1 package Maypole::Model::CDBI::FromCGI;
6 Maypole::Model:CDBI::FromCGI - Validate form input and populate Model objects
10 $obj = $class->create_from_cgi($r);
11 $obj = $class->create_from_cgi($r, { params => {data1=>...}, required => [..],
12 ignore => [...], all => [...]);
13 $obj = $class->create_from_cgi($h, $options); # CDBI::FromCGI style, see docs
15 $obj->update_from_cgi($r);
16 $obj->update_from_cgi($h, $options);
18 $obj = $obj->add_to_from_cgi($r);
19 $obj = $obj->add_to_from_cgi($r, { params => {...} } );
21 # This does not work like in CDBI::FromCGI and probably never will :
22 # $class->update_from_cgi($h, @columns);
27 Provides a way to validate form input and populate Model Objects, based
28 on Class::DBI::FromCGI.
34 # The base base model class for apps
35 # provides good search and create functions
37 use base qw(Exporter);
39 use Maypole::Constants;
40 use CGI::Untaint::Maypole;
41 our $Untainter = 'CGI::Untaint::Maypole';
43 our @EXPORT = qw/update_from_cgi create_from_cgi untaint_columns add_to_from_cgi
44 cgi_update_errors untaint_type validate_inputs validate_all _do_update_all
45 _do_create_all _create_related classify_form_inputs/;
49 use Data::Dumper; # for debugging
53 =head2 untaint_columns
55 Replicates Class::DBI::FromCGI method of same name :
57 __PACKAGE__->untaint_columns(
58 printable => [qw/Title Director/],
59 integer => [qw/DomesticGross NumExplodingSheep],
60 date => [qw/OpeningDate/],
66 die "untaint_columns() needs a hash" unless @_ % 2;
67 my ($class, %args) = @_;
68 $class->mk_classdata('__untaint_types')
69 unless $class->can('__untaint_types');
70 my %types = %{ $class->__untaint_types || {} };
71 while (my ($type, $ref) = each(%args)) {
74 $class->__untaint_types(\%types);
79 gets the untaint type for a column as set in "untaint_types"
83 # get/set untaint_type for a column
85 my ($class, $field, $new_type) = @_;
86 my %handler = __PACKAGE__->_untaint_handlers($class);
87 return $handler{$field} if $handler{$field};
89 local $SIG{__WARN__} = sub { };
90 my $type = $class->column_type($field) or die;
91 _column_type_for($type);
93 return $handler || undef;
96 =head2 cgi_update_errors
98 Returns errors that ocurred during an operation.
102 sub cgi_update_errors { %{ shift->{_cgi_update_error} || {} } }
106 =head2 create_from_cgi
108 Based on the same method in Class::DBI::FromCGI.
110 Creates multiple objects from a cgi form.
111 Errors are returned in cgi_update_errors
113 It can be called Maypole style passing the Maypole request object as the
114 first arg, or Class::DBI::FromCGI style passing the Untaint Handler ($h)
117 A hashref of options can be passed as the second argument. Unlike
118 in the CDBI equivalent, you can *not* pass a list as the second argument.
120 params -- hashref of cgi data to use instead of $r->params,
121 required -- list of fields that are required
122 ignore -- list of fields to ignore
123 all -- list of all fields (defaults to $class->columns)
127 sub create_from_cgi {
128 my ($self, $r, $opts) = @_;
129 $self->_croak( "create_from_cgi can only be called as a class method")
131 my ($errors, $validated);
134 if ($r->isa('CGI::Untaint')) { # FromCGI interface compatibility
135 ($validated, $errors) = $self->validate_inputs($r,$opts);
137 my $params = $opts->{params} || $r->params;
138 $opts->{params} = $self->classify_form_inputs($params);
139 ($validated, $errors) = $self->validate_all($r, $opts);
143 return bless { _cgi_update_error => $errors }, $self;
146 # Insert all the data
147 my ($obj, $err ) = $self->_do_create_all($validated);
149 return bless { _cgi_update_error => $err }, $self;
155 =head2 update_from_cgi
157 Replicates the Class::DBI::FromCGI method of same name. It updates an object and
158 returns 1 upon success. It can take the same arguments as create_form_cgi.
159 If errors, it sets the cgi_update_errors.
163 sub update_from_cgi {
164 my ($self, $r, $opts) = @_;
165 $self->_croak( "update_from_cgi can only be called as an object method") unless ref $self;
166 my ($errors, $validated);
167 $self->{_cgi_update_error} = {};
168 $opts->{updating} = 1;
170 # FromCGI interface compatibility
171 if ($r->isa('CGI::Untaint')) {
172 # REHASH the $opts for updating:
173 # 1: we ignore any fields we dont have parmeter for. (safe ?)
174 # 2: we dont want to update fields unless they change
176 my @ignore = @{$opts->{ignore} || []};
177 push @ignore, $self->primary_column->name;
178 my $raw = $r->raw_data;
179 #print "*** raw data ****" . Dumper($raw);
180 foreach my $field ($self->columns) {
181 #print "*** field is $field ***\n";
182 if (not defined $raw->{$field}) {
183 push @ignore, $field->name;
184 #print "*** ignoring $field because it is not present ***\n";
187 # stupid inflation , cant get at raw db value easy, must call
188 # deflate ***FIXME****
189 my $cur_val = ref $self->$field ? $self->$field->id : $self->$field;
190 if ($raw->{$field} eq $cur_val) {
191 #print "*** ignoring $field because unchanged ***\n";
192 push @ignore, "$field";
195 $opts->{ignore} = \@ignore;
196 ($validated, $errors) = $self->validate_inputs($r,$opts);
198 my $params = $opts->{params} || $r->params;
199 $opts->{params} = $self->classify_form_inputs($params);
200 ($validated, $errors) = $self->validate_all($r, $opts);
201 #print "*** errors for validate all ****" . Dumper($errors);
205 #print "*** we have errors ****" . Dumper($errors);
206 $self->{_cgi_update_error} = $errors;
210 # Update all the data
211 my ($obj, $err ) = $self->_do_update_all($validated);
213 $self->{_cgi_update_error} = $err;
219 =head2 add_to_from_cgi
221 $obj->add_to_from_cgi($r[, $opts]);
223 Like add_to_* for has_many relationships but will add nay objects it can
224 figure out from the data. It returns a list of objects it creates or nothing
225 on error. Call cgi_update_errors with the calling object to get errors.
226 Fatal errors are in the respective "FATAL" key.
230 sub add_to_from_cgi {
231 my ($self, $r, $opts) = @_;
232 $self->_croak( "add_to_from_cgi can only be called as an object method")
234 my ($errors, $validated, @created);
237 my $params = $opts->{params} || $r->params;
238 $opts->{params} = $self->classify_form_inputs($params);
239 ($validated, $errors) = $self->validate_all($r, $opts);
243 $self->{_cgi_update_error} = $errors;
247 # Insert all the data
248 foreach my $hm (keys %$validated) {
249 my ($obj, $errs) = $self->_create_related($hm, $validated->{$hm});
253 $errors->{$hm} = $errs;
258 $self->{_cgi_update_error} = $errors;
270 Validates (untaints) a hash of possibly mixed table data.
271 Returns validated and errors ($validated, $errors).
272 If no errors then undef in that spot.
277 my ($self, $r, $opts) = @_;
278 my $class = ref $self || $self;
279 my $classified = $opts->{params};
280 my $updating = $opts->{updating};
282 # Base case - validate this classes data
283 $opts->{all} ||= eval{ $r->config->{$self->table}{all_cols} } ||
284 [$self->columns('All')];
285 $opts->{required} ||= eval{ $r->config->{$self->table}{required_cols} } ||
287 my $ignore = $opts->{ignore} || eval{ $r->config->{$self->table}{ignore_cols} }
289 push @$ignore, $self->primary_column->name if $updating;
291 # Ignore hashes of foreign inputs. This takes care of required has_a's
292 # for main object that we have foreign inputs for.
293 foreach (keys %$classified) {
294 push @$ignore, $_ if ref $classified->{$_} eq 'HASH';
296 $opts->{ignore} = $ignore;
297 my $h = $Untainter->new($classified);
298 my ($validated, $errs) = $self->validate_inputs($h, $opts);
300 # Validate all foreign input
302 #warn "Classified data is " . Dumper($classified);
303 foreach my $field (keys %$classified) {
304 if (ref $classified->{$field} eq "HASH") {
305 my $data = $classified->{$field};
307 my @usr_entered_vals = ();
308 foreach ( values %$data ) {
309 push @usr_entered_vals, $_ if $_ ne '';
313 # IF we have some inputs for the related
314 if ( @usr_entered_vals ) {
315 # We need to ignore us if we are a required has_a in this foreign class
316 my $rel_meta = $self->related_meta($r, $field);
317 my $fclass = $rel_meta->{foreign_class};
318 my $fmeta = $fclass->meta_info('has_a');
320 if ($fmeta->{$_}{foreign_class} eq $class) {
324 my ($valid, $ferrs) = $fclass->validate_all($r,
325 {params => $data, updating => $updating, ignore => $ignore } );
327 $errs->{$field} = $ferrs if $ferrs;
328 $validated->{$field} = $valid;
331 # Check this foreign object is not requeired
332 my %req = map { $_ => 1 } $opts->{required};
334 $errs->{$field}{FATAL} = "This is required. Please enter the required fields in this section."
339 #warn "Validated inputs are " . Dumper($validated);
340 undef $errs unless keys %$errs;
341 return ($validated, $errs);
346 =head2 validate_inputs
348 $self->validate_inputs($h, $opts);
350 This is the main validation method to validate inputs for a single class.
351 Most of the time you use validate_all.
353 Returns validated and errors.
355 If no errors then undef in that slot.
357 Note: This method is currently experimental (in 2.11) and may be subject to change
362 sub validate_inputs {
363 my ($self, $h, $opts) = @_;
364 my $updating = $opts->{updating};
365 my %required = map { $_ => 1 } @{$opts->{required}};
367 $seen{$_}++ foreach @{$opts->{ignore}};
370 $opts->{all} = [ $self->columns ] unless @{$opts->{all} || [] } ;
371 foreach my $field (@{$opts->{required}}, @{$opts->{all}}) {
372 next if $seen{$field}++;
373 my $type = $self->untaint_type($field) or
374 do { warn "No untaint type for $self 's field $field. Ignoring.";
377 my $value = $h->extract("-as_$type" => $field);
380 # Required field error
381 if ($required{$field} and !ref($value) and $err =~ /^No input for/) {
382 #($value eq '' or !defined $value))
383 $errors->{$field} = "You must supply '$field'"
384 #unless ($updating and$self->field;
387 # 1: No inupt entered
388 if ($err =~ /^No input for/) {
389 # A : Updating -- set the field to undef or ''
391 $fields->{$field} = eval{$self->column_nullable($field)} ?
394 # B : Creating -- dont set a value and RDMS will put default
397 # 2: A real untaint error -- just set the error
398 elsif ($err !~ /^No parameter for/) {
399 $errors->{$field} = $err;
402 $fields->{$field} = $value
405 undef $errors unless keys %$errors;
406 return ($fields, $errors);
414 # Untaints and Creates objects from hashed params.
415 # Returns parent object and errors ($obj, $errors).
416 # If no errors, then undef in that slot.
418 my ($self, $validated) = @_;
419 my $class = ref $self || $self;
420 my ($errors, $accssr);
422 # Separate out related objects' data from main hash
424 foreach (keys %$validated) {
425 $related{$_}= delete $validated->{$_} if ref $validated->{$_} eq 'HASH';
427 # Make has_own/a rel type objects and put id in parent's data hash
428 # foreach $accssr (keys %related) {
429 # my $rel_meta = $self->related_meta('r', $accssr);
430 # $self->_croak("No relationship found for $accssr to $class.")
432 # my $rel_type = $rel_meta->{name};
433 # if ($rel_type =~ /(^has_own$|^has_a$)/) {
434 # my $fclass= $rel_meta->{foreign_class};
435 # my ($rel_obj, $errs) = $fclass->_do_create_all($related{$accssr});
436 # # put id in parent's data hash
437 # if (not keys %$errs) {
438 # $validated->{$accssr} = $rel_obj->id;
440 # $errors->{$accssr} = $errs;
442 # delete $related{$accssr}; # done with this
446 # Make main object -- base case
447 #warn "\n*** validated data is " . Dumper($validated). "***\n";
448 my $me_obj = eval { $self->create($validated) };
450 warn "Just failed making a " . $self. " FATAL Error is $@"
451 if (eval{$self->model_debug});
452 $errors->{FATAL} = $@;
453 return (undef, $errors);
456 if (eval{$self->model_debug}) {
458 warn "Just made a $self : $me_obj ( " . $me_obj->id . ")";
460 warn "Just failed making a " . $self. " FATAL Error is $@" if not $me_obj;
464 # Make other related (must_have, might_have, has_many etc )
465 foreach $accssr ( keys %related ) {
466 my ($rel_obj, $errs) =
467 $me_obj->_create_related($accssr, $related{$accssr});
468 $errors->{$accssr} = $errs if $errs;
471 #warn "Errors are " . Dumper($errors);
473 undef $errors unless keys %$errors;
474 return ($me_obj, $errors);
482 # Updates objects from hashed untainted data
486 my ($self, $validated) = @_;
487 my ($errors, $accssr);
489 # Separate out related objects' data from main hash
491 foreach (keys %$validated) {
492 $related{$_}= delete $validated->{$_} if ref $validated->{$_} eq 'HASH';
495 # set does not work with IsA right now so we set each col individually
496 #$self->set(%$validated);
497 my $old = $self->autoupdate(0);
498 for (keys %$validated) {
499 $self->$_($validated->{$_});
502 $self->autoupdate($old);
505 foreach $accssr (keys %related) {
506 my $fobj = $self->$accssr;
507 my $validated = $related{$accssr};
509 my $old = $fobj->autoupdate(0);
510 for (keys %$validated) {
511 $fobj->$_($validated->{$_});
514 $fobj->autoupdate($old);
517 $fobj = $self->_create_related($accssr, $related{$accssr});
528 # Creates and automatically relates newly created object to calling object
529 # Returns related object and errors ($obj, $errors).
530 # If no errors, then undef in that slot.
532 sub _create_related {
533 # self is object or class, accssr is accssr to relationship, params are
534 # data for relobject, and created is the array ref to store objs we
536 my ( $self, $accssr, $params, $created ) = @_;
537 $self->_croak ("Can't make related object without a parent $self object")
540 my $rel_meta = $self->related_meta('r',$accssr);
542 $self->_croak("No relationship for $accssr in " . ref($self));
544 my $rel_type = $rel_meta->{name};
545 my $fclass = $rel_meta->{foreign_class};
546 #warn " Dumper of meta is " . Dumper($rel_meta);
551 # Set up params for might_have, has_many, etc
552 if ($rel_type ne 'has_own' and $rel_type ne 'has_a') {
554 # Foreign Key meta data not very standardized in CDBI
555 my $fkey= $rel_meta->{args}{foreign_key} || $rel_meta->{foreign_column};
556 unless ($fkey) { die " Could not determine foreign key for $fclass"; }
557 my %data = (%$params, $fkey => $self->id);
558 %data = ( %data, %{$rel_meta->{args}->{constraint} || {}} );
559 #warn "Data is " . Dumper(\%data);
560 ($rel, $errs) = $fclass->_do_create_all(\%data, $created);
563 ($rel, $errs) = $fclass->_do_create_all($params, $created);
565 $self->$accssr($rel->id);
569 return ($rel, $errs);
575 =head2 classify_form_inputs
577 $self->classify_form_inputs($params[, $delimiter]);
579 Foreign inputs are inputs that have data for a related table.
580 They come named so we can tell which related class they belong to.
581 This assumes the form : $accessor . $delimeter . $column recursively
582 classifies them into hashes. It returns a hashref.
586 sub classify_form_inputs {
587 my ($self, $params, $delimiter) = @_;
590 $delimiter ||= $self->foreign_input_delimiter;
591 foreach my $input_name (keys %$params) {
592 my @accssrs = split /$delimiter/, $input_name;
593 my $col_name = pop @accssrs;
594 $bottom_level = \%hashed;
595 while ( my $a = shift @accssrs ) {
596 $bottom_level->{$a} ||= {};
597 $bottom_level = $bottom_level->{$a}; # point to bottom level
599 # now insert parameter at bottom level keyed on col name
600 $bottom_level->{$col_name} = $params->{$input_name};
605 sub _untaint_handlers {
606 my ($me, $them) = @_;
607 return () unless $them->can('__untaint_types');
608 my %type = %{ $them->__untaint_types || {} };
610 @h{ @{ $type{$_} } } = ($_) x @{ $type{$_} } foreach keys %type;
614 sub _column_type_for {
618 varchar => 'printable',
621 tinyint => 'integer',
622 smallint => 'integer',
623 mediumint => 'integer',
625 integer => 'integer',
630 return $map{$type} || "";
639 Peter Speltz, Aaron Trevena
641 =head1 AUTHORS EMERITUS
648 * add_to_from_cgi, search_from_cgi
649 * complete documentation
650 * ensure full backward compatibility with Class::DBI::FromCGI
652 =head1 BUGS and QUERIES
654 Please direct all correspondence regarding this module to:
657 =head1 COPYRIGHT AND LICENSE
659 Copyright 2003-2004 by Peter Speltz
661 This library is free software; you can redistribute it and/or modify
662 it under the same terms as Perl itself.
666 L<Class::DBI>, L<Class::DBI::FromCGI>
projects / maypole.git / blob