Change Core Controller Behavior through Module

Hi,
I’m developing a module that lets admins restrict what resources non-admin users see by grouping resources and users into associated teams. The main rationale is that team members would be able to have higher permissions, like edit and delete, against resources within their team without permitting them to use that privilege globally.

Once I got the teams set up and some test data loaded, my natural inclination was to add a check to any controllers that show or modify resources to make sure the current user and the requested resource share a common team before serving the content. Though, I wasn’t sure how to do this through a modular/add-on design strategy. For proof-of-concept, I redeclared a core controller factory (eg ItemController) in my module’s config to return a controller from within the module were I added the check, but that seems like a poor design for production.

I’m new to designing extensible applications, but it seems like the design pattern is attaching listeners to the EventManagers that listen for the named events triggered in the views? Can/should I use this strategy to overwrite variables served to the view, or to modify content within the view? For example, to replace the $items variable from the ItemController’s browse action with an $items variable that I populate and then introduce through an event listener?

In case anyone is facing a similar problem: While you can totally overwrite a controller through your module’s config, it is probably not a good practice because multiple modules couldn’t use that same strategy simultaneously.

For the most part, it seems like the variables which controllers pass to views are either forms or data generated from the api. Both the forms and many of the api functions include events. So if you need to modify those controller variables, the best solution in most cases should be to go upstream and add to or modify the api/forms through the event manager.

Sorry we didn’t respond here earlier.

I think you’ve arrived at about the right place: it’s possible to override the entire controller but obviously it’s preferable not to resort to that, for a whole variety of reasons.

The events are there for the purpose of enabling modules to make changes. If you’re finding that there are things you want/need to do that don’t seem to have an event that can affect them, please let us know here or by filing an issue.

Thanks–I think I’ve got the basic idea but I may need some additional advice on a specific task, which probably belongs in a separate thread.