blob: 95d00765dc5e0f9d3947304e8140c1760c5c5286 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
<com:TContent ID="Main">
<h1>Creating <tt>EditPost</tt> Page</h1>
<p>
The <tt>EditPost</tt> page is provided to authors and the administrator to edit existing blog posts. Like the <a href="?page=Day4.CreateNewPost">NewPost</a> page, it displays a form to collect the change to the title and content of a post.
</p>
<p>
We create two files <tt>protected/pages/posts/EditPost.page</tt> and <tt>protected/pages/posts/EditPost.php</tt> to save the page template and page class, respectively.
</p>
<h2>Creating Page Template</h2>
<p>
The <tt>EditPost</tt> page template is very similar to the <tt>NewPost</tt> template. Only the page title and the button caption are different.
</p>
<com:TTextHighlighter CssClass="source" Language="prado">
<%@ Title="My Blog - Edit Post" %>
<com:TContent ID="Main">
<h1>Edit Post</h1>
<span>Title:</span>
<com:TRequiredFieldValidator
ControlToValidate="TitleEdit"
ErrorMessage="Please provide a title."
Display="Dynamic" />
<br/>
<com:TTextBox ID="TitleEdit" Columns="50" />
<br/>
<span>Content:</span>
<com:TRequiredFieldValidator
ControlToValidate="ContentEdit"
ErrorMessage="Please provide content."
Display="Dynamic" />
<br/>
<com:THtmlArea ID="ContentEdit" />
<br/>
<com:TButton Text="Save" OnClick="saveButtonClicked" />
</com:TContent>
</com:TTextHighlighter>
<h2>Creating Page Class</h2>
<p>
The <tt>EditPage</tt> page class is slightly complex than <tt>NewPage</tt> because it needs to load the specified post data first. It also needs to perform additional authorization check. In particular, it needs to ensure that a post can only be editted by the author or the administrator. Such authorization check is not provided by PRADO itself.
</p>
<com:TTextHighlighter CssClass="source" Language="php">
class EditPost extends TPage
{
/**
* Initializes the inputs with existing post data.
* This method is invoked by the framework when the page is being initialized.
* @param mixed event parameter
*/
public function onInit($param)
{
parent::onInit($param);
// Retrieves the existing user data. This is equivalent to:
// $postRecord=$this->getPost();
$postRecord=$this->Post;
// Authorization check: only the author or the administrator can edit the post
if($postRecord->author_id!==$this->User->Name && !$this->User->IsAdmin)
throw new THttpException(500,'You are not allowed to edit this post.');
if(!$this->IsPostBack) // if the page is initially requested
{
// Populates the input controls with the existing post data
$this->TitleEdit->Text=$postRecord->title;
$this->ContentEdit->Text=$postRecord->content;
}
}
/**
* Saves the post if all inputs are valid.
* This method responds to the OnClick event of the "Save" button.
* @param mixed event sender
* @param mixed event parameter
*/
public function saveButtonClicked($sender,$param)
{
if($this->IsValid) // when all validations succeed
{
// Retrieves the existing user data. This is equivalent to:
// $postRecord=$this->getPost();
$postRecord=$this->Post;
// Fetches the input data
$postRecord->title=$this->TitleEdit->SafeText;
$postRecord->content=$this->ContentEdit->SafeText;
// saves to the database via Active Record mechanism
$postRecord->save();
// redirects the browser to the ReadPost page
$url=$this->Service->constructUrl('posts.ReadPost',array('id'=>$postRecord->post_id));
$this->Response->redirect($url);
}
}
/**
* Returns the post data to be editted.
* @return PostRecord the post data to be editted.
* @throws THttpException if the post data is not found.
*/
protected function getPost()
{
// the ID of the post to be editted is passed via GET parameter 'id'
$postID=(int)$this->Request['id'];
// use Active Record to look for the specified post ID
$postRecord=PostRecord::finder()->findByPk($postID);
if($postRecord===null)
throw new THttpException(500,'Post is not found.');
return $postRecord;
}
}
</com:TTextHighlighter>
<h2>Testing</h2>
<p>
To test the <tt>EditPost</tt> page, login first and visit the following URL: <tt>http://hostname/blog/index.php?page=EditPost&id=1</tt>. This URL can also be reached by clicking on the <tt>Edit</tt> link on a post detail page.
</p>
<img src="<%~ output4.gif %>" class="output" />
</com:TContent>
|