0

I have two tables, users and tokens.
Each user have a activated field and each token have the {id, token, user_id, created} fields.

The way the app should work is: On the creation, the app will -

  1. make sure that the activated field is empty (to avoid manipulations to the submitted data).
  2. a token will be created in the tokens table.

On update, the app will -

  1. NOT create a new token.
  2. NOT allow an update of any kind to the activated field.
  3. check if a new email has been submitted, and if so: will create a new token and set the activated field to false.

I know how to activate the account through the controller and how to setup the router for that.
What I need is mainly the model configuration.
For example: I think that the token creation should be done in the afterSave method, so - how do I determine if the method is called by an update or by a create operation?

Thanks for any help

yossi
  • 3,090
  • 7
  • 45
  • 65
  • I think you need to explain your problem better, is it simply deciding on what path to take with your action? – 8vius Sep 02 '11 at 01:24
  • I will try - if some of the actions would go into the controller, i will simply do the logic in the edit/add methods, with all the IF's. but i understood that it's a bad practice and the model should take care of the data validation. so, i need help with the way cakephp handle and implement my requirements. some code examples about checking if the beforeSave method is updating or creating the record.. and so on – yossi Sep 02 '11 at 01:29
  • This is still very vague. You basically are saying "teach me how to use CakePHP." Are you familiar with MVC programming and have you checked the documentation? There are no add/edit methods in Cake, just save and update to the database. If you need to do things at different times, then you either need methods in your model to do what you want with the data before the save. – Scott Harwell Sep 02 '11 at 01:33
  • the add/edit methods are in the controller as i mentioned. from the other hand the documentation does not mentioning any `update` method, can you help me with a link to it? – yossi Sep 02 '11 at 01:42

2 Answers2

1

You question is unclear. If you have a default value for a field, then why not set it in the database rather than doing something in aftersave? If you need to do something that should be done only in certain circumstances, then write a custom method in your model to perform the tasks you want either on creation or update.

Edit

So, if your record has an id, then you know it exists in the database. So, the simple thing to do is (in any method) check to see if the model has an id field and that it is not empty. If it's empty, then you know that you are creating a record and you can do x task. If it isn't, then do y task.

if(isset($modelData['ModelName']['id']) && !empty($modelData['ModelName']['id'])){
    //This is an update
} else {
    //This is a new record
}
Scott Harwell
  • 7,457
  • 2
  • 28
  • 41
  • That is exactly what i am asking! how can i tell when it's an update and when it's a create operation? And as to the default value, if someone will supply a field called 'activated' to the creation form, and will set its value to true - the cake FW will save it to the db, ignoring the default. so, how can a default value help me? – yossi Sep 02 '11 at 01:36
  • I'll try to add some basic examples to my answer...I think I understand. – Scott Harwell Sep 02 '11 at 01:38
  • I believe you should be able to tell depending if you're in the add or the edit controller method right? – 8vius Sep 02 '11 at 01:45
  • You shouldn't be calling add or edit methods from a controller. You call Cake's model functions, save and saveall. These perform both create and update functions in the database. – Scott Harwell Sep 02 '11 at 01:47
  • @8vius - i know that, but it means handling the data in the controller - i try to avoid it. – yossi Sep 02 '11 at 02:23
  • @Scott Harwell, in the controller, both methods (add/edit) uses the save. there isn't any update function there. so, as i wrote - i have to manipulate the data in the controller.. not the best idea (but, i think that i won't waste more time on it, i need this app running two weeks ago :) ) – yossi Sep 02 '11 at 02:32
  • This solution is not good, a hacker can EASILY tamper with the form fields and send an id, and, even if the id will be one that do not exist in the table, cake will create a new record and will set that id to it... – yossi Sep 02 '11 at 03:40
  • Obviously, this is intended to be a generic example of data once it has been passed to the controller or model so the user cannot modify the data at this point. You can run this by looking for the id after form submission so that a hacker can't edit the id. – Scott Harwell Sep 02 '11 at 15:20
1

yossi you can also specify the fields that should be saved from the form though - a whitelist of fields it is ok to save in you $this->save() call. That way you can stop a hacker passing an ID in the request, and you should just set it in the controller yourself then with $this->Token->id = whatever you have, I would personally use saveField ('activated) in conjunction with this (just saves a single field!). Fat models is best if you can but get it working first then refactor it if you have got stuck. Better than wasting lots of time writing perfect first time.

Luke Barker
  • 915
  • 7
  • 14