Trongate Framework Documentation

trOnGAtE

Welcome
- Table of Contents
- Welcome To The Revolution
- Trongate's Free Forever Promise
- About These Docs
Getting Started
- A Word About MariaDB And MySQL
- Installing PHP and MySQL
- Let's Get Trongate!
Basics Concepts
- A Few Words About Coding Style
- The Structure of a Trongate Web App
- Introducing Modular HAVC
- The Problem With MVC
- Isn't this the same as HMVC?
- What's Inside A Module?
Understanding Routing
- What Is Routing?
- 404 Error Pages
- How Basic URL Routing Works
- Reading Values From The URL
- Preventing Methods From Being Invoked Via The URL
- Advanced Custom Routing
Controllers
- What Is A Controller?
- The Structure Of A Controller
- Defining A Default Controller
Views
- Understanding View Files
- An Example Of A View File Being Used
- Passing Data Into View Files
- Returning Views Output As A Variable
- Best Practices
The File Asset Manager
- Why We Need A File Asset Manager
- Basic Example - Part 1
- Basic Example - Part 2
- The Module Assets Trigger
- Additional Information
Modules Calling Modules
- Calling Another Module From A Controller
- Calling Another Module From A View
Super Modules & Sub Modules
- Complete Video Tutorial
- What Are Super Modules And Sub Modules?
- Accessing Sub Modules Via The URL
- Loading View Files From Within Sub Modules
- Accessing Sub Modules From Other Modules
Templates
- What Are Templates?
- How To Create Your Own Website Template
- Loading Templates
- Passing Information Into Templates
- Passing View Files Into Templates
- Template Partials
- About The Admin Template
Trongate CSS
- Introducing Trongate CSS
- Features and Benefits
- Trongate CSS Examples
- JavaScript Components
- Trongate CSS Video Tutorial
- Working With YouTube Videos
Helpers Explained
- Helpers Introduction
- The URL Helper
- The Form Helper
- The Form Validation Helper
- The Flashdata Helper
- The File Validation Helper
- The Pagination Helper
- Other Helpful Features
Form Handling
- Trongate's Approach To Form Handling
- Getting Started With Form Building
- Creating A Books Database Table
- Manually Building A Form
- Improving Our Form
- Form Validation (The Pipe Method)
- Form Validation (The Array Method)
- Displaying Form Validation Errors
- A Closer Look At The Post Method
- Repopulating Forms
- Creating Records
- Reading Records
- Table Joins
- Updating Records
- Deleting Records
- Custom Validation Callbacks
- CSRF Protection
Database Interaction
- How Trongate Works With Databases
- Getting Started
- How To Use Debug Mode
- The 'Get' Method
- The 'Get Where' Method
- The 'Get Where Custom' Method
- The 'Get One Where' Method
- The 'Get Many Where' Method
- The 'Count' Method
- The 'Count Where' Method
- The 'Count Rows' Method
- The 'Get Max' Method
- The 'Insert' Method
- The 'Update' Method
- The 'Delete' Method
- The 'Query' Method
- The 'Query Bind' Method
- The 'Insert Batch' Method
- Graphical Query Builder Video Tutorial
Uploading Files
- A General Overview Of File Uploading
- Building An Uploader Form
- Understanding The Upload Process
- Uploading Pictures
Working With Images
- How To Build Picture Uploaders - Video Demo
- Understanding Single Picture Uploaders
- The Submit Upload Method
- A Closer Look At Picture Settings
- The Drag 'n' Drop Multi File Uploader
- Controlling How Multi-File Uploaders Behave
The Module Import Wizard
- What Problem Does This Solve?
- How To Use The Module Import Wizard
Authorization and Authentication
- Section Introduction
- What We Are Trying To Achieve
- How Trongate's Token System Works
- The Three Security Tables
- Generating Tokens (JavaScript Friendly Version)
- Generating Tokens (PHP Friendly Version)
- Fetching User Data From Tokens (JavaScript friendly version)
- Fetching User Data From Tokens (PHP Friendly Version)
- More Useful Features
- Destroying Tokens (JavaScript Friendly Version)
- Destroying Tokens (PHP Friendly Version)
- Understanding HTTP Response Status Codes
The API Explorer
- An Introduction To The Trongate API Explorer
- API Terminology Explained
- Trongate's Built-In Endpoints
- Getting Started With The API Explorer
- Building Your Api Settings File
- Testing Your API Endpoints
- Optional Additional Parameters
- Before Hooks And After Hooks - General Overview
- Before Hooks - Deep Dive
- After Hooks - Deep Dive
- Querying Endpoints
- Understanding API Authorization
- How To Attach Tokens To Requests
- Wide Open Authorization
- Role Based Authorization
- ID Based Authorization
- User ID Segment Authorization
- User Code Segment Authorization
- User Owned Segment Authorization
- Custom API Endpoints
Before You Launch
- Hiding Your Admin Login URL
- Pre Launch Checklist
- Web Hosting Advice

switch to dark mode

Controlling How Multi-File Uploaders Behave

Trongate's multi-file (drag 'n' drop) uploader certainly achieves a lot with virtually no real work. By default, it comes with token-based authorization and it makes sure the user attempting the upload (or the delete) has a role of 'admin'.

That's all well and good. However, there may be instances where you'd like to modify how your multi-file uploaders behave. For example;

Perhaps you'd like to set your own custom authorization rules for the multi-file uploader
Perhaps you'd like to run tests on individual files before allowing them to be uploaded

All of this is possible. Before we get into this, let's have a quick reminder of how file uploading - and the multi-file uploader in particular works.

How The Multi-File Uploader Works

When you attempt to upload some files, using the multi-file uploader, each file is posted to an endpoint. The endpoint is the BASE_URL followed by trongate_filezone/upload, followed by a few other segments.

This means that each and every file that a user selects (or drops) is going to initiate an HTTP Post request. This post request gets received by the 'trongate_filezone' module.

Unlike with ordinary form submissions, the information relating to the submitted file (in this case an image) is available in the $_FILES superglobal. The $_FILES superglobal is a special array, containing information about files that have been submitted.

If you have a look at the Trongate_filezone.php controller file, you'll notice that the upload() method starts with the line:

api_auth();

The api_auth() command tells Trongate to enforce any authorization rules that have been declared inside the api.json file, within the trongate_filezone module. By default, the upload method comes with the following settings (inside api.json):

"Upload": {
    "url_segments": "trongate_filezone/upload/{target_module}/{update_id}",
    "request_type": "POST",
    "description": "The endpoint for gallery uploads.",
    "enableParams": false,
    "required_fields": [
        {
            "name": "update_id",
            "label": "Update ID"
        },
        {
            "name": "target_module",
            "label": "Target Module"
        }
    ],
    "authorization":{
        "roles": [
            "admin"
        ]
    }
  }

As you can see, by default the trongate_filezone module enforces the rule that only users with a role of 'admin' are allowed upload to upload files.

Modifying Authorization Rules

Having api_auth() declared means that developers have Trongate's API Authorization protocol fully enabled. Comprehensive documentation on how this works can be found: here.

A type of API authorization that is particularly noteworthy is User Owned Segment Authorization. This is a type of authorization that could be used to restrict uploads to only users who own or have been assigned to a particular record.

Below is an example of some custom authorization rules that grant access to:

users with a role of 'admin'
users who have been assigned to target records

"authorization":{
    "roles": [
        "admin"
    ],
    "userOwnedSegment": {
        "column": "id",
        "segmentNum": 4
    }
}

Just To Let You Know

In the example api.json settings showing above, we would be assuming that the fourth segment of the URL contains an 'id' that could potentially be matched against a record that has a 'trongate_user_id' column where the value of the 'trongate_user_id' could potentially be matched with the user who has initiated the request. Click here for more details on how this works.

Running Validation Tests On Submitted Files

The business of uploading pictures is carried out by a method named '_do_upload'. This method resides inside the trongate_filezone module.

The do_upload() method follows the normal image uploading protocol for Trongate. Once it has finished uploading, it sends an HTTP response code of 200.

http_response_code(200);

This 200 response code indicates that everything went well. From an end-user perspective, we then see a green background appear on the thumbnail of the uploaded image. This is our confirmation that the upload was successful.

If you'd like to run validation tests on submitted files then the key is to be able to access the $_FILES superglobal.

Here's an example of how to fetch a submitted picture's width:

$submitted_file = array_keys($_FILES)[0];
$temp_file_name = $_FILES[$submitted_file]['tmp_name'];
$dimension_data = getimagesize($temp_file_name);
$width = $dimension_data[0];

Being able to access the properties of a submitted image gives us an opportunity to test for things like maximum width. If an image fails one of our tests - for example by being too wide then we could return an HTTP Response Status Code of 401 echo out 'too wide' (or a similar message). Doing this will give thumbnails a red background, indicating that the image was not uploaded.

Did You Know?

HTTP Response Status codes are covered in detail here.

HELP & SUPPORT

If you have a question or a comment relating to anything you've see here, please goto the Help Bar.