Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to write new application?

edited November 2010 in Vanilla 2.0 - 2.8
Vanilla 2.x is well designed with some design patterns in mind (core classes use Singleton, Factory Method (and more) patterns). Though I find it is tough to create new application that manages public and user-must-logged-in contents because of lacking documents. I cloned 'skeleton' but it is too simple to the real life.

How to check/differ access from public or authenticated user?
I look into vanilla and dashboard applications but I can not figure it out. In some modules, I see this line
if ($Session->IsValid())
The controller checks access authorization? Or the module? Or some where else?

What is the flow of vanilla? There are controller, module, events, model, view, setting in one application. How to play with them all to process the request and give back the response?

I did Google in times but no luck.
Can anyone help me understand Vanilla 2, please?
Flow diagram picture is perfect.
For example, the flow diagram of Java Struts 2:

Thank you!


  • LincLinc Detroit Admin
    edited November 2010
    Check out the skeleton changes in 2.0.15. @S made some good changes to make it more realistic.

    We're still building the documentation, so your best bet is to deconstruct the 3 main apps (Conversations, Vanilla, Dashboard) for examples of how to do things.

    The Controllers are the traffic cops. That's where the main action happens as far as "they requested A, so do X, Y, and Z and then show them K." Definitely recommend starting there. The Render() call uses the View with the same name as the controller's method that called it unless otherwise specified.
  • LincLinc Detroit Admin
    Check out this section especially:
  • ToddTodd Chief Product Officer Vanilla Staff
    But thanks for the question. I'll try and get a "My First App" type of thing in the docs for you to read asap.
  • LincLinc Detroit Admin
    edited November 2010
    The Controller should check authorization, yes. Modules are like widgets. Sometimes they have their own permission checks, but usually you'd put the permission check before the controller loads the module.

    (sorry for the multi-part response; a bit scattered and typing bits between helping with dinner)
  • ToddTodd Chief Product Officer Vanilla Staff
    edited November 2010
    To answer your specific question about access authorization though. The controller does most access checking. This can be done in one of two ways.
    $this->Permission('Permission Name');
    In this case, if the current user does not have the given permission then execution is halted and an erro page is shown.
    if (Gdn::Session()->CheckPermission('Garden.Settings.GlobalPrivs')) {
    This syntax is less common, but sometimes you don't want to completely halt execution when a user doesn't have permission so you can just check a permission in an if statement.

    I said that permissions are usually checked in a controller. We also check permissions in views sometimes when we want to show/hide links or ui depending on permissions. However, if a link goes to a controller method then that controller method should also check the permission.

    You can check whether or not a user is signed in with if (Gdn::Session()->IsValid()). You can also check against Gdn::Session()->CheckPermission('Garden.SignIn.Allow').

    When writing an application it is best to use a specific permission rather than just check for signed in status. You can quickly determine the permissions by editing a role in your dashboard. If you use Firebug and inspect one of the checkboxes then the value of the checkbox is the permission. Once you look at a permission you can see the naming convention pretty easily.

    Finally, if you want to define your own permissions then you use the PermissionModel. I guess I should put this in the skeleton application, but here is an example from /dashboard/settings/structure.php
    $PermissionModel = Gdn::PermissionModel();

    // Define the set of permissions that garden uses.
    'Garden.Activity.View' => 1,
    'Garden.Profiles.View' => 1
    If you notice that all these permissions start with Garden. That's kind of a legacy thing. If you define a permission for an application then make sure it starts with the name of your application. Also, if you see the last two permissions have a value of 1 that's to give a default value.

    Hope this helps.
  • edited November 2010
    Thank you, Lincoln & Todd, for your quick replies.
    Check out this section especially:
    I checked that page but it lacks application sample. Some tutorials are for old versions as well.

    I will try Todd's suggests.
    These help me a lot. Using specific permission for a group of users is what I am thinking about.
Sign In or Register to comment.