Entities and permissions

The whole point of this framework is to make it easy to create entities and write custom modules easily. So we can create an entity with a few lines of code, we should consider the framework successful. Let’s create an entity for Blog Posts as an example.

Create a folder under the modules directory:

cd modules mkdir blog

Now create blog.php and entity.fields.json files under the blog directory.

The blog.php file should look like this:

<?php

namespace modules\blog;

class blog extends \modules\entity\entity{

    
}

And the entity.fields.json:

{
    "fields": [
        {
            "name": "title",
            "type": "string",
            "unique": false,
            "options" : {
                "length": 255,
                "notNull": true
            }
        },
        {
            "name": "body",
            "type": "text"
        },
        {
            "name": "created_at",
            "type": "integer"
        },
        {
            "name": "updated_at",
            "type": "integer"
        },
        {
            "name": "published",
            "type": "boolean"
        }

    ]
}

And voila! That’s it. That’s all we need to create a new entity. Now we just need to install our module:

php index.php system reinstall_modules

And it will create the database table.

Endpoints are also ready:

GET /blog -> Lists all blog posts GET /blog/1 -> Get the blog post with the id #1 POST /blog -> Create a new blog post PUT /blog -> Edit a blog post DELETE /blog -> Deletes a blog post.

The permissions are also automatically created. An authenticated user can create a blog post, list all blog posts, edit their own blog posts and delete their own blog posts out of the box. If you want to override the permissions, you can simply add a routing.json file under the blog module directory and change the permissions as required. For example if you want authenticated users to not to access all blog posts, you should simply:

routing.json

{
    "routes": [
        {
            "name": "Blog post lists",
            "path": "/blog",
            "method": "GET",
            "actor": "modules\\blog\\blog",
            "handler": "list",
            "permissions": [
                {
                    "type": "standart",
                    "name": "list all blog posts"
                }
            ]
        }
    ]
}

What we did above is pretty self explanatory. A few things to mention still:

What if we wanted the user to list their own blog posts but not the others? Simple. We would override the list method and add a where clause to the sql query to filter the owner’s blog posts.

routing.json

{
    "routes": [
        {
            "name": "Blog post lists",
            "path": "/blog",
            "method": "GET",
            "actor": "modules\\blog\\blog",
            "handler": "list",
            "permissions": [
                {
                    "type": "standart",
                    "name": "get any blog"
                }
            ]
        }
    ]
}

This time, we should add a new method to the blog.php class:

<?php

namespace modules\blog;

class blog extends \modules\entity\entity{

    public function list($total=10,$start_from=0){
        $queryBuilder = $this->connection->createQueryBuilder();
        $queryBuilder
            ->select('*')
            ->from($table)
            ->where(“owner = ?)
            ->setFirstResult($start_from)
            ->setParameter(:owner’, $this-owner)
            ->setMaxResults($total);

        try {
            $data = $queryBuilder->execute()->fetchAll(\PDO::FETCH_OBJ);
            if($data){
                return $data;
            }
        }
        catch(DBALException $e){
            print "Couldnt execute the query \n";
            print $e->getMessage() . "\n";
        }
        return false;

    }

    
}

As you can see we added a where clause to the usual query with the owner id. By default, the system adds an owner field to the entity and associates it with the creator user id. So we won’t need to even worry about the owner attribute, it comes out of the box.