From c1c9d650e191b4907c13aa6ff52bfff4e9287979 Mon Sep 17 00:00:00 2001 From: Mariano Scazzariello Date: Fri, 24 Feb 2017 00:44:19 +0100 Subject: [PATCH 1/4] Add "hidden" columns/fields into dbObject --- dbObject.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/dbObject.php b/dbObject.php index 229dd043..6a4258d7 100644 --- a/dbObject.php +++ b/dbObject.php @@ -124,6 +124,12 @@ public function __construct ($data = null) { * @return mixed */ public function __set ($name, $value) { + if ($name === 'hidden') + return; + + if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) !== false) + return; + $this->data[$name] = $value; } @@ -135,8 +141,12 @@ public function __set ($name, $value) { * @return mixed */ public function __get ($name) { + if ($name === 'hidden') /* Just in case... */ + return null; + if (isset ($this->data[$name]) && $this->data[$name] instanceof dbObject) - return $this->data[$name]; + if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) === false) + return $this->data[$name]; if (property_exists ($this, 'relations') && isset ($this->relations[$name])) { $relationType = strtolower ($this->relations[$name][0]); @@ -159,9 +169,9 @@ public function __get ($name) { } } - if (isset ($this->data[$name])) { - return $this->data[$name]; - } + if (isset ($this->data[$name])) + if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) === false) + return $this->data[$name]; if (property_exists ($this->db, $name)) return $this->db->$name; From 937d88976a4f9cd3a726ae719e848aabde90cc54 Mon Sep 17 00:00:00 2001 From: Mariano Scazzariello Date: Fri, 24 Feb 2017 09:59:37 +0100 Subject: [PATCH 2/4] Fixed hidden fields. Added guard check at the beginning of the method, removed name === 'hidden' (that was useless). --- dbObject.php | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/dbObject.php b/dbObject.php index 6a4258d7..81dc831f 100644 --- a/dbObject.php +++ b/dbObject.php @@ -124,9 +124,6 @@ public function __construct ($data = null) { * @return mixed */ public function __set ($name, $value) { - if ($name === 'hidden') - return; - if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) !== false) return; @@ -141,12 +138,11 @@ public function __set ($name, $value) { * @return mixed */ public function __get ($name) { - if ($name === 'hidden') /* Just in case... */ - return null; - - if (isset ($this->data[$name]) && $this->data[$name] instanceof dbObject) - if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) === false) - return $this->data[$name]; + if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) === false) + return null; + + if (isset ($this->data[$name]) && $this->data[$name] instanceof dbObject) + return $this->data[$name]; if (property_exists ($this, 'relations') && isset ($this->relations[$name])) { $relationType = strtolower ($this->relations[$name][0]); @@ -170,8 +166,7 @@ public function __get ($name) { } if (isset ($this->data[$name])) - if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) === false) - return $this->data[$name]; + return $this->data[$name]; if (property_exists ($this->db, $name)) return $this->db->$name; From e0383fb9edd3f5be2b1df598e4850dcd2fad435c Mon Sep 17 00:00:00 2001 From: Mariano Scazzariello Date: Fri, 24 Feb 2017 10:00:26 +0100 Subject: [PATCH 3/4] Check fix. --- dbObject.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dbObject.php b/dbObject.php index 81dc831f..ea00efee 100644 --- a/dbObject.php +++ b/dbObject.php @@ -138,7 +138,7 @@ public function __set ($name, $value) { * @return mixed */ public function __get ($name) { - if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) === false) + if (property_exists ($this, 'hidden') && array_search ($name, $this->hidden) !== false) return null; if (isset ($this->data[$name]) && $this->data[$name] instanceof dbObject) From f844bdc31b28943d8eb2791a0b37882043924670 Mon Sep 17 00:00:00 2001 From: Mariano Scazzariello Date: Wed, 1 Mar 2017 18:19:11 +0100 Subject: [PATCH 4/4] Added "Hidden Fields" documentation. --- dbObject.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/dbObject.md b/dbObject.md index 07a7cf05..52ab9437 100644 --- a/dbObject.md +++ b/dbObject.md @@ -295,6 +295,42 @@ $products = product::arraybuilder()->paginate($page); echo "showing $page out of " . product::$totalPages; ``` + +###Hidden Fields +Sometimes it's important to block some fields that can be accessed from outside the model class (for example, the user password). + +To block the access to certain fields using the `->` operator, you can declare the `$hidden` array into the model class. This array holds column names that can't be accessed with the `->` operator. + +For example: + +```php +class User extends dbObject { + protected $dbFields = array( + 'username' => array('text', 'required'), + 'password' => array('text', 'required'), + 'is_admin' => array('bool'), + 'token' => array('text') + ); + + protected $hidden = array( + 'password', 'token' + ); +} +``` + +If you try to: +```php +echo $user->password; +echo $user->token; +``` + +Will return `null`, and also: +```php +$user->password = "my-new-password"; +``` + +Won't change the current `password` value. + ###Examples Please look for a use examples in tests file and test models inside the test models directory