-- Daniel Latter <[email protected]> wrote
(on Monday, 06 September 2010, 04:40 PM +0100):
> On a Nabble post you refer to a piece of code that enables the passing
> of a token:
>
> class My_XmlRpc_Request extends Zend_XmlRpc_Request_Http
> {
>
> public function __construct()
> {
> parent::__construct();
>
> if ($this->getMethod() != 'login') {
> $params = $this->getParams();
> $token = array_shift($params);
> $this->setParams($params);
>
> // Verify the token, and then add it to the registry...
> Zend_Registry::set('token', $token);
> }
> }
> }
>
> I am correct in thinking that all service method(s) will stay the
> same, i.e. - have no reference to the token?
Correct. But see more below...
> so like this:
>
> /**
> * Add timesheet hours for a candidate
> *
> * @param array Hours for a working week
> * @return array
> */
> public function addHours($hours) {
>
> $timesheetService = new Service_Timesheet();
> $resp = $timesheetService->addCandidateTimesheetHours($hours);
>
> return $resp;
> }
>
>
> and NOT like this:
>
> /**
> * Add timesheet hours for a candidate
> *
> * @param string token
> * @param array Hours for a working week
> * @return array
> */
> public function addHours($token, $hours) {
>
> $timesheetService = new Service_Timesheet();
> $resp = $timesheetService->addCandidateTimesheetHours($hours);
>
> return $resp;
> }
Basically, the token becomes an identity token, and you use it in your
ACLs to determine if access is allowed to the current resources.
Today, I'd do it slightly differently than I posted previously. Instead
of pushing it into the registry, I'd push it into my service objects:
class My_XmlRpc_Request extends Zend_XmlRpc_Request_Http
{
protected $token;
public function __construct()
{
parent::__construct();
if ($this->getMethod() != 'login') {
$params = $this->getParams();
$token = array_shift($params);
$this->setParams($params);
$this->token = $token;
}
}
public function getToken()
{
return $this->token;
}
}
$request = new MyXmlRpc_Request();
$service = new Some_Service($request->getToken());
// or:
$service = new Some_Service();
$service->setToken($request->getToken());
$server = new Zend_XmlRpc_Server();
$server->setRequest($request)
->setClass($service);
$response = $server->handle();
echo $response;
This uses dependency injection instead of a global registry, which is a
saner, more testable approach. As in my previous post, however, it also
means you don't need to add the token as an argument to every method
attached to the server.
--
Matthew Weier O'Phinney
Project Lead | [email protected]
Zend Framework | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
