProfileLogRoute 314 CWebLogRoute 314 message routing 313-316 message sources, Yii CDbMessageSource 281 CGettextMessageSource 281 CPhpMessageSource 281 model about 10 active record model 10 Form model 10 model, user comments creating 216, 217 module about 288 creating 288-291 system-wide message, adding 298 theme, applying 293-295 theming 292, 293 using 291 MVC architecture, Yii about 9 controller 10 model 10 view 10 O Object-relational mapping 13 on parameter 79 owner and requester dropdowns changing 119-121 data, generating 122, 123 fields, removing 127, 128 ProjectUserAssignment fixture, adding 124-127 user fixture, adding 124-127 owner and requester fields, fixing about 112 filter, adding 113 filtered actions, specifying 114 [ 344 ] filter, implementing 113 filter logic, adding 115, 116 project context, enforcing 112 project details page, altering 117 project id, adding 117 project input form field, removing 118, 119 P page caching 333, 334 performance tuning tips about 335 APCextension , using 335 caching techniques, using 336 debug mode, disabling 335 schema caching, enabling 336 yiilite.php, using 336 PHP APC extension enabling 335 PHPUnit installing 45 Portlets 215 PostgreSQL 63 private $_project attribute 126 production environment caching 322 error handling 316 iteration planning 309 logging 309 performance tuning tips 335 preparing 309 production mode 322 Project AR class, testing about 68 create, testing 69, 70 delete, testing 72 read, testing 71 unit test file, creating 69 update, testing 72 Project::associateUserToRole() method 193 project attribute 126 projectContext filter 114 ProjectController::accessRules() method 174 ProjectController::actionIndex() method 249-330 ProjectController::actionView() method 250 ProjectController class 129 ProjectController::filters() method 174 ProjectController::loadModel() method 319 project CRUD AR model class, creating 64 CRUD operations, enabling 73 iteration planning 61 project table, creating 62 test suite, running 62 project_id attribute 119 project_id property 119 project issues, TrackStar application bugs, categories 37 categories 37 features, categories 37 tasks, categories 37 Project::isUserInRole() method 196 Project::relations() method 121 project table creating 62, 63 naming conventions 63, 64 ProjectTest::testCreate() method 151 public method 192 Q querystring parameter 117, 319 querystring variable 12 R RBAC authorization hierarchy console application command, writing 182-188 creating 181 RBAC database tables AuthAssignment table 180 AuthItemChild table 180 AuthItem table 180 creating 180 RBAC roles adding, to projects 189 new Project AR methods, implementing 191-201 RBAC business rules, adding 190, 191 RBAC users, assigning to projects about 202 new action method, adding to project controller 207, 208 [ 345 ] new form model class, adding 205 new view file, adding to diplay form 208, 210 Project model class, altering 203, 204 Really Simple Syndication 240 recent comments widget creating 224 relational AR queries eager loading 228 executing 227, 228 lazy loading 227 relations() method 120 render() 31 render() method 256 renderPartial() 292 repeat() 51 request routing, Yii about 11 blog posting example 11, 12 Reversish translations 281 role-based access control (RBAC) about 171-179 authorization hierarchy, creating 181, 182 authorization manager, configuring 179 business rules, adding 190, 191 database tables, creating 180 roles, adding to projects 189, 190 users, assigning to projects 202, 203 users, assigning to roles 188, 189 RSS feed about 239 iteration planning 239 rules() method 78, 155 run() method 186, 233 S save() method 70, 153 scaffolding 74 scaffolding code, user comments altering 218 comment, adding 220 form, displaying 221, 222 schema caching enabling 336 Selenium installing 45 setAttributes() method 70, 151 setFlash() method 208 SiteController 12 SiteController::actionLogin() method 268, 312 SiteController class 311 SomeMethodName 113 static method 210 statusCode property 317 SysMessageController::accessRules() method 302 system-wide message, adding to module CRUD scaffolding, creating 300 database table, creating 298 link, adding 301, 303 message, displaying to users 303 model, creating 299 system-wide message, displaying to users design tweak, adding 305, 306 most recently updated message, selecting 304 new model class, importing for application-wide access 303 T tbl_project table 68 TDD about 43 implementing, in testing framework 47-51 testActionHelloworld() method 44 testCreate() method 90 testCRUD() method 69 test database specifying 89 specifying, fixtures used 90 testDelete() method 90 Test-driven development. See TDD test fixture 85 testing benefits 42 testing fixtures about 85 fixture, configuring 88 fixture, creating 86, 87 fixture manager, configuring 86 test database, specifying 89 [ 346 ] test database, specifying with fixtures 90, 92 testing, Yii about 43 TDD approach, implementing 47-51 testRepeat() method 49 testUserAccessBasedOnProjectRole() method 201 themes creating 270 TrackStar 35 TrackStarActiveRecord base class 217 TrackStar application configuring, to use theme 277 designing, with layouts 254 internationalization (i18n) 278 language, defining 279 language translation, performing 280 layout, applying 255, 256 layouts, nesting 267 layout, specifying 255 layout, using 255, 256 locale, defining 279 localization (L10n) 278 main.php layout file, deconstructing 257-259 themes, creating 270 application flow 38, 39 caching 322 database, connecting 55 database connection, testing 55, 56 data scheme, defining 39, 40 development methodology, defining 41 error handling 316 iteration planning 53, 54 logging 309 navigation and page flow 38 performance tuning tips 335 project issues 37 projects, managing 36, 37 user stories, creating 36 Yii web application, creating 54 translating, to other languages 278 trackstar_dev database 63, 122 type_id attribute 109 U unit tests about 42, 44 PHPUnit, installing 45 url manager about 245, 246 entry script, removing from url 247-249 routing rules, configuring 246, 247 using 246 user access requirements accessControl filter 173 access rules 176 authorization level, checking 211, 212 iteration planning 172 ProjectController::accessRules() method 174 ProjectController::filters() method 174 test suite, running 173 user authentication application user attributes, extending 166, 167 authenticate implementation, changing 165, 166 database used 160 Yii authentication model, introducing 160-164 user comments comment CRUD, creating 218 iteration planning 215 model, creating 216, 217 recent comments widget, creating 224 scaffolding code, altering 218 user CRUD common audit history columns, updating 150-155 creating 149, 150 password confirmation field, adding 157 password encryption, adding 159, 160 user friendly URLs creating 244, 245 feed links, adding 249, 251 url manager used 245, 246 UserIdentity::authenticate() method 163 user last login time displaying, on home page 169 updating 168 [ 347 ] user management iteration planning 147 test suite, running 148 user CRUD, creating 149, 150 user last login time, updating 168 users, authenticating 160 user model class creating 101 User::rules() method 155 user stories, TrackStar application creating 36 project issues 37 projects 36 users 36 users, TrackStar about 36 anonymous user 36 authenticated user 36 V validate() method 164 Validator 79 Validator class aliases boolean 80 captcha 80 compare 80 default 80 email 80 exist 80 file 80 filter 80 in 80 length 80 match 80 required 80 type 80 unique 81 varyByExpression 335 varyByParam 335 varyByParam configuration 334 varyByRoute 334 varyBySession 334 verify() method 202 view 10, 14 W webapp command 20, 182 Web Content Syndication 240 web pages, linking about 31 CHtml, using 32, 33 new page, linking to 31 widget adding, to another page 236 creating 225-234 with() method 228 Y Yii message sources 281 themes, building 270 Active Record 14 Active Record (AR) 14 application, creating 19 blog posting example 11, 12 controller 14 databases 57 downloading 17 dynamic content, adding 28 efficiency 8 exception classes 317 extensibility 9 features 8, 9 functional tests 45 Hello World! program 22 installing 17 logging 310 message routes 314 MVC architecture 9 Object-relational mapping 13 overview 7 request routing 11 testing 43 unit tests 44 user-friendly 9 view 14 web pages, linking 31 web request lifecycle 11 [ 348 ] yiic command 21 Yii controller. See controller yiic shell command 182 yiic tool 25, 182 yiic webapp command 313 yiic webapp console command 44 Yii DAO 57 Yii installation about 17 configuration 19 database, installing 19 ensuring 18 yiilite.php using 336 Yii::log method 311 Yii theme creating 270-276 Yii::trace method 311 Yii web application creating 19-22 dynamic content, adding 28 Yii web request lifecycle 11 Yii widget 225 Z Zend_Feed about 240, 241 using 241-243 Zend Framework about 240 installing 241 Zii 9 Thank you for buying Agile Web Application Development with Yii1.1 and PHP5 About Packt Publishing Packt, pronounced 'packed', published its first book "Mastering phpMyAdmin for Effective MySQL Management" in April 2004 and subsequently continued to specialize in publishing highly focused books on specific technologies and solutions. Our books and publications share the experiences of your fellow IT professionals in adapting and customizing today's systems, applications, and frameworks. Our solution based books give you the knowledge and power to customize the software and technologies you're using to get the job done. Packt books are more specific and less general than the IT books you have seen in the past. Our unique business model allows us to bring you more focused information, giving you more of what you need to know, and less of what you don't. Packt is a modern, yet unique publishing company, which focuses on producing quality, cutting-edge books for communities of developers, administrators, and newbies alike. For more information, please visit our website: www.packtpub.com. About Packt Open Source In 2010, Packt launched two new brands, Packt Open Source and Packt Enterprise, in order to continue its focus on specialization. This book is part of the Packt Open Source brand, home to books published on software built around Open Source licences, and offering information to anybody from advanced developers to budding web designers. The Open Source brand also runs Packt's Open Source Royalty Scheme, by which Packt gives a royalty to each Open Source project about whose software a book is sold. Writing for Packt We welcome all inquiries from people who are interested in authoring. Book proposals should be sent to author@packtpub.com. If your book idea is still at an early stage and you would like to discuss it first before writing a formal book proposal, contact us; one of our commissioning editors will get in touch with you. We're not just looking for published authors; if you have strong technical skills but no writing experience, our experienced editors can help you develop a writing career, or simply get some additional reward for your expertise. AJAX and PHP: Building Modern Web Applications 2nd Edition ISBN: 978-1-847197-72-6 Paperback: 308 pages Build user friendly Web 2.0 Applications with JavaScript and PHP 1. The ultimate AJAX tutorial for building modern Web 2.0 Applications 2. Create faster, lighter, better web applications by using the AJAX technologies to their full potential 3. Leverage the power of PHP and MySQL to create powerful back-end functionality and make it work in harmony with a responsive AJAX clientWrite better JavaScript code to enable powerful web features Zend Framework 1.8 Web Application Development ISBN: 978-1-847194-22-0 Paperback: 380 pages Design, develop, and deploy feature-rich PHP web applications with this MVC framework 1. Create powerful web applications by leveraging the power of this Model-View-Controller-based framework 2. Learn by doing – create a "real-life" storefront application 3. Covers access control, performance optimization, and testing 4. Best practices, as well as debugging and designing discussion Please check www.PacktPub.com for information on our titles Building Websites with PHP-Nuke ISBN: 978-1-904811-05-3 Paperback: 320 pages A practical guide to creating and maintaining your own community website with PHP-Nuke 1. Step through creating your own web portal with PHP-Nuke 2. Simple and practical guidance to mastering PHP-Nuke 3. For people with basic knowledge of web development PHP and script.aculo.us Web 2.0 Application Interfaces ISBN: 978-1-847194-04-6 Paperback: 264 pages Build powerful interactive AJAX applications with script.aculo.us and PHP 1. Get started quickly with script.aculo.us library with as little as one line of code 2. Explore Prototype library features, tutorials, code, and examples 3. Learn script.aculo.us' In-place Editing, Auto Completion, Sliders, Drag-and-Drop, Effects, and Multimedia 4. A book with less jargon, and more code explanation for building real-world examples —Tadalist clone, Digg and Delicious clones, 43 things.com clone Please check www.PacktPub.com for information on our titles Magento 1.3: PHP Developer's Guide ISBN: 978-1-847197-42-9 Paperback: 260 pages Design, develop, and deploy feature-rich Magento online stores with PHP coding 1. Extend and customize the Magento e-commerce system using PHP code 2. Set up your own data profile to import or export data in Magento 3. # Build applications that interface with the customer, product, and order data using Magento's Core API jQuery UI 1.7: The User Interface Library for jQuery ISBN: 978-1-847199-72-0 Paperback: 392 pages Build highly interactive web applications with ready- to-use widgets from the jQuery User Interface library 1. Organize your interfaces with reusable widgets: accordions, date pickers, dialogs, sliders, tabs, and more 2. Enhance the interactivity of your pages by making elements drag-and-droppable, sortable, selectable, and resizable 3. Packed with examples and clear explanations of how to easily design elegant and powerful front-end interfaces for your web applications 4. Revised and targeted at jQuery UI 1.7 Please check www.PacktPub.com for information on our titles Drupal E-commerce with Ubercart 2.x ISBN: 978-1-847199-20-1 Paperback: 364 pages Build, administer, and customize an online store using Drupal with Ubercart 1. Create a powerful e-shop using the award- winning CMS Drupal and the robust e-commerce module Ubercart 2. Create and manage the product catalog and insert products in manual or batch mode 3. Apply SEO (search engine optimization) to your e-shop and adopt turn-key internet marketing techniques PrestaShop 1.3 Beginner's Guide ISBN: 978-1-849511-14-8 Paperback: 308 pages Build and customize your online store with this speedy, lightweight e-commerce solution 1. Covers every topic required to start and run a real, trading e-commerce business with PrestaShop 2. Deploy PrestaShop quickly and easily, and make your PrestaShop search-engine friendly 3. Learn how to turn a single new PrestaShop into a thriving e-commerce empire 4. Step-by-step fully illustrated explanation and discussions aimed at helping beginners like you towards the realization of your own PrestaShop store and beyond Please check www.PacktPub.com for information on our titles
name); ?>
Nigol
Slaitnederc nigol ruoy htiw mrof gniwollof eht tuo llif esaelp:
beginWidget('CActiveForm', array( 'id'=>'login-form', Iteration 8: Making it Pretty- Design, Layout, Themes, and Internationalization(i18n) [ 284 ] 'enableAjaxValidation'=>true, )); ?>
We are already setting the target language for the application within the SiteController::actionLogin() method, and the call to get the localized file will be taken care of for us behind the scenes when calling render('login'). So, with this in place, our login form now looks as shown in the following screenshot: Chapter 11 [ 285 ] Summary In this iteration, we have seen how a Yii application allows you to quickly and easily polish up the design. We were introduced to the concept of layout files and walked through how to use these in an application to layout content and design that needs to be implemented in a similar manner across many different web pages. This also introduced us to the CMenu and CBreadcrumbs built-in widgets that provide easy to use and implement UI navigational constructs on each page. We then introduced the idea of a theme within Web applications and how they are specifically implementing within a Yii application. We saw that themes allow you to easily put a new face on an existing Web application and allow you to re-design your application without re-building any of the functionality or backend Finally, we looked at changing the face of the application through the lens of i18n and language translation. We learned how to set the target locale of the application to enable localization settings and language translations. We have made a few references in this and past chapters to modules, but have yet to dive into what exactly these are within a Yii application. That is going to be the focus of the next chapter. Iteration 9: Modules - Adding Administration So far we have added a lot of functionality to our TrackStar application. If you recall back in Chapter 8, we introduced user access controls to restrict certain functionality based on a user role hierarchy. This was helpful in restricting access to some of the administrative functions on a per-project basis. For example, within a specific project, you may not want to allow all members of the team access to delete the project. We used a role based access control implementation to assign users to specific roles within a project, and then allowed/restricted access to functionality based on those roles. However, what we have not yet addressed are the administrative needs of the application as a whole. Web applications such as TrackStar often require the ability for very special users to have full access to administer everything. One example is the ability to manage all the CRUD operations for every single user of the system, regardless of the project. A system administrator of our application should be able to log in and remove or update any user, any project, any issues, moderate all comments, and so on. Also, it is often the case that we build extra features that apply to the whole application, like the ability to leave site-wide system messages to all users, manage e-mail campaigns, turn on/off certain application features, manage the roles and permissions hierarchy itself, change the site theme, and so on. As the functionality exposed to the administrator can differ greatly from the functionality exposed to normal users, it is often a good idea to keep these features separate from the rest of the application. We will be accomplishing this separation by building all of our administrative functionality in what is called a module in Yii. Iteration 9: Modules - Adding Administration [ 288 ] Iteration planning In this iteration, we will focus on the following granular development tasks: • Creating a new module to house administrative functionality • Creating the ability for administrators to add system-wide messages for application users to view on the projects listing page • Applying a new theme to the module • Creating a new table to hold the system message data • Generating all CRUD functionality for our system messages • Limiting access to all functionality within the new module only to admin users • Displaying new system messages on the projects listing page Modules A module is similar to an entire mini-application contained within a larger application. It has a similar structure, containing models, views, controllers, and other supporting components. However, modules cannot be deployed themselves as stand-alone applications, they must reside within an application. Modules are useful in helping architect your application in a modular fashion. Large applications can often be segmented into discrete application features that could be separately built using modules. Site features such as adding a user forum, user blogs, or site-administrator functionality are some example candidates that could be segmented from the main site features allowing them to be developed separately and easily reused in future projects. We are going to use a module to create a distinct place in our application to house our administrative functionality. Creating a module Creating a new module is a snap using our old friend, the Gii code generation tool. With our URL changes in place, the tool is now accessible via http://localhost/ trackstar/gii. Navigate there, and choose the Module Generator option from the left menu. You will be presented with the following screen: Chapter 12 [ 289 ] We need to provide a unique name for the module. As we are creating an admin module, we'll be super creative and give it the name admin. So type this in for the Module ID field, and click on the Preview button. As the following screenshot shows, it will present you with all of the files it intends to generate, allowing you to preview each of these files prior to creating them: Iteration 9: Modules - Adding Administration [ 290 ] Then click the Generate button to have it create all of these files. You will need to ensure that your /protected folder is writable by the web server process for it to automatically create the required folders and files. The following screenshot shows a successful module generation: Let's take a closer look at what the module generator created for us. A module in Yii is organized as a folder, the name of which is the same as the unique name of the module. By default, all module folders reside under protected/modules. The structure of each module folder is very similar to that of our main application. What this command has done for us is to create the skeleton folder structure for the admin module. As this was our first module, the top-level folder protected/modules was created, and then an admin/ folder underneath. The following shows all of the folders and files that were created when we executed the module command: Name of folder Use/contents admin/ AdminModule.php the module class file components/ containing reusable user components controllers/ containing controller class files Chapter 12 [ 291 ] Name of folder Use/contents DefaultController. php the default controller class file messages/ stores message translations specific to the module models/ containing model class files views/ containing controller view and layout files default/ containing view files for DefaultController index.php the index view file layouts/ containing layout view files A module must have a module class that extends either directly or from a child of CWebModule. The module class name is created by combining the module ID (that is, the name we supplied when we created the module, admin) and the string Module. The first letter of the module ID is also capitalized. So, in our case, our admin module class file is named AdminModule.php. The module class serves as the central place for storing information shared by the module code. For example, we can use the params property of CWebModule to store module specific parameters, and use its components property to share application components at the module level. This module class serves a similar role to the module as the application class does to the entire application. So CWebModule is to our module what CWebApplication is to our application. Using a module Just as the successful creation message indicated, before we can use our new module we need to configure the modules property of the main application to include it for use. We did this before when we added the gii module to our application, which allowed us to access the Gii code generation tool. We make this change in the main configuration file, protected/config/main.php. The following highlighted code indicates the required change: 'modules'=>array( 'gii'=>array( 'class'=>'system.gii.GiiModule', 'password'=>'iamadmin', ), 'admin', ), Iteration 9: Modules - Adding Administration [ 292 ] After saving this change, our new admin module is wired-up for use. We can take a look at the simple index page that was created for us by visiting http://localhost/ trackstar/admin/default/index. The request routing structure to access pages in our module is similar to that for our main application pages, except that we need to include the moduleID in the route as well. So our routes will be of the general form / moduleID/controllerID/actionID. Our URL request /admin/default/index is requesting the admin module's default controller's index method. When we visit this page, we see something similar to the following screenshot: Theming a module We immediately notice that there doesn't seem to be any layout applied to this view. One might guess that maybe the controller that is rendering this view is calling renderPartial() rather than render(). However, upon inspection of our default admin controller file, /protected/modules/admin/controllers/ DefaultController.php, we see that it is, in fact, using the render() method. Thus, we expect a layout file (if one exists) to be applied. The issue is that almost everything is separate in a module, including the default path for layout files. The default layout path for web modules is /protected/ modules/[moduleID]/views/layouts, where moduleID in our case is admin. We can see that there are no files under this folder, so there is no default layout to be applied. There is slightly more to the story in our case, however. In the previous iteration, we implemented a new theme, called new. We can also manage all of our module view files, including the layout view files, within this theme as well. If we were to do that, we need to add to our theme folder structure to accommodate our new module. The folder structure is very much as expected. It is of a general form: / themes/[themeName]/views/[moduleID]/layouts/ for layout files and /themes/ [themeName]/views/[moduleID]/[controllerID]/ for controller view files. To clarify, let's walk through Yii's decision-making process when it is trying to decide what view files to use for our new admin module. Here is what is happening when $this->render('index') is issued in the DefaultController.php file within our admin module: Chapter 12 [ 293 ] 1. As render() is being called, as opposed to renderPartial(), it is going to attempt to decorate the specified index.php view file with a layout file. Our application is currently configured to use a theme called new, so it is going to look for layout files under this theme folder. Our new module's DefaultController class extends our application component Controller. php, which has column1 specified as its $layout property. This property is not overridden so it is also the layout file for DefaultController. Finally, as this is all happening within the admin module, Yii first looks for the following layout file: /themes/new/views/admin/layouts/column1.php. Notice the inclusion of the moduleID in this folder structure. 2. This file does not exist, so it reverts to looking in the default location for the module. As previously mentioned, the default layout folder is specific to each module. So, in this case it will attempt to locate the following layout file: /protected/modules/admin/views/layouts/column1.php. 3. This file also does not exist, so it will be unable to apply a layout. It will now simply attempt render the specified index.php view file without a layout. However, again as we have specified the specific "new" theme for the application, it first looks for the following view file: /themes/new/ views/admin/default/index.php. 4. This file also does not exist, so it will look again in the default location for this controller (DefaultController.php) within this module (AdminModule), namely: /protected/modules/admin/views/default/index.php. This explains why the page http://localhost/trackstar/admin/default/index is rendered without any layout. To keep things completely separate and simple for now, let us manage our view files in the default location for our module, rather than under the new theme. Also, let's apply to our admin module the same design as our original application had, that is, how the application looked before we applied the new theme. This way our admin pages will have a different look from our normal application pages, which will help remind us that we are in the special admin section, but we won't have to spend any time coming up with a new design. Applying a theme First, let's set a default layout value for our module. We set our module-wide configuration settings in the init() method within our module class, /protected/ modules/AdminModule.php. So open that file and add the following code in bold: class AdminModule extends CWebModule { public function init() { // this method is called when the module is being created Iteration 9: Modules - Adding Administration [ 294 ] // you may place code here to customize the module or the application // import the module-level models and components $this->setImport(array( 'admin.models.*', 'admin.components.*', )); $this->layout = 'main'; } ... This way, if we have not specified a layout file at a more granular level, like in a controller class, all of the module views will be decorated by the layout file main.php located in the default layout folder for our module, namely /protected/modules/ admin/views/layouts/. Now, of course, we need to create this file. Make a copy of the two layout files from the main application: /protected/views/layouts/main.php and /protected/ views/layouts/column1.php, and place them both in the /protected/modules/ admin/views/layouts/ folder. After you have copied those over, we need to make a few changes to both of them. First let's alter column1.php. Remove the explicit reference to /layouts/main in the call to beginContent() as follows: beginContent(); ?> Deriuqer era * htiw sdleif.
labelEx($model,'username'); ?> textField($model,'username'); ?> error($model,'username'); ?>
labelEx($model,'password'); ?> passwordField($model,'password'); ?> error($model,'password'); ?>
nimda\nimda ro omed\omed htiw nigol yam uoy :tnih
checkBox($model,'rememberMe'); ?> label($model,'rememberMe'); ?> error($model,'rememberMe'); ?>
endWidget(); ?> name) . " Ad- min Console"; ?>
Projects
header text:"; var_dump(Yii::getLogger()->getLogs()); } If we invoke this action by making the following request at: http://localhost/ trackstar/site/showLog, we see something similar to the following: Chapter 13 [ 311 ] If we comment out our global application debug variable, defined in index.php, and refresh the page, we'll notice that nothing was logged. This is because this system-level debugging information level logging is accomplished by calling Yii::trace, which only logs the message if the application is in this special debug mode. We can log messages using one of two static application methods: • Yii::log($message, $level, $category) • Yii::trace($message, $category) As mentioned, the main difference between these two methods is that Yii::trace logs the message only when the application is in debug mode. Categories and levels When logging a message, we need to specify its category and level. The category is represented by a string in the format of xxx.yyy.zzz, which resembles the path alias. For example, if a message is logged in our application's SiteController class, we may choose to use the category application.controllers.SiteController. The category is there to provide extra context to the message being logged. In addition to specifying the category, when using Yii::log, we can also specify a level for the message. The level can be thought of as the severity of the message. You can define your own levels, but typically they take on one of the following values: • Trace: This level is commonly used for tracing the execution flow of the application during development. • Info: This level is for logging general information, and it is the default level if none is specified. • Profile: This level is to be used with the performance profile feature, which is described below. • Warning: This level is for warning messages. • Error: This is level for fatal error messages. Iteration 10: Production Readiness [ 312 ] Adding a login message log As an example, let's add some logging to our user login method. We'll provide some basic debugging information at the beginning of the method to indicate the method is being executed. We'll then log an informational message upon a successful login as well as a warning message if the login fails. Alter our SiteController::actionLogin() method as follows: /** * Displays the login page */ public function actionLogin() { Yii::app()->language = 'rev'; Yii::trace("The actionLogin() method is being requested", "application.controllers.SiteController"); if(!Yii::app()->user->isGuest) { $this->redirect(Yii::app()->homeUrl); } $model=new LoginForm; // if it is ajax validation request if(isset($_POST['ajax']) && $_POST['ajax']==='login-form') { echo CActiveForm::validate($model); Yii::app()->end(); } // collect user input data if(isset($_POST['LoginForm'])) { $model->attributes=$_POST['LoginForm']; // validate user input and redirect to the previous page if valid if($model->validate() && $model->login()) { Yii::log("Successful login of user: " . Yii::app()->user- >id, "info", "application.controllers.SiteController"); $this->redirect(Yii::app()->user->returnUrl); } Chapter 13 [ 313 ] else { Yii::log("Failed login attempt", "warning", "application. controllers.SiteController"); } } // display the login form //public string findLocalizedFile(string $srcFile, string $srcLanguage=NULL, string $language=NULL) $this->render('login',array('model'=>$model)); } If we now successfully log in (or perform a failed attempt) and visit our page to view the logs, we don't see them (If you commented out the debug mode declaration, make sure you have put the application back in debug mode for this exercise). Again, the reason is that by default, the logging implementation in Yii simply stores the messages in memory. They disappear when the request completes. This is not terribly useful. We need to route them to a more persistent storage area so we can view them outside of the request in which they are generated. Message routing As we mentioned, by default, messages logged using Yii::log or Yii::trace are kept in memory. Typically, these messages are more useful if they are displayed in browser windows, or saved to some persistent storage such as in a file, or in a database or sent as an e-mail. Yii's message routing allows for the log messages to be routed to different destinations. In Yii, message routing is managed by a CLogRouter application component. It allows you to define a list of destinations to which the log messages should be routed. In order to take advantage of this message routing, we need to configure the CLogRouter application component in our protected/config/main.php config file. We do this by setting its routes property with the desired log message destinations. If we open our config file, we see that some configuration information has already been provided (again, courtesy of using the yiic webapp command to initially create our application). The following is already defined in our configuration: 'log'=>array 'class'=>'CLogRouter', 'routes'=>array( Iteration 10: Production Readiness [ 314 ] array( 'class'=>'CFileLogRoute', 'levels'=>'error, warning', ), // uncomment the following to show log messages on web pages /* array( 'class'=>'CWebLogRoute', ), */ ), ), The log application component is configured to use the framework class CLogRouter. You could also certainly create and use a custom child class of this if you have logging requirements not fully met by the base framework implementation, but in our case, this will work just fine. What follows the class definition in the previous configuration is the definition of the routes property. In this case, there is just one route specified. This one is using the Yii Framework message routing class, CFileLogRoute. The CFileLogRoute message routing class uses the filesystem to save the messages. By default, messages are logged in a file under the application runtime folder, /protected/runtime/ application.log. In fact, if you have been following along with us and have your own application, you can take a peek at this file and will see several messages that have been logged by the framework. The levels specification dictates that only messages whose log level is either error or warning will be routed to this file. The part of the configuration in the preceding code that is commented out specifies another route, CWebLogRoute. If used, this will route the message to be displayed on the currently requested web page. The following is a list of message routes currently available in version 1.1 of Yii: • CDbLogRoute: Saves messages in a database table • CEmailLogRoute: Sends messages to specified e-mail addresses • CFileLogRoute: Saves messages in a file under the application runtime folder • CWebLogRoute: Displays messages at the end of the current web page • CProfileLogRoute: Displays profiling messages at the end of the current web page The logging that we added to our SiteController::actionLogin() method used Yii::trace for one message and then used Yii::log for two more. When using Yii::trace, the log level is automatically set to trace. When using the Yii::log we Chapter 13 [ 315 ] specified an info log level if the login was successful and a warning level if the login attempt failed. Let's alter our log routing configuration to write the trace and info level messages to a new, separate file called infoMessages.log in the same folder as our application.log file. Also, let's configure it to write the warning messages to the browser. To do that, we make the following changes to the configuration: 'log'=>array( 'class'=>'CLogRouter', 'routes'=>array( array( 'class'=>'CFileLogRoute', 'levels'=>'error', ), array( 'class'=>'CFileLogRoute', 'levels'=>'info, trace', 'logFile'=>'infoMessages.log', ), array( 'class'=>'CWebLogRoute', 'levels'=>'warning', ), ... Now, after saving these changes, let's try out the different scenarios. First, try a successful login. Doing so will write two messages out to our new /protected/ runtime/infoMessages.log file, one for the trace and then one logging the successful login. After successfully logging in, viewing that file reveals the following (The full listing was truncated to save a few trees): … 2010/04/15 00:31:52 [trace] [application.controllers.SiteController] The actionLogin() method is being requested 2010/04/15 00:31:52 [trace] [system.web.CModule] Loading "user" application component 2010/04/15 00:31:52 [trace] [system.web.CModule] Loading "session" application component 2010/04/15 00:31:52 [trace] [system.web.CModule] Loading "db" application component 2010/04/15 00:31:52 [trace] [system.db.CDbConnection] Opening DB connection … 2010/04/15 00:31:52 [info] [application.controllers.SiteController] Successful login of user: 1 … Iteration 10: Production Readiness [ 316 ] Wow, there is a lot more in there than just our two messages. But our two did show up; they are bolded in the above listing. Now that we are routing all of trace messages to this new file, all of the framework trace messages are showing up here as well. This is actually very informative and helps you get a picture of the lifecycle of a request as it makes its way through the framework. There is a lot going on under the covers. We would obviously turn off this verbose level of logging when moving this application to production. In non-debug mode, we would only see our single info level message. But this level of detail can be very informative when trying to track down bugs and just figure out what the application is doing. It is comforting to know it is here when/if ever needed. Now let's try the failed login attempt scenario. If we now log out and try our login again, but this time specify incorrect credentials to force a failed login, we see our warning level display along the bottom of the returned web page, just as we configured it to do. The following screenshot shows this warning being displayed: When using the CLogRouter message router, the logfiles are stored under the logPath property and the filename is specified by the logFile. Another great feature of this log router is automatic logfile rotation. If the size of the logfile is greater than the value set in the maxFileSize (in kilobytes) property, a rotation is performed, which renames the current logfile by suffixing the filename with '1'. All existing logfiles are moved backwards one place, that is, '.2' to '.3', '.1' to '.2'. The property maxLogFiles can be used to specify how many files are to be kept. Handling errors Properly handling the errors that invariably occur in software applications is of the utmost importance. This, again, is a topic that arguably should have been covered prior to coding our application, rather than at this late stage. Luckily, though, as we have been leaning on tools within the Yii Framework to autogenerate much of our core application skeleton, our application is already taking advantage of some of Yii's error handling features. Chapter 13 [ 317 ] Yii provides a complete error handling framework based on PHP 5 exceptions, a built-in mechanism for handling program failures through centralized points. When the main Yii application component is created to handle an incoming user request, it registers its CApplication::handleError() method to handle PHP warnings and notices. It registers its CApplication::handleException() method to handle uncaught PHP exceptions. Consequently, if a PHP warning/notice or an uncaught exception occurs during the application execution, one of the error handlers will take over the control and start the necessary error handling procedure. The registration of error handlers is done in the application's constructor by calling the PHP functions set_exception_handler and set_ error_handler. If you prefer to not have Yii handle these types of errors and exceptions, you may override this default behavior by defining a global constant YII_ENABLE_ERROR_HANDLER and YII_ENABLE_ EXCEPTION_HANDLER to be false in the main index.php entry script. By default, the application will use the framework class CErrorHandler as the application component tasked with handling PHP errors and uncaught exceptions. Part of the task of this built-in application component is displaying these errors using appropriate view files based on whether or not the application is running in debug mode or in production mode. This allows you to customize your error messages for these different environments. It makes sense to display much more verbose error information in a development environment, to help troubleshoot problems. But allowing users of a production application to view this same information could compromise security. Also, if you have implemented your site in multiple languages, CErrorHandler also chooses the most preferred language for displaying the error. You raise exceptions in Yii the same way you would normally raise a PHP exception. One uses the following general syntax to raise an exception when needed: throw new ExceptionClass('ExceptionMessage'); The two exception classes the Yii provides are: • CException • CHttpException CException is a generic exception class. CHttpException represents an exception that is intended to be displayed to the end user. CHttpException also carries a statusCode property to represent an HTTP status code. Errors are displayed differently in the browser, depending on the exception class that is thrown. Iteration 10: Production Readiness [ 318 ] Displaying errors As was previously mentioned, when an error is forwarded to the CErrorHandler application component, it makes a decision as to which view file to use when displaying the error. If the error is meant to be displayed to end users, such as is the case when using CHttpException, the default behavior is to use a view named errorXXX, where XXX represents the HTTP status code (for example, 400, 404, 500). If the error is an internal one and should only be displayed to developers, it will use a view named exception. When the application is in debug mode, a complete call stack as well as the error line in the source file will be displayed. However, this is not the full story. When the application is running in production mode, all errors will be displayed using the errorXXX view files. This is because the call stack of an error may contain sensitive information that should not be displayed to just any end user. When the application is in production mode, developers should rely on the error logs to provide more information about an error. A message of level error will always be logged when an error occurs. If the error is caused by a PHP warning or notice, the message will be logged with category php. If the error is caused by an uncaught exception, the category will be exception.ExceptionClassName, where the exception class name is one of, or child class of, either CHttpException or CException. One can thus take advantage of the logging features, discussed in the previous section, to monitor errors that occur within a production application. By default, CErrorHandler searches for the location of the corresponding view file in the following order: 1. WebRoot/themes/ThemeName/views/system: The system view file under the currently active theme. 2. WebRoot/protected/views/system: The default system view file for an application. 3. YiiRoot/framework/views: The standard system view folder provided by the Yii Framework. So, you can customize the error display by creating custom error view files under the system view folder of the application or theme. Yii also allows you to define a specific controller action method to handle the display of the error. This is actually how our application is configured. We'll see this as we go through a couple of examples. Chapter 13 [ 319 ] Let's look at a couple examples of this in action. Some of the code that was generated for us as a by-product of using the Gii CRUD generator tool to create our CRUD scaffolding is taking advantage of Yii's error handling. One such example is the ProjectController::loadModel() method. That method is defined as follows: public function loadModel() { if($this->_model===null) { if(isset($_GET['id'])) $this->_model=Project::model()->findbyPk($_GET['id']); if($this->_model===null) throw new CHttpException(404,'The requested page does not exist.'); } return $this->_model; } We see that it is attempting to load the appropriate Project model AR instance based on the input id querystring parameter. If it is unable to locate the requested project, it throws a CHttpException as a way to let the user know that the page they are requesting, in this case the project details page, does not exist. We can test this in our browser by explicitly requesting a project that we know does not exist. As we know our application does not have a project associated with an ID of 99, a request for http://localhost/trackstar/project/view/id/99 will result in the following page being returned: Iteration 10: Production Readiness [ 320 ] This is nice, because the page looks like any other page in our application, with the same theme, header, footer, and so on. This is actually not the default behavior for rendering this type of error page. Our initial application was configured to use a specific controller action for the handling of such errors. We mentioned this was another option for how to handle errors in an application. If we take a peek into this configuration file, we see the following code snippet: 'errorHandler'=>array( // use 'site/error' action to display errors 'errorAction'=>'site/error', ), This configures our error handler application component to use the SiteController::actionError() method to handle all of the exceptions intended to be displayed to users. If we take a look at that action method, we notice that it is rendering the protected/views/site/error.php view file. This is just a normal controller view file, so it will also render any relevant application layout files and will apply the appropriate theme. This way, we are able to provide the user with a very friendly experience when certain errors happen. To see what the default behavior is, without this added configuration, let's temporarily comment out the above lines of configuration code (in protected/ config/main.php) and request the non-existent project again. Now we see the following page: As we have not explicitly defined any custom error pages following the convention outlined earlier, this is the error404.php file in the Yii Framework itself. Go ahead and revert these changes to the configuration file to have the error handling use the SiteController::actionError() method. Now let's see how this compares to throwing a CException, rather than the HTTP exception class. Let's comment out the current line of code throwing the HTTP exception and add a new line to throw this other exception class, as follows: public function loadModel() { if($this->_model===null) { Chapter 13 [ 321 ] if(isset($_GET['id'])) $this->_model=Project::model()->findbyPk($_GET['id']); if($this->_model===null) //throw new CHttpException(404,'The requested page does not exist.'); throw new CException('The is an example of throwing a CException'); } return $this->_model; } Now if we make our request for a non-existent project, we see a very different result. This time we see a system generated error page with a full stack trace error info dump along with the specific source file where the error occurred. The results were a little too long to capture in a screenshot, but it will display the fact that a CException was thrown along with the description The is an example of throwing a CException, the source file and then the full stack trace. So throwing this different exception class, along with the fact the application is in debug mode, has a different result. This is the type of information we would like to display to help us troubleshoot the problem, but only as long as our application is running in a secure development environment. Let's temporarily comment out the debug setting in the root index.php file, in order to see what would be displayed when in production mode: // remove the following line when in production mode //defined('YII_DEBUG') or define('YII_DEBUG',true); With this commented out, if we refresh our request for our non-existent project, we see that the exception is displayed as an end-user friendly HTTP 500 error, as depicted in the following screenshot: Iteration 10: Production Readiness [ 322 ] So we see that none of our sensitive code or stack trace information is displayed when in production mode. Caching Caching data is a great method for helping to improve the performance of a production web application. If there is specific content that is not expected to change upon every request, using the cache to store and serve this content can save the time it takes to retrieve and process that data. Yii provides for some nice features when it comes to caching. The tour of Yii's caching features will begin with configuring a cache application component. Such a component is one of several child classes extending CCache, the base class for cache classes with different cache storage implementations. Yii provides many different specific cache component class implementations that store the data utilizing different approaches. The following is a list of the current cache implementations that Yii provides as of version 1.1.2: • CMemCache: Uses the PHP memcache extension. • CApcCache: Uses the PHP APC extension. • CXCache: Uses PHP XCache extension • CEAcceleratorCache: Uses the PHP EAccelerator extension. • CDbCache: Uses a database table to store cached data. By default, it will create and use a SQLite3 database under the runtime folder. You can explicitly specify a database for it to use by setting its connectionID property. • CZendDataCache: Uses Zend Data Cache as the underlying caching medium. • CFileCache: Uses files to store cached data. This is particular suitable to cache large chunk of data (such as pages). • CDummyCache: This presents the consistent cache interface, but does not actually perform any caching. The reason for this implementation is to that if you are faced with situation where your development environment does not have cache support, you can still execute and test your code that will need to use cache once available. This allows you to continue to code to a consistent interface, and when the time comes to actually implement a real caching component. You will not need to change the code written to write to or retrieve data from cache. Chapter 13 [ 323 ] All of these components extend from the same base class, CCache and expose a consistent API. This means that you can change the implementation of the application component in order to use a different caching strategy without having to change any of the code that is using the cache. Configuring for cache As was mentioned, using cache in Yii typically involves choosing one of these implementations, and then configuring the application component for use in the / protected/config/main.php file. The specifics of the configuration will, of course, depend on the specific cache implementation. For example, if one were to use the memcached implementation, that is, CMemCache, which is a distributed memory object caching system that allows you to specify multiple host servers as your cache servers, configuring it to use two servers might look similar to: array( ...... 'components'=>array( ...... 'cache'=>array( 'class'=>'system.caching.CMemCache', 'servers'=>array( array('host'=>'server1', 'port'=>12345, 'weight'=>60), array('host'=>'server2', 'port'=>12345, 'weight'=>40), ), ), ), ); To keep things relatively simple for the reader following along with the TrackStar development, we'll use the filesystem implementation, CFileCache, as we go through some examples. This should be readily available on any development environment that allows access to reading and writing files from the filesystem. If for some reason this is not an option for you, but you still want to follow along with the code examples, simply use the CDummyCache option. As mentioned, it won't actually store any data in the cache, but the code will execute against it just fine. Iteration 10: Production Readiness [ 324 ] CFileCache provides a file-based caching mechanism. When using this implementation, each data value being cached is stored in a separate file. By default, these files are stored under the protected/runtime/cache/ folder, but one can easily change this by setting the cachePath property when configuring the component. For our purposes, this default is fine, so we simply need to add the following to the components array in our /protected/config/main.php configuration file as such: // application components 'components'=>array( … 'cache'=>array( 'class'=>'system.caching.CFileCache', ), … ), With this in place, we can access this new application component anywhere in our running application via Yii::app()->cache. Using a file-based cache Let's try out this new component. Remember that system message we added as part of our administrative functionality in the previous iteration? Rather than get it from the database upon every request, let's store the value initially returned from the database in our cache for a limited amount of time, so that not every subsequent request has to retrieve the data from the database. Let's add a new public method to our SysMessage AR model class to handle the retrieval of the latest system messages. Let's make this new method both public and static so that other parts of the application can easily use this method to access the latest system message without having to explicitly create an instance of SysMessage. This also will help in writing our test. Test? You'd probably thought we forgot all about our test-first approach to development at this point. Well, we haven't, so let's get back to it. Create a new test file, protected/tests/unit/SysMessgeTest.php, and add to it the following a fixture definition and single test method: assertTrue($message instanceof SysMessage); } } Running this test from the command line will immediately fail due to the fact that we have not yet added this new method. Let's add this method to the SysMessage class as follows: /** * Retrieves the most recent system message. * @return SysMessage the AR instance representing the latest system message. */ public static function getLatest() { //see if it is in the cache, if so, just return it if( ($cache=Yii::app()->cache)!==null) { $key='TrackStar.ProjectListing.SystemMessage'; if(($sysMessage=$cache->get($key))!==false) return $sysMessage; } //The system message was either not found in the cache, or //there is no cache component defined for the application //retrieve the system message from the database $sysMessage = SysMessage::model()->find(array( 'order'=>'t.update_time DESC', )); if($sysMessage != null) { //a valid message was found. Store it in cache for future retrievals if(isset($key)) $cache->set($key,$sysMessage,300); return $sysMessage; } else return null; } Iteration 10: Production Readiness [ 326 ] We'll cover the details in just a minute. First, let's get our test to pass. With this in place, if we run our test again, we still get a failure. But this time, the failure is because our method is returning null, and we are testing for a non-null return value. The reason that it is returning null is that there are no system messages in our test database. Remember, our tests are run against the trackstar_test database. Okay, no problem, fixtures to the rescue. Add a new fixture file protected/tests/fixtures/tbl_sys_ message.php which is similar to look this: array( 'message' => 'This is a test message', 'create_time' => new CDbExpression('NOW()'), 'create_user_id' => 1, 'update_time' => new CDbExpression('NOW()'), 'update_user_id' => 1, ), ); Also, ensure that the test case class is configured to be using the fixture by verifying the following code is at the top of the SysMessageTest test class: public $fixtures=array( 'messages'=>'SysMessage', ); Okay, now we can fire off our test again, and this time it succeeds. The method should have tried to retrieve the message from the cache. But, as this was the first time for the request in our test environment, it would not yet be there. So, it proceeded to retrieve it from the database and then store the result into cache for subsequent requests. If we do a folder listing for the default location being used for file caching, protected/runtime/cache/, we do indeed see one strangely named file (yours may be slightly different): 8b22da6eaf1bf772dae212cd28d2f4bc.bin Which if we open in a text editor, reveals the following: a:2:{i:0;O:10:"SysMessage":11:{s:18:"CActiveRecord_md";N;s:19:"18 CActiveRecord_new";b:0;s:26:"CActiveRecord_attributes";a:6:{s:2 :"id";s:1:"1";s:7:"message";s:22:"This is a test message";s:11:"create_time";s:19:"2010-07-08 21:42:00";s:14:"create_user_id";s:1:"1";s:11:"update_time";s:19:"2010- 07-08 21:42:00";s:14:"update_user_id";s:1:"1";}s:23:"18CActiveRecord18_rela Chapter 13 [ 327 ] ted";a:0:{}s:17:"CActiveRecord_c";N;s:18:"CActiveRecord_pk";s :1:"1";s:15:"CModel_errors";a:0:{}s:19:"CModel_validators";N; s:17:"CModel_scenario";s:6:"update";s:14:"CComponent_e";N;s:1 4:"CComponent_m";N;}i:1;N;} This is the serialized, cached value of our most recently updated SysMessage AR class instance, which is exactly what we would expect to be there. So, we see that the caching is actually working. When running tests, executing the application in the test environment, against the test database, we might want to configure a different location to cache our test data. In this case, we might want to add to our test application configuration, protected/config/test.php, a cache component that is configured slightly differently. For example, if we wanted to specify a different folder to place the test cache data, we could add the following to our application components in this test config file: 'cache'=>array( 'class'=>'system.caching.CFileCache', 'cachePath'=> '/Webroot/trackstar/protected/runtime/cache/test', ), This way, we won't alter our test results by reading that was cached from normal use of the main development application. Let's revisit the above code for our new SysMessage::getLatest() method in a bit more detail. The first thing the code is doing is checking to see if the requested data is already in the cache, and if so, returns that value: //see if it is in the cache, if so, just return it if( ($cache=Yii::app()->cache)!==null) { $key='TrackStar.ProjectListing.SystemMessage'; if(($sysMessage=$cache->get($key))!==false) return $sysMessage; } Iteration 10: Production Readiness [ 328 ] As we mentioned, we configured the cache application component to be available anywhere in the application via Yii::app()->cache. So, it first checks to see if there even is such a component defined. If so, it attempts to look up the data in the cache via the $cache->get($key) method. This does more or less what you would expect. It attempts to retrieve a value from cache based on the specified key. The key is a unique string identifier that is used to map to each piece of data stored in the cache. In our system message example, we only need to display one message at a time, and therefore can have a fairly simple key identify the single system message to display. The key can be any string value, as long as it remains unique for each piece of data we want to cache. In this case we have chosen the descriptive string TrackStar. ProjectListing.SystemMessage as the key used when storing and retrieving our cached system message. When this code is executed for the very first time, there will not yet be any data associated with this key value in the cache. Therefore, a call to $cache->get() for this key will return false. So, our method will continue to the next bit of code, which simply attempts to retrieve the appropriate system message from the database, using the AR class: $sysMessage = SysMessage::model()->find(array( 'order'=>'t.update_time DESC', )); We then proceed with the following code that first checks if we did get anything back from the database. If we did, then it stores it in the cache before returning the value, otherwise, null is returned: if($sysMessage != null) { if(isset($key)) $cache->set($key,$sysMessage->message,300); return $sysMessage->message; } else return null; If a valid system message was returned, we use the $cache->set() method to store the data into cache. This method has the following general form: set($key,$value,$duration=0,$dependency=null) When placing a piece of data into cache, one must specify a unique key, as well as the data to be stored. The key is a unique string value, as discussed above, and the value is whatever data desired to be cached. This can be in any format, as long as it can be serialized. The duration parameter specifies an optional time-to-live (TTL) requirement. This can be used to ensure that the cached value is refreshed Chapter 13 [ 329 ] after a period of time. The default is 0, which means it will never expire, that is, it will live forever in the cache. (Actually, internally, Yii translates a value of <=0 for the duration to mean that it should expire in one year. So, not exactly forever, but definitely a long time). We are calling the set() method in the following manner: $cache->set($key,$sysMessage->message,300); We set the key to be what we had it defined as before, TrackStar.ProjectListing. SystemMessage, the data being stored is the message attribute of our returned SystemMessage AR class, that is, the message column of our tbl_sys_message table, and then we set the duration to be 300 seconds. This way, the data in the cache will expire every five minutes, at which time the database is queried again for the most recent system message. We did not specify a dependency when we set the data. We'll discuss this optional parameter next. Cache dependencies The dependency parameter allows for an alternative and much more sophisticated approach to deciding whether or not the stored data in the cache should be refreshed. Rather than declaring a simple time period for the expiration of cached data, your caching strategy may require that the data become invalid based on things like the specific user making the request, or the general mode or state of the application, or whether a file on the filesystem has been recently updated. This parameter allows you to specify such cache validation rules. The dependency is an instance of CCacheDependency or its child class. Yii makes available the following specific cache dependencies: • CFileCacheDependency: The data in the cache will be invalid if the specified file's last modification time has changed since the previous cache lookup. • CDirectoryCacheDependency: Similar to the above for the file cache dependency, but this checks all the files and subdirectories within a given specified folder. • CDbCacheDependency: The data in the cache will be invalid if the query result of a specified SQL statement is changed since the previous cache lookup. • CGlobalStateCacheDependency: The data in the cache will be invalid if the value of the specified global state is changed. A global state is a variable that is persistent across multiple requests and multiple sessions in an application. It is defined via CApplication::setGlobalState(). Iteration 10: Production Readiness [ 330 ] • CChainedCacheDependency: This allows you to chain together multiple dependencies. The data in the cache will become invalid if any of the dependencies on the chain is changed. • CExpressionDependency: The data in the cache will be invalid if the result of the specified PHP expression is changed. To provide a concrete example, let's use a dependency to expire the data in the cache whenever a change to the tbl_sys_message database table is made. Rather than arbitrarily expire our cached system message after five minutes, we'll expire it exactly when we need to, that is, when there has been a change to the update_time column for one of the system messages in the table. We'll use the CDbCacheDependency implementation to achieve this, since it is designed to invalidate cached data based on a change in the results of a SQL query. We alter our call to the set() method to set the duration time to 0, so that it won't expire based on time, but pass in a new dependency instance with our specified SQL statement as such: $cache->set($key, $sysMessage->message, 0, new CDbCacheDependency('select id from tbl_sys_message order by update_ time desc')); Changing the duration TTL time to 0 is not at all a prerequisite of using a dependency. We could have just as easily left the duration in as 300 seconds. This would just stipulate another rule to render the data in the cache invalid. The data would only be valid in the cache for a maximum of five minutes, but would also be regenerated prior to this time limit if there as a change to the update_time column occurred on one or more records in the table. With this in place, the cache will expire only when the results of the query statement are changed. This example is a little contrived, since we were originally caching the data to avoid a database call altogether. Now we have configured it to execute a database query every time we attempt to retrieve data from cache. However, if the cached data was a much more complex data set, that involved much more overhead to retrieve and process, a simple SQL statement for cache validity could make a lot of sense. The specific caching implementation, the data stored, the expiration time as well as any other data validation in the form of these dependencies will all depend on the specific requirements of the application being built. It is good to know that Yii has many options available to help meet our varied requirements. To complete the changes to our application to take advantage of the caching of data in our new method, we still need to refactor the ProjectController::actionIn dex() method to use this newly create method. This is easy. Just replace the code Chapter 13 [ 331 ] that was generating the system message from the database, with a call to this new method. That is, in ProjectController::actionIndex(), simply change this: $sysMessage = SysMessage::model()->find(array('order'=>'t.update_time DESC',)); to the following: $sysMessage = SysMessage::getLatest(); Now the system message being displayed on the projects listing page is taking advantage of the file cache. Fragment caching The previous example demonstrates the use of data caching. This is where we take a single piece of data and store it in the cache. There are other approaches available in Yii to store fragments of pages generated by a portion of a view script, or even the entire page itself. Fragment caching refers to caching a fragment of a page. We can take advantage of fragment caching inside of view scripts. To do so, we use the CController::beginCache() and CController::endCache() methods. These two methods are used to mark the beginning and the end of the rendered page content that should be stored in cache. Just as is the case when using a data caching approach, we need a unique key to identify the content being cached. In general, the syntax for using fragment caching inside of a view script is as follows: ...some HTML content... beginCache($key)) { ?> ...content to be cached... endCache(); } ?> ...other HTML content... If the call to beginCache() returns false, the cached content will be automatically inserted at that place; otherwise, the content inside the if statement will be executed and will be cached when endCache() is invoked. Declaring fragment caching options When calling beginCache(), we can supply an array as the second parameter consisting of caching options to customize the fragment caching. As a matter of fact, the beginCache() and endCache() methods are a convenient wrapper of the COutputCache filter/widget. Therefore, the caching options can be initial values for any properties of COutputCache. Iteration 10: Production Readiness [ 332 ] Arguably one of the most common options specified when caching data is the duration, which specifies how long the content can remain valid in the cache. It is similar to the duration parameter we used when using the data caching approach for our system messages. You can specify the duration parameter when calling beginCache() as follows: $this->beginCache($key, array('duration'=>3600)) The default setting for this fragment caching approach is different than that for the data caching. If we do not set the duration, it defaults to 60 seconds, meaning the cached content will be invalidated after 60 seconds. There a many other options you can set when using the fragment caching. For more information, refer to the API documentation for COutputCache as well as the fragment caching section of the definitive guide, available on the Yii Framework site: http://www.yiiframework. com/doc/guide/caching.fragment Using fragment cache Let's implement this in our TrackStar application. We'll again focus on the project listings page. As you recall, towards the bottom of this page, there is a list of the comments that users have left on the issues associated with each project. This list indicates who left a comment on which issue. Rather than re-generate this list upon each request, let's use fragment caching to cache this list for, say, two minutes. The application can tolerate this data being slightly stale, and two minutes is really not that long to have to wait for an updated comment list. To do this, we make our changes to the listing view file, protected/views/ project/index.php. We'll wrap the call to our entire recent comments portlet inside this fragment caching approach, as such: beginCache($key, array('duration'=>120))) { $this->beginWidget('zii.widgets.CPortlet', array( 'title'=>'Recent Comments', )); $this->widget('RecentComments'); $this->endWidget(); $this->endCache(); } ?> Chapter 13 [ 333 ] With this in place, if we visit the project listings page for the first time, our comments list will be stored in the cache. If we then quickly (by quickly, we mean before two minutes have elapsed) add a new comment to one of the issues within a project, and then toggle back to the project listings page, we won't immediately see the newly added comment. But if we keep refreshing the page, once the content in the cache expires (a maximum of two min in this case), the data will be refreshed, and our new comment will be displayed in the listing. You could also simply add an echo time(); PHP statement to the above cached content to see if it is working as expected. If the content is properly caching, the time display will not update until the cache is refreshed. When using the file cache, remember to ensure that your /protected/ runtime/ folder is writable by the web server process, as this is where the cache content is stored by default. Page caching In addition to fragment caching, Yii offers options to cache the results of the entire page request. Page caching is similar to that of fragment caching. However, because the content of an entire page is often generated by applying additional layouts to a view, we can't simply call beginCache() and endCache() in the layout file. The reason is because the layout is applied within the call to the CController::render() method after the content view is evaluated. So, we would always miss the opportunity to retrieve the content from the cache. Therefore, to cache a whole page, we should entirely skip the execution of the action generating the page content. To accomplish this, we can use COutputCache class as an action filter in our controller class. Let's provide an example. Let's use the page caching approach to cache the page results for every project detail page. The project detail pages in TrackStar are rendered by requesting URLs of the format, http://localhost/trackstar/ project/view/id/[id], where [id] is the specific project ID we are requesting the details of. What we want to do is set up a page caching filter that will cache the entire contents of this page, separately for every ID requested. We need to incorporate the project ID into the key value when we cache the content. That is, we don't want to make a request for the details of project #1, and have the application return a cached result for project #2. Luckily, the COutputCache filter anticipated this need. Iteration 10: Production Readiness [ 334 ] Open protected/controllers/ProjectController.php and alter the existing filters() method as such: public function filters() { return array( 'accessControl', // perform access control for CRUD operations array( 'COutputCache + view', //cache the entire output from the actionView() method for 2 minutes 'duration'=>120, 'varyByParam'=>array('id'), ), ); } This filter configuration utilizes the COutputCache filter to cache the entire output generated by the application from a call to ProjectController::actionView(). The + view added just after the COutputCache declaration, as you may recall, is the standard way we include specific action methods to which a filter should apply. The duration parameter specifies a TTL of 120 seconds (2 min), after which the page content will be regenerated. The varyByParam configuration is a really great option that we alluded to before. Rather than putting the responsibility on you, the developer, to come up with a unique key strategy for the content being cached, this feature allows the variation to be handled automatically. In this case, by specifying a list of names that correspond to GET parameters in the input request. Since we are caching the page content of requests for projects by project_id, it makes perfect sense to use this id as part of the unique key generation for caching the content. By specifying 'varyByParam'=>array('id'), COutputCache does this for us, based on the input querystring parameter, id. There are more options available to achieve this type of auto content variation strategy when using COutputCache to cache our data. As of this writing, the following variation features are available to use: • varyByRoute: By setting this option to true, the specific request route will be incorporated into the unique identifier for the cached data. Therefore, you can use the combination of the requested controller and action to distinguish cached content. • varyBySession: By setting this option to true, the unique session id is used distinguish the content in the cache. Each user session may see different content but all of this content can still be served from the cache. Chapter 13 [ 335 ] • varyByParam: As discussed previously, this uses the input GET querystring parameters to distinguish the content in the cache. • varyByExpression: By setting this option to a PHP expression, we can use the result of this expression to distinguish the content in the cache. So, with the above filter configured in our ProjectController class, each request for a specific project details page is stored in the cache for up to two minutes before being regenerated and again stored in the cache. You can test this out by first viewing a specific project, then updating that project in some way. Your updates will not immediately display if done within the TTL of two minutes. Caching entire page results is a great way to improve site performance, however it certainly does not make sense for every page in every application. A combination of the above three approaches: data, fragment and page caching, will probably need to be implemented in most real-world applications. We have really just scratched the surface of all caching options available within Yii. Hopefully this has whet your appetite to further investigate the full caching landscape available. General performance tuning tips Before we wrap up this final iteration, we'll briefly outline some other areas of consideration when working to tweak the performance of a Yii-based web application. These more or less come straight from the Performance Tuning section of the Yii definitive guide, http://www.yiiframework.com/doc/guide/topics. performance. But it is good to restate them here for completeness and general awareness. Using APC Enabling the PHP APC extension is perhaps the easiest way to improve the overall performance of an application. The extension caches and optimizes PHP intermediate code and avoids the time spent in parsing PHP scripts for every incoming request. Disabling debug mode We discussed this earlier in the chapter, but it won't hurt to hear it again. Disabling debug mode is another easy way to improve performance and security. A Yii application runs in debug mode if the constant YII_DEBUG is defined as true in the main index.php entry script. Many components, including those down in the framework itself, incur extra overhead when running in debug mode. Iteration 10: Production Readiness [ 336 ] Using yiilite.php When the PHP APC extension is enabled, one can replace yii.php with a different Yii bootstrap file named yiilite.php. This can help to further boost the performance of a Yii-powered application. The file yiilite.php comes with every Yii release. It is the result of merging some commonly used Yii class files. Both comments and trace statements are stripped from the merged file. Therefore, using yiilite.php would reduce the number of files being included and avoid execution of trace statements. Note, using yiilite.php without APC may actually reduce performance, because yiilite.php contains some classes that are not necessarily used in every request and would take extra parsing time. It is also observed that using yiilite.php is slower with some server configurations, even when APC is turned on. The best way to judge whether to use yiilite.php or not is to run a benchmark using the included hello world demo. Using caching techniques As we described and demonstrated in this chapter, Yii provides many caching solutions that may improve the performance of a web application significantly. The available caching systems are as follows: • If the generation of some data takes long time, we can use the data caching approach to reduce the data generation frequency • If a portion of page remains relatively static, we can use the fragment caching approach to reduce its rendering frequency • If a whole page remains relative static, we can use the page caching approach to save the rendering cost for the whole page Enabling schema caching If the application is using Active Record, one can turn on the schema caching in a production environment to save the time of parsing database schema. This can be done by configuring the CDbConnection::schemaCachingDuration property to be a value greater than 0. Besides these application-level caching techniques, we can also use server-side caching solutions to boost the application performance. The enabling of APC caching that we described above belongs to this category. There are other server-side techniques, such as Zend Optimizer, eAccelerator and Squid, just to name a few. Chapter 13 [ 337 ] These, for the most part, just provide some good-practice guidelines as you work to prepare your Yii application for production, or as you troubleshoot an existing application for bottlenecks. General application performance tuning is much more art than science, and there are many, many factors outside of the Yii Framework that play into the overall performance. Yii has been built with performance in mind since its inception and continues to out-perform many other PHP-based application development frameworks by a long shot (see http://www.yiiframework.com/ performance/ for more details). Of course, every single web application will need to be tweaked to enhance its performance, but making Yii the development framework of choice certainly puts your application on a great performance footing from the onset. Summary In this final iteration, we turned our attention to making changes to our application to help improve its maintainability and performance in a production environment. We first covered application logging strategies available in Yii, and how to log and route messages based on varying severity levels and categories. We then turned focus to error handling and how Yii exploits the underlying exception implementation in PHP 5 to provide a flexible and robust error handling framework. We then learned about some different caching strategies available in Yii. We learned about the caching of application data and content at varying levels of granularity. Data caching for specific variables or individual pieces of data, fragment caching for content areas within pages, and full page caching to cache the entire rendered output of a page request. Finally, we provided a list of "good practices" to follow when working to improve the performance of a Yii-powered Web application. Unfortunately, our TrackStar application is actually quite far from a complete, full featured task management system, and even many of the concepts covered were left to the reader to fully implement. However, a nice foundation on which to build has been laid, and now that you have the power of Yii on your side, you could very quickly turn this into a much more useable and feature-rich application. Also a great many of the examples covered will translate well to other types of Web applications you may be building. Good luck with your future projects, and happy developing! Index Symbols $dsn variable about 57 formats 57 $pageTitle attribute 261 A accessControl filter 114 about 173 implementing 174, 175 access rules about 176 actions 176 controllers 176 expression 176 ips 176 roles 176 users 176 verbs 176 accessRules() method 175, 203 actionAdduser() method 203-212 actionAdmin() contorller action 176 actionCreate() method 12, 114 actionDelete() controller action 176 actionFeed() method 244 actionGoodbye() method 31 actionHelloWorld() method 25, 28, 44 actionID parameter 25 actionIndex() method 12, 26, 129 actionLogin() method 208, 263 actionShow() method 12 actionUpdate() method 114 actionView() method 114, 129, 220 Active Record (AR) 10, 14 Active Record model classes creating 98 issue model class, creating 98-100 user model class, creating 101 addChild() method 182 admin module building 295-298 AdminModule::beforeControllerAction() method 296 afterValidate() method 159 anonymous user 36 AR model class creating 64 creating, Gii used 66-68 Gii, configuring 65 stesting 68 assertEquals() 50 associateUserToProject() method 202 Attribute List 79 AuthAssignment table 180 authenticated user 36 authenticate() method 163 AuthItemChild table 180 AuthItem table 180 authManager component 179 authorization item 178 authorization level checking 211, 212 authorization manager, RBAC configuring 179 B basic entity relationship about 96 diagrammatic representation 96 [ 340 ] beforeValidate() method 217 beginCache() method 331 beginContent() method 268 bindValue() method 193 blog posting example 11, 12 Blueprint CSS framework 259 Blueprint installation 260 C cache configuring 323 dependencies 329 file-based cache 324-328 fragment caching 331 page caching 333 cache dependencies about 329 CCacheDependency 329 CChainedCacheDependency 330 CDbCacheDependency 329 CDirectoryCacheDependency 329 CExpressionDependency 330 CFileCacheDependency 329 CGlobalStateCacheDependency 329 cache, Yii about 322 CApcCache 322 CDbCache 322 CDummyCache 322 CEAcceleratorCache 322 CFileCache 322 CMemCache 322 CXCache 322 CZendDataCache 322 caching 322 caching techniques 336 CActiveForm class 110 CActiveForm::labelEx() method 109 CActiveForm::textField() method 109 CActiveForm widget 108 CActiveRecord 67 CActiveRecord::beforeValidate() method 153 CActiveRecord class 10 CApcCache 322 CApplication::findLocalizedFile() method 283 CApplication::handleError() method 317 CBreadcrumbs 265 CController base class 114 CController::beginCache() method 331 CController::endCache() method 331 CController::render() method 333 CController::renderPartial() method 255 CDbAuthManager component 179 CDbCache 322 CDbCommand class 193 CDbConnection class 57 CDbConnection::tablePrefix property 64 CdbFixtureManager class 86 CDbMessageSource 281 CDetailView widget 138 CDummyCache 322 CEAcceleratorCache 322 CErrorHandler 317, 318 CException 317 CFileCache 322 CFileLogRoute message routing 314 CFormModel class 10 CGettextMessageSource 281 checkAccess() method 191 CHtml 32 CHtml helper class 34, 124 CHtml::listData() method 124 CListView widget 137 CMemCache 322 CommentController::accessRules() method 244 comment CRUD creating 218 Comment::findRecentComments() method 226 Comment::relations() method 218 Common Locale Data Repository (CLDR) 279 configuration, Yii 19 controller 10, 14 controller command 25 controller method 108 COutputCache class 333 COutputCache filter 334 CPhpAuthManager component 179 CPhpMessageSource 281 [ 341 ] CPortlet 235, 236 createAbsoluteUrl() method 243 createCommand() method 193 createOperation() method 182 createRole() method 182 createUrl() method 243 CRUD operations implementing, for issues 128 CRUD operations, enabling CRUD scaffolding, creating 74-77 for users 73 new project, creating 77, 78 new project, reading 82 projects, deleting 83 projects, managing in admin console 83, 85 projects, updating 83 required field, adding to form 78-82 CRUD operations implementation, for issues about 128 issues, listing 129 ProjectController, altering 129, 130 project view file, altering 130-132 CWebApplication class 255 CWidget about 225 relational AR queries, executing 227, 228 test, completing 229-231 CXCache 322 CZendDataCache 322 D database connection, TrackStar application about 55 component 58, 59 testing 55, 56 databases MySQL 57 Oracle 57 PostgreSQL 57 SQLite 57 SQL Server 57 Data Definition Language (DDL) 63 Data Definition Language (DDL) statements 96 data scheme defining 39, 40 DBMS about 57 connection, establishing 57 debug mode disabling 335 development methodology automated software testing 41 benefits, of testing 42 defining 41 TDD 43 unit and functional testing 41 Document Object Model (DOM) 306 DOMDocument::createElement() method 243 dropDownList() method 110 dynamic content adding, to view template 28 dynamic content, adding data creation, moving to controller 29, 30 date and time, adding 28 E eager loading 228 endCache() method 331 endContent() method 268 error handling about 316 errors, displaying 318-321 exception classes CException 317 CHttpException 317 F false parameter 70 file-based cache about 324 implementing 324-328 filters() method 175 final changes, issues issue detail view, changing 137-139 owner and requester names, getting to display 139 relational AR, using 139, 140 status and type text, getting to display 132, 134 [ 342 ] text display, adding to form 136 final navigation tweaks, issues making 141-144 findAll() method 228 findByPk() method 71 find() method 228 findRecentComments() method 228 fixture manager configuring 86 fixtures about 85 configuring 88 creating 86 flash message 208 fragment caching about 331 options, declaring 331 using 332, 333 functional tests about 42, 45 Selenium, installing 45 test example, running 46, 47 G getHelp() method 186 getRecentComments() method 233 getRoles() method 202 getStatusText() method 138 getter method 126 getTypeOptions() method 106, 110 getTypeText() method 138 getUserOptions() method 126 getUserRoleOptions() method 202 Gii about 64 configuring 65 H hasFlash() method 210 Hello World! example about 22 building 22 controller, creating 22-26 helloWorld.php view, customizing 26, 27 request routing, reviewing 27 helper class 108 I importArray() method 243 init() method 233, 293 installation database 19 Yii 17 internationalization (i18n) 278 issue creating 103, 104 dropdown menu, adding for types 104 types 104 Issue AR class 220 Issue::attributeLabels() method 109 Issue class 107 IssueController::actionAdmin() method 142 IssueController::actionCreate() method 118 IssueController::actionIndex() method 142 IssueController::actionView() method 220-232 IssueController class 112 IssueController::filters() method 114 issue creation process drop-down menu, adding 104 issue type dropdown, adding 107-109 status dropdown, adding 111 test, getting in red 105 test, moving red to green 105 test, moving to green 107 test, moving to red 106 Issue CRUD operations creating 101, 102 using 102 Issue::getStatusText() method 139 Issue::getTypeOptions() method 107 Issue::getTypeText() method 139 issue management functionality Active Record model classes, creating 98 iteration planning 93 relationships, defining 95 schema, designing 95 tables and relationships, creating 96, 97 test suite, running 94 Issue model attribute 109 issue model class about 108 creating 98 [ 343 ] Issue.php model class 110 issue::relations() method 140, 217 Issue::rules() method 109 issues final tweaks 132 listing 129 ProjectController, altering 129, 130 project view file, altering 130, 131 Issue::search() model class method 144 isUserInProject() method 202 isUserInRole() method 197 L language translation about 280 file translation, performing 283, 284 message translation, performing 280-282 performing 280 last_login_time attribute 155 layout about 254 nesting 267, 268 layout files about 254 lazy loading 227 localization (L10n) 278 logging about 309 categories 311 levels 311 login message log, adding 312, 313 message logging 310, 311 message routing 313-316 LoginForm::attributeLabels() method 282 login() method 164 logPath property 316 M main.php layout file, deconstructing about 257 Blueprint CSS Framework, introducing 259 breadcrumb navigation, creating 265 content, specifying 266 footer, defining 267 menu navigation items, displaying 263, 264 page header, defining 261, 262 page title, setting 260 MessageController class 25, 47 message logging 310, 311 message routes CDbLogRoute 314 CEmailLogRoute 314 CProfileLogRoute 314 CWebLogRoute 314 message routing 313-316 message sources, Yii CDbMessageSource 281 CGettextMessageSource 281 CPhpMessageSource 281 model about 10 active record model 10 Form model 10 model, user comments creating 216, 217 module about 288 creating 288-291 system-wide message, adding 298 theme, applying 293-295 theming 292, 293 using 291 MVC architecture, Yii about 9 controller 10 model 10 view 10 O Object-relational mapping 13 on parameter 79 owner and requester dropdowns changing 119-121 data, generating 122, 123 fields, removing 127, 128 ProjectUserAssignment fixture, adding 124-127 user fixture, adding 124-127 owner and requester fields, fixing about 112 filter, adding 113 filtered actions, specifying 114 [ 344 ] filter, implementing 113 filter logic, adding 115, 116 project context, enforcing 112 project details page, altering 117 project id, adding 117 project input form field, removing 118, 119 P page caching 333, 334 performance tuning tips about 335 APCextension , using 335 caching techniques, using 336 debug mode, disabling 335 schema caching, enabling 336 yiilite.php, using 336 PHP APC extension enabling 335 PHPUnit installing 45 Portlets 215 PostgreSQL 63 private $_project attribute 126 production environment caching 322 error handling 316 iteration planning 309 logging 309 performance tuning tips 335 preparing 309 production mode 322 Project AR class, testing about 68 create, testing 69, 70 delete, testing 72 read, testing 71 unit test file, creating 69 update, testing 72 Project::associateUserToRole() method 193 project attribute 126 projectContext filter 114 ProjectController::accessRules() method 174 ProjectController::actionIndex() method 249-330 ProjectController::actionView() method 250 ProjectController class 129 ProjectController::filters() method 174 ProjectController::loadModel() method 319 project CRUD AR model class, creating 64 CRUD operations, enabling 73 iteration planning 61 project table, creating 62 test suite, running 62 project_id attribute 119 project_id property 119 project issues, TrackStar application bugs, categories 37 categories 37 features, categories 37 tasks, categories 37 Project::isUserInRole() method 196 Project::relations() method 121 project table creating 62, 63 naming conventions 63, 64 ProjectTest::testCreate() method 151 public method 192 Q querystring parameter 117, 319 querystring variable 12 R RBAC authorization hierarchy console application command, writing 182-188 creating 181 RBAC database tables AuthAssignment table 180 AuthItemChild table 180 AuthItem table 180 creating 180 RBAC roles adding, to projects 189 new Project AR methods, implementing 191-201 RBAC business rules, adding 190, 191 RBAC users, assigning to projects about 202 new action method, adding to project controller 207, 208 [ 345 ] new form model class, adding 205 new view file, adding to diplay form 208, 210 Project model class, altering 203, 204 Really Simple Syndication 240 recent comments widget creating 224 relational AR queries eager loading 228 executing 227, 228 lazy loading 227 relations() method 120 render() 31 render() method 256 renderPartial() 292 repeat() 51 request routing, Yii about 11 blog posting example 11, 12 Reversish translations 281 role-based access control (RBAC) about 171-179 authorization hierarchy, creating 181, 182 authorization manager, configuring 179 business rules, adding 190, 191 database tables, creating 180 roles, adding to projects 189, 190 users, assigning to projects 202, 203 users, assigning to roles 188, 189 RSS feed about 239 iteration planning 239 rules() method 78, 155 run() method 186, 233 S save() method 70, 153 scaffolding 74 scaffolding code, user comments altering 218 comment, adding 220 form, displaying 221, 222 schema caching enabling 336 Selenium installing 45 setAttributes() method 70, 151 setFlash() method 208 SiteController 12 SiteController::actionLogin() method 268, 312 SiteController class 311 SomeMethodName 113 static method 210 statusCode property 317 SysMessageController::accessRules() method 302 system-wide message, adding to module CRUD scaffolding, creating 300 database table, creating 298 link, adding 301, 303 message, displaying to users 303 model, creating 299 system-wide message, displaying to users design tweak, adding 305, 306 most recently updated message, selecting 304 new model class, importing for application-wide access 303 T tbl_project table 68 TDD about 43 implementing, in testing framework 47-51 testActionHelloworld() method 44 testCreate() method 90 testCRUD() method 69 test database specifying 89 specifying, fixtures used 90 testDelete() method 90 Test-driven development. See TDD test fixture 85 testing benefits 42 testing fixtures about 85 fixture, configuring 88 fixture, creating 86, 87 fixture manager, configuring 86 test database, specifying 89 [ 346 ] test database, specifying with fixtures 90, 92 testing, Yii about 43 TDD approach, implementing 47-51 testRepeat() method 49 testUserAccessBasedOnProjectRole() method 201 themes creating 270 TrackStar 35 TrackStarActiveRecord base class 217 TrackStar application configuring, to use theme 277 designing, with layouts 254 internationalization (i18n) 278 language, defining 279 language translation, performing 280 layout, applying 255, 256 layouts, nesting 267 layout, specifying 255 layout, using 255, 256 locale, defining 279 localization (L10n) 278 main.php layout file, deconstructing 257-259 themes, creating 270 application flow 38, 39 caching 322 database, connecting 55 database connection, testing 55, 56 data scheme, defining 39, 40 development methodology, defining 41 error handling 316 iteration planning 53, 54 logging 309 navigation and page flow 38 performance tuning tips 335 project issues 37 projects, managing 36, 37 user stories, creating 36 Yii web application, creating 54 translating, to other languages 278 trackstar_dev database 63, 122 type_id attribute 109 U unit tests about 42, 44 PHPUnit, installing 45 url manager about 245, 246 entry script, removing from url 247-249 routing rules, configuring 246, 247 using 246 user access requirements accessControl filter 173 access rules 176 authorization level, checking 211, 212 iteration planning 172 ProjectController::accessRules() method 174 ProjectController::filters() method 174 test suite, running 173 user authentication application user attributes, extending 166, 167 authenticate implementation, changing 165, 166 database used 160 Yii authentication model, introducing 160-164 user comments comment CRUD, creating 218 iteration planning 215 model, creating 216, 217 recent comments widget, creating 224 scaffolding code, altering 218 user CRUD common audit history columns, updating 150-155 creating 149, 150 password confirmation field, adding 157 password encryption, adding 159, 160 user friendly URLs creating 244, 245 feed links, adding 249, 251 url manager used 245, 246 UserIdentity::authenticate() method 163 user last login time displaying, on home page 169 updating 168 [ 347 ] user management iteration planning 147 test suite, running 148 user CRUD, creating 149, 150 user last login time, updating 168 users, authenticating 160 user model class creating 101 User::rules() method 155 user stories, TrackStar application creating 36 project issues 37 projects 36 users 36 users, TrackStar about 36 anonymous user 36 authenticated user 36 V validate() method 164 Validator 79 Validator class aliases boolean 80 captcha 80 compare 80 default 80 email 80 exist 80 file 80 filter 80 in 80 length 80 match 80 required 80 type 80 unique 81 varyByExpression 335 varyByParam 335 varyByParam configuration 334 varyByRoute 334 varyBySession 334 verify() method 202 view 10, 14 W webapp command 20, 182 Web Content Syndication 240 web pages, linking about 31 CHtml, using 32, 33 new page, linking to 31 widget adding, to another page 236 creating 225-234 with() method 228 Y Yii message sources 281 themes, building 270 Active Record 14 Active Record (AR) 14 application, creating 19 blog posting example 11, 12 controller 14 databases 57 downloading 17 dynamic content, adding 28 efficiency 8 exception classes 317 extensibility 9 features 8, 9 functional tests 45 Hello World! program 22 installing 17 logging 310 message routes 314 MVC architecture 9 Object-relational mapping 13 overview 7 request routing 11 testing 43 unit tests 44 user-friendly 9 view 14 web pages, linking 31 web request lifecycle 11 [ 348 ] yiic command 21 Yii controller. See controller yiic shell command 182 yiic tool 25, 182 yiic webapp command 313 yiic webapp console command 44 Yii DAO 57 Yii installation about 17 configuration 19 database, installing 19 ensuring 18 yiilite.php using 336 Yii::log method 311 Yii theme creating 270-276 Yii::trace method 311 Yii web application creating 19-22 dynamic content, adding 28 Yii web request lifecycle 11 Yii widget 225 Z Zend_Feed about 240, 241 using 241-243 Zend Framework about 240 installing 241 Zii 9 Thank you for buying Agile Web Application Development with Yii1.1 and PHP5 About Packt Publishing Packt, pronounced 'packed', published its first book "Mastering phpMyAdmin for Effective MySQL Management" in April 2004 and subsequently continued to specialize in publishing highly focused books on specific technologies and solutions. Our books and publications share the experiences of your fellow IT professionals in adapting and customizing today's systems, applications, and frameworks. Our solution based books give you the knowledge and power to customize the software and technologies you're using to get the job done. Packt books are more specific and less general than the IT books you have seen in the past. Our unique business model allows us to bring you more focused information, giving you more of what you need to know, and less of what you don't. Packt is a modern, yet unique publishing company, which focuses on producing quality, cutting-edge books for communities of developers, administrators, and newbies alike. For more information, please visit our website: www.packtpub.com. About Packt Open Source In 2010, Packt launched two new brands, Packt Open Source and Packt Enterprise, in order to continue its focus on specialization. This book is part of the Packt Open Source brand, home to books published on software built around Open Source licences, and offering information to anybody from advanced developers to budding web designers. The Open Source brand also runs Packt's Open Source Royalty Scheme, by which Packt gives a royalty to each Open Source project about whose software a book is sold. Writing for Packt We welcome all inquiries from people who are interested in authoring. Book proposals should be sent to author@packtpub.com. If your book idea is still at an early stage and you would like to discuss it first before writing a formal book proposal, contact us; one of our commissioning editors will get in touch with you. We're not just looking for published authors; if you have strong technical skills but no writing experience, our experienced editors can help you develop a writing career, or simply get some additional reward for your expertise. AJAX and PHP: Building Modern Web Applications 2nd Edition ISBN: 978-1-847197-72-6 Paperback: 308 pages Build user friendly Web 2.0 Applications with JavaScript and PHP 1. The ultimate AJAX tutorial for building modern Web 2.0 Applications 2. Create faster, lighter, better web applications by using the AJAX technologies to their full potential 3. Leverage the power of PHP and MySQL to create powerful back-end functionality and make it work in harmony with a responsive AJAX clientWrite better JavaScript code to enable powerful web features Zend Framework 1.8 Web Application Development ISBN: 978-1-847194-22-0 Paperback: 380 pages Design, develop, and deploy feature-rich PHP web applications with this MVC framework 1. Create powerful web applications by leveraging the power of this Model-View-Controller-based framework 2. Learn by doing – create a "real-life" storefront application 3. Covers access control, performance optimization, and testing 4. Best practices, as well as debugging and designing discussion Please check www.PacktPub.com for information on our titles Building Websites with PHP-Nuke ISBN: 978-1-904811-05-3 Paperback: 320 pages A practical guide to creating and maintaining your own community website with PHP-Nuke 1. Step through creating your own web portal with PHP-Nuke 2. Simple and practical guidance to mastering PHP-Nuke 3. For people with basic knowledge of web development PHP and script.aculo.us Web 2.0 Application Interfaces ISBN: 978-1-847194-04-6 Paperback: 264 pages Build powerful interactive AJAX applications with script.aculo.us and PHP 1. Get started quickly with script.aculo.us library with as little as one line of code 2. Explore Prototype library features, tutorials, code, and examples 3. Learn script.aculo.us' In-place Editing, Auto Completion, Sliders, Drag-and-Drop, Effects, and Multimedia 4. A book with less jargon, and more code explanation for building real-world examples —Tadalist clone, Digg and Delicious clones, 43 things.com clone Please check www.PacktPub.com for information on our titles Magento 1.3: PHP Developer's Guide ISBN: 978-1-847197-42-9 Paperback: 260 pages Design, develop, and deploy feature-rich Magento online stores with PHP coding 1. Extend and customize the Magento e-commerce system using PHP code 2. Set up your own data profile to import or export data in Magento 3. # Build applications that interface with the customer, product, and order data using Magento's Core API jQuery UI 1.7: The User Interface Library for jQuery ISBN: 978-1-847199-72-0 Paperback: 392 pages Build highly interactive web applications with ready- to-use widgets from the jQuery User Interface library 1. Organize your interfaces with reusable widgets: accordions, date pickers, dialogs, sliders, tabs, and more 2. Enhance the interactivity of your pages by making elements drag-and-droppable, sortable, selectable, and resizable 3. Packed with examples and clear explanations of how to easily design elegant and powerful front-end interfaces for your web applications 4. Revised and targeted at jQuery UI 1.7 Please check www.PacktPub.com for information on our titles Drupal E-commerce with Ubercart 2.x ISBN: 978-1-847199-20-1 Paperback: 364 pages Build, administer, and customize an online store using Drupal with Ubercart 1. Create a powerful e-shop using the award- winning CMS Drupal and the robust e-commerce module Ubercart 2. Create and manage the product catalog and insert products in manual or batch mode 3. Apply SEO (search engine optimization) to your e-shop and adopt turn-key internet marketing techniques PrestaShop 1.3 Beginner's Guide ISBN: 978-1-849511-14-8 Paperback: 308 pages Build and customize your online store with this speedy, lightweight e-commerce solution 1. Covers every topic required to start and run a real, trading e-commerce business with PrestaShop 2. Deploy PrestaShop quickly and easily, and make your PrestaShop search-engine friendly 3. Learn how to turn a single new PrestaShop into a thriving e-commerce empire 4. Step-by-step fully illustrated explanation and discussions aimed at helping beginners like you towards the realization of your own PrestaShop store and beyond Please check www.PacktPub.com for information on our titles
...
还剩367页未读
继续阅读
关键词
相关pdf
- Agile Web Application Development with Yii 1.1 and PHP5
- Agile Web Application Development with Yii 1.1 and PHP5.pdf
- Yii 1.1 Application Development Cookbook
- Yii 1.1 Application Development Cookbook
- Agile Web Development with Rails
- Yii Rapid Application Development
- Pragmatic Agile Web Development with Rails 4
- Agile Web Development with Rails (Fourth Edition)
- Beginning PHP5, Apache, and MySQL Web Development
- Web Application Development with R Using Shiny
commentCount>1 ? $model->commentCount . ' comments' : 'One comment'; ?>
renderPartial('_comments',array( 'comments'=>$model->comments, )); ?>Leave a Comment
user->hasFlash('commentSubmitted')): ?>