Filters
In the
last chapter we saw three different filters being used - 'authenticated', 'note_exists' and 'owns_note'.
The snippets implementing them, as explained in the docs, are located in the 'snippets/filters' folder.
Let us take a look at each of the snippet files -
1. authenticated.htmlCode:
<cms:if k_logged_out >
<cms:redirect k_login_link />
</cms:if>
This one is simple. It checks if the visitor accessing the URL is logged out and, if that is the case, redirects her to the login page.
If you remember, with filters 'no news is good news' - if the visitor happens to be logged in, this filter will do nothing and hence will 'succeed'.
2. note_exists.htmlCode:
<cms:if "<cms:not "<cms:page_exists id=rt_id masterpage='notes.php' />" />" >
<cms:abort is_404='1' />
</cms:if>
The important part above is the cms:page_exists tag that queries the 'notes.php' template for a page with ID contained in the '
rt_id' variable.
If you recall from the docs, the cms:match_route upon finding a matching route, creates variables by prefixing all 'variable parameters' in its 'path' (i.e. those defined e.g. as {:id}) with 'rt_' and puts into them the actual value used in the URL.
To take a concrete example, our 'edit_view' route defines the path as follows -
Quote:
path='{:id}/edit'
If the URL used to access this route happens to be -
Quote:
http://www.yoursite.com/notes/16/edit
http://www.yoursite.com/notes.php?q=16/edit (without prettyURLs)
cms:match_route will set a variable named 'rt_id' and place within it the value '16'.
The query that our note_exists filter executes now becomes
Code:
<cms:page_exists id='16' masterpage='notes.php' />
which will return '0' or '1' depending on whether or not a cloned-page of 'notes.php' with an ID 16 exists.
The cms:not enclosing the cms:page_exists will receive the result returned. So, assuming the page does not exist and cms:page_exists returns '0', our code effectively becomes -
Code:
<cms:if "<cms:not "0" />" >
<cms:abort is_404='1' />
</cms:if>
The cms:not tag serves to simply reverse whatever value is provided to it, so the '0' will become '1' and our code effectively becomes -
Code:
<cms:if "1" >
<cms:abort is_404='1' />
</cms:if>
which will cause the cms:if block to execute the enclosed code.
That is
Code:
<cms:abort is_404='1' />
which summarily kills the executing page and returns a HTTP 404 error to the browser.
In short, this filter will only succeed (i.e. do nothing) if the page being requested really exists.
3. owns_note.htmlCode:
<cms:pages
masterpage='notes.php'
id=rt_id
custom_field="note_owner=<cms:show k_user_name />"
limit='1'
show_future_entries='1' >
<cms:no_results>
<cms:abort is_404='1' />
</cms:no_results>
</cms:pages>
Here we use cms:pages to fetch a single cloned page of notes.php that has an ID as provided by the URL.
The following statement
Code:
custom_field="note_owner=<cms:show k_user_name />"
adds the further restriction that the page should also have its 'note_owner' field set to the currently logged-in user (k_user_name variable always points to which). In other words, this is a way of checking if the logged-in user is indeed the owner of the requested page.
Quote:
[
*NOTE: The 'note_owner' field, you'll remember, is the editable region of type 'relation' in notes.php that defines a many-to-one relation with the users template ('users/index.php').
The syntax used to query a relation field made its debut very recently and so might be a little unfamiliar. If so, you'll find a complete discussion about it at
viewtopic.php?f=5&t=8581 (see '2. Enhanced cms:pages tag' section).]
If no such page is found, the cms:no_results tag executes and the HTTP 404 is served.
If, however, this page is found, the cms:pages tag has nothing within it to execute so it outputs a blank.
Which translates to that this is a success case for this filter.
We can now move on to see what happens when a route gets selected.
Next: Controller
