-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathImportant behaviour to keep in mind.php
113 lines (75 loc) · 5.02 KB
/
Important behaviour to keep in mind.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
// ========================================================================================================================================
// Most validators, including inline validator, does not validate empty values unless you specifically ask it to!
// Source: http://www.yiiframework.com/doc-2.0/guide-input-validation.html#creating-validators
// http://www.yiiframework.com/doc-2.0/guide-input-validation.html#handling-empty-inputs
[['bk_amount_to_pay', 'bk_amount_received', 'bk_payment_date', 'bk_payment_method'], function($attribute, $params, $validator) {
if (!$this->$attribute && $this->bk_invoice_no) {
$validator->addError($this, $attribute, 'Cannot change payment details because booking has been invoiced. If you need to, undo payment first.'); //SKIPPED-TRANSL
}
}, 'skipOnEmpty' => false],
// ========================================================================================================================================
// Remember to ensure scalar or specify column name for findOne() and findAll() - (this would be exploitable: Post::findOne(Yii::$app->request->get('id')) )
// and that column names are not escaped by where() and filterWhere()
// So do either one in case it's not certain it is a scaler (Yii ensures that parameters for controller action are always scalar)
$model = Post::findOne((int) Yii::$app->request->get('id'));
$model = Post::findOne(['id' => Yii::$app->request->get('id')]);
// ========================================================================================================================================
// Remember to consider the parent beforeSave() as well
public function beforeSave($isInsert) {
if (!parent::beforeSave($isInsert)) {
return false;
}
// ...
return true;
}
// ========================================================================================================================================
// Method of controlling which users can add/delete/update records (but only if there are no conditions and exceptions)
public function beforeSave($isInsert) {
if ($isInsert && $this->getScenario() == TemplateDoc::SCENARIO_TDOC_ADMIN) {
\Yii::$app->system->error('You are not allowed to add records.', null, ['register' => false]);
// - or -
$this->addError('bk_firstname', 'You are not allowed to add records.');
}
return parent::beforeSave($isInsert);
}
// - or -
public function beforeValidate() {
if (1) {
$this->addError('bk_firstname', 'Cannot change record because event has been marked inactive.');
}
return parent::beforeValidate();
}
// ========================================================================================================================================
// afterSave()'s argument $changedOldAttributes only contains *changed* attributes (their OLD values)
public function afterSave($isInsert, $changedOldAttributes) {
// Make a complete set of old attributes
$oldValues = array_merge($this->toArray(), $changedOldAttributes);
return parent::afterSave($isInsert, $changedOldAttributes);
}
// ========================================================================================================================================
// Remember to consider the parent beforeDelete() as well - and with option to specify custom error messages
// NOTE: when calling model->delete() you just check for error messages on the model if it returns false.
public function beforeDelete() {
if (!parent::beforeDelete()) {
$this->addError('contactID', 'For some unknown reason we could not delete this record.');
}
// Relational restrictions
if (!empty($this->getTaskMentions()->count() > 0)) {
$this->addError('contactID', Yii::t('app', 'Customer has at least one layout.'));
}
// Other custom restrictions
if (someOtherCheckFails) {
$this->addError('contactID', 'You may not delete this record as it is more than two months old.');
}
return ($this->hasErrors() ? false : true);
}
// ========================================================================================================================================
// Remember to return boolean in model methods like beforeValidate() and beforeSave(), otherwise calling save() may return false but no mention of error reasons whatsoever! (see You are probably using an event in your model that doesn't return true. eg. public function beforeSave() {....... return true;//must return true after everything})
// Remember to do return in controller actions!
// ========================================================================================================================================
// Labels on ActiveForm form fields are automatically HTML encoded, unless you set it specifically like this:
$form->field($booking, 'bk_accept_terms')->checkbox()->label($booking->attributeLabels()['bk_accept_terms']);
// ========================================================================================================================================
// Removing an item from an array (example removes c_customerID from the array)
$newArray = array_diff($oldArray, ['c_customerID']);