Ajax and eZ Publish

Next topic

Author	Message
Sao Tavi	Wednesday 08 June 2011 8:32:06 am I need to use ajax for an autosave feature. So, the user enters content and, at every x minutes, that content is saved to the current version of the object in the database. The problem: doing this without ez publish framework would result in possible hacking (with some simple tools, the user would be able to change any content on the website). So I need to envelop the response script in ez Publish and check if the current user has the permissions to edit the requested object (identified by id, language, version). Also, in response, I need a simple response like success, denied, failed. How can I do that? I guess I need to create a module that will handle this type of requests and put there something like (see code after the next paragraph). Also, it seems that I cannot go after the code tag when inserting messages in this forums. Is this a bug or is just my lack of knowledge? I haven't checked how it behaves on my installation yet. if (!$content = new contentObj($id, $lang, $vers)) echo 'failed'; if (content->can_edit == true) { $content->setAttribute("description", $new_content; echo 'success'; } else echo 'denied';
Nicolas Pastorino	Wednesday 08 June 2011 8:49:46 am Hi Sao, You should definitely have a look at the eZJSCore extension, now shipped with any eZ Publish build, designed to ease usage of Javascript and Ajax within eZ Publish. A tutorial worth reading : http://share.ez.no/learn/ez-publish/ezjscore-ez-publish-javascript-and-ajax-framework Cheers, -- Nicolas Pastorino Director Community - eZ Member of the Community Project Board eZ Publish Community on twitter: http://twitter.com/ezcommunity t : http://twitter.com/jeanvoye G+ : http://plus.tl/jeanvoye
Sao Tavi	Wednesday 08 June 2011 10:16:39 am Thank you, Nicolas I started implementing it, but I have one big problem: {ezscript_require( array( 'ezjsc::jquery' ) )} produces no output. I am using ez Publish 4.4, ezjscore is active (I checked). Oh, sorry about that, it seems that I forgot to clear the cache.

Author

Message

Wednesday 08 June 2011 8:32:06 am

I need to use ajax for an autosave feature. So, the user enters content and, at every x minutes, that content is saved to the current version of the object in the database.

The problem: doing this without ez publish framework would result in possible hacking (with some simple tools, the user would be able to change any content on the website). So I need to envelop the response script in ez Publish and check if the current user has the permissions to edit the requested object (identified by id, language, version). Also, in response, I need a simple response like success, denied, failed.

How can I do that? I guess I need to create a module that will handle this type of requests and put there something like (see code after the next paragraph).

Also, it seems that I cannot go after the code tag when inserting messages in this forums. Is this a bug or is just my lack of knowledge? I haven't checked how it behaves on my installation yet.

 if (!$content = new contentObj($id, $lang, $vers))
     echo 'failed'; 
 if (content->can_edit == true) {
     $content->setAttribute("description", $new_content; 
     echo 'success';
     } 
 else 
     echo 'denied';

Nicolas Pastorino

Wednesday 08 June 2011 8:49:46 am

Hi Sao,

You should definitely have a look at the eZJSCore extension, now shipped with any eZ Publish build, designed to ease usage of Javascript and Ajax within eZ Publish. A tutorial worth reading : http://share.ez.no/learn/ez-publish/ezjscore-ez-publish-javascript-and-ajax-framework

Cheers,

--
Nicolas Pastorino
Director Community - eZ
Member of the Community Project Board

eZ Publish Community on twitter: http://twitter.com/ezcommunity

t : http://twitter.com/jeanvoye
G+ : http://plus.tl/jeanvoye

Sao Tavi

Wednesday 08 June 2011 10:16:39 am

Thank you, Nicolas

I started implementing it, but I have one big problem:

{ezscript_require( array( 'ezjsc::jquery' ) )}

produces no output.

I am using ez Publish 4.4, ezjscore is active (I checked).

Oh, sorry about that, it seems that I forgot to clear the cache.