Change Core Controller Behavior through Module

IOPNdev · March 1, 2020, 6:25pm

Hi,
I’m developing a module that lets admins restrict what resources non-admin users see by grouping resources and users into associated teams. The main rationale is that team members would be able to have higher permissions, like edit and delete, against resources within their team without permitting them to use that privilege globally.

Once I got the teams set up and some test data loaded, my natural inclination was to add a check to any controllers that show or modify resources to make sure the current user and the requested resource share a common team before serving the content. Though, I wasn’t sure how to do this through a modular/add-on design strategy. For proof-of-concept, I redeclared a core controller factory (eg ItemController) in my module’s config to return a controller from within the module were I added the check, but that seems like a poor design for production.

I’m new to designing extensible applications, but it seems like the design pattern is attaching listeners to the EventManagers that listen for the named events triggered in the views? Can/should I use this strategy to overwrite variables served to the view, or to modify content within the view? For example, to replace the $items variable from the ItemController’s browse action with an $items variable that I populate and then introduce through an event listener?

IOPNdev · April 15, 2020, 9:08pm

In case anyone is facing a similar problem: While you can totally overwrite a controller through your module’s config, it is probably not a good practice because multiple modules couldn’t use that same strategy simultaneously.

For the most part, it seems like the variables which controllers pass to views are either forms or data generated from the api. Both the forms and many of the api functions include events. So if you need to modify those controller variables, the best solution in most cases should be to go upstream and add to or modify the api/forms through the event manager.

jflatnes · April 16, 2020, 4:28pm

Sorry we didn’t respond here earlier.

I think you’ve arrived at about the right place: it’s possible to override the entire controller but obviously it’s preferable not to resort to that, for a whole variety of reasons.

The events are there for the purpose of enabling modules to make changes. If you’re finding that there are things you want/need to do that don’t seem to have an event that can affect them, please let us know here or by filing an issue.

IOPNdev · April 16, 2020, 4:50pm

Thanks–I think I’ve got the basic idea but I may need some additional advice on a specific task, which probably belongs in a separate thread.

system · December 22, 2020, 4:50pm

This topic was automatically closed 250 days after the last reply. New replies are no longer allowed.