ardent

Self-validating, secure and smart models for Laravel's Eloquent ORM

1389
211
PHP

Ardent

Latest Stable Version
License
Total Downloads
Monthly Downloads
Daily Downloads

Self-validating smart models for Laravel Framework 5’s Eloquent ORM.

Based on the Aware bundle for Laravel 3 by Colby Rabideau.

Copyright © 2013-2015 Max Ehsan & Igor Santos

Changelog

Visit our Releases list. The changelog is made there 😃

Installation

Add laravelbook/ardent as a requirement to composer.json (see our latest stable version on the badges!):

{
    "require": {
        "laravelbook/ardent": "3.*"
    }
}

Update your packages with composer update or install with composer install.

You can also add the package using composer require laravelbook/ardent and later specifying the version you want (for now, dev-master is your best bet).

Usage outside of Laravel (since 1.1)

If you’re want to use Ardent as a standalone ORM package you’re invited to do so by using the
following configuration in your project’s boot/startup file (changing the properties according
to your database, obviously):

\LaravelArdent\Ardent\Ardent::configureAsExternal(array(
  'driver'    => 'mysql',
  'host'      => 'localhost',
  'port'      => 3306,
  'database'  => 'my_system',
  'username'  => 'myself',
  'password'  => 'h4ckr',
  'charset'   => 'utf8',
  'collation' => 'utf8_unicode_ci'
), 'en'); //English is the default messages language, may be left empty

Documentation

Introduction

How often do you find yourself re-creating the same boilerplate code in the applications you build? Does this typical form processing code look all too familiar to you?

Route::post('register', function() {
        $rules = array(
            'name'                  => 'required|between:3,80|alpha_dash',
            'email'                 => 'required|between:5,64|email|unique:users',
            'password'              => 'required|min:6|confirmed',
            'password_confirmation' => 'required|min:6'
        );

        $validator = Validator::make(Input::all(), $rules);

        if ($validator->passes()) {
            User::create(array(
                    'name'     => Input::get('name'),
                    'email'    => Input::get('email'),
                    'password' => Hash::make(Input::get('password'))
                ));

            return Redirect::to('/')->with('message', 'Thanks for registering!');
        } else {
            return Redirect::to('/')->withErrors($validator->getMessages());
        }
    }
);

Implementing this yourself often results in a lot of repeated boilerplate code. As an added bonus, you controllers (or route handlers) get prematurely fat, and your code becomes messy, ugly and difficult to understand.

What if someone else did all the heavy-lifting for you? What if, instead of regurgitating the above mess, all you needed to type was these few lines?..

Route::post('register', function() {
        $user = new User;
        if ($user->save()) {
            return Redirect::to('/')->with('message', 'Thanks for registering!');
        } else {
            return Redirect::to('/')->withErrors($user->errors());
        }
    }
);

Enter Ardent!

Ardent - the magic-dust-powered, wrist-friendly, one-stop solution to all your dreary input sanitization boilerplates!

Puns aside, input validation functionality can quickly become tedious to write and maintain. Ardent deals away with these complexities by providing helpers for automating many repetitive tasks.

Ardent is not just great for input validation, though - it will help you significantly reduce your Eloquent data model code. Ardent is particularly useful if you find yourself wearily writing very similar code time and again in multiple individual applications.

For example, user registration or blog post submission is a common coding requirement that you might want to implement in one application and reuse again in other applications. With Ardent, you can write your self-aware, smart models just once, then re-use them (with no or very little modification) in other projects. Once you get used to this way of doing things, you’ll honestly wonder how you ever coped without Ardent.

No more repetitive brain strain injury for you!

Getting Started

Ardent aims to extend the Eloquent base class without changing its core functionality. Since Ardent itself is a descendant of Illuminate\Database\Eloquent\Model, all your Ardent models are fully compatible with Eloquent and can harness the full power of Laravels awesome OR/M.

To create a new Ardent model, simply make your model class derive from the Ardent base class. In the next examples we will use the complete namespaced class to make examples cleaner, but you’re encouraged to make use of use in all your classes:

use LaravelArdent\Ardent\Ardent;

class User extends Ardent {}

Note: You can freely co-mingle your plain-vanilla Eloquent models with Ardent descendants. If a model object doesn’t rely upon user submitted content and therefore doesn’t require validation - you may leave the Eloquent model class as it is.

Effortless Validation with Ardent

Ardent models use Laravel’s built-in Validator class. Defining validation rules for a model is simple and is typically done in your model class as a static variable:

class User extends \LaravelArdent\Ardent\Ardent {
  public static $rules = array(
    'name'                  => 'required|between:3,80|alpha_dash',
    'email'                 => 'required|between:5,64|email|unique:users',
    'password'              => 'required|min:6|confirmed',
    'password_confirmation' => 'required|min:6',
  );
}

Note: you’re free to use the array syntax for validation rules as well. I hope you don’t mind the old Laravel docs link, but as good as Laravel documentation is, clear reference on pipe/array syntaxes for Validation rules is unfortunately gone since 5.1.

Ardent models validate themselves automatically when Ardent->save() is called.

$user           = new User;
$user->name     = 'John doe';
$user->email    = '[email protected]';
$user->password = 'test';

$success = $user->save(); // returns false if model is invalid

Note: You can also validate a model at any time using the Ardent->validate() method.

Retrieving Validation Errors

When an Ardent model fails to validate, a Illuminate\Support\MessageBag object is attached to the Ardent object which contains validation failure messages.

Retrieve the validation errors message collection instance with Ardent->errors() method or Ardent->validationErrors property.

Retrieve all validation errors with Ardent->errors()->all(). Retrieve errors for a specific attribute using Ardent->validationErrors->get('attribute').

Note: Ardent leverages Laravel’s MessagesBag object which has a simple and elegant method of formatting errors.

Overriding Validation

There are two ways to override Ardent’s validation:

1. Forced Save

forceSave() validates the model but saves regardless of whether or not there are validation errors.

2. Override Rules and Messages

both Ardent->save($rules, $customMessages) and Ardent->validate($rules, $customMessages) take two parameters:

  • $rules is an array of Validator rules of the same form as Ardent::$rules.
  • The same is true of the $customMessages parameter (same as Ardent::$customMessages)

An array that is not empty will override the rules or custom error messages specified by the class for that instance of the method only.

Note: the default value for $rules and $customMessages is empty array(); thus, if you pass an array() nothing will be overriden.

Custom Validation Error Messages

Just like the Laravel Validator, Ardent lets you set custom error messages using the same syntax.

class User extends \LaravelArdent\Ardent\Ardent {
  public static $customMessages = array(
    'required' => 'The :attribute field is required.',
    ...
  );
}

Custom Validation Rules

You can create custom validation rules the same way you would for the Laravel Validator.

Model Hooks (since 2.0)

Ardent provides some syntatic sugar over Eloquent’s model events: traditional model hooks. They are an easy way to hook up additional operations to different moments in your model life. They can be used to do additional clean-up work before deleting an entry, doing automatic fixes after validation occurs or updating related models after an update happens.

All before hooks, when returning false (specifically boolean, not simply “falsy” values) will halt the operation. So, for example, if you want to stop saving if something goes wrong in a beforeSave method, just return false and the save will not happen - and obviously afterSave won’t be called as well.

Here’s the complete list of available hooks:

  • before/afterCreate()
  • before/afterSave()
  • before/afterUpdate()
  • before/afterDelete()
  • before/afterValidate() - when returning false will halt validation, thus making save() operations fail as well since the validation was a failure.

For example, you may use beforeSave to hash a users password (actually, it would be a better idea to use auto-hashing!):

class User extends \LaravelArdent\Ardent\Ardent {
  public function beforeSave() {
    // if there's a new password, hash it
    if($this->isDirty('password')) {
      $this->password = Hash::make($this->password);
    }
    
    return true;
    //or don't return nothing, since only a boolean false will halt the operation
  }
}

Additionals beforeSave and afterSave (since 1.0)

beforeSave and afterSave can be included at run-time. Simply pass in closures with the model as argument to the save() (or forceSave()) method.

$user->save(array(), array(), array(),
  function ($model) { // closure for beforeSave
    echo "saving the model object...";
    return true;
  },
  function ($model) { // closure for afterSave
    echo "done!";
  }
);

Note: the closures should have one parameter as it will be passed a reference to the model being saved.

Cleaner definition of relationships (since 2.0)

Have you ever written an Eloquent model with a bunch of relations, just to notice how cluttered your class is, with all those one-liners that have almost the same content as the method name itself?

In Ardent you can cleanly define your relationships in an array with their information, and they will work just like if you had defined them in methods. Here’s an example:

class User extends \LaravelArdent\Ardent\Ardent {
  public static $relationsData = array(
    'address' => array(self::HAS_ONE, 'Address'),
    'orders'  => array(self::HAS_MANY, 'Order'),
    'groups'  => array(self::BELONGS_TO_MANY, 'Group', 'table' => 'groups_have_users')
  );
}

$user = User::find($id);
echo "{$user->address->street}, {$user->address->city} - {$user->address->state}";

The array syntax is as follows:

  • First indexed value: relation name, being one of
    hasOne,
    hasMany,
    belongsTo,
    belongsToMany,
    morphTo,
    morphOne,
    morphMany,
    or one of the related constants (Ardent::HAS_MANY or Ardent::MORPH_ONE for example).
  • Second indexed: class name, with complete namespace. The exception is morphTo relations, that take no additional argument.
  • named arguments, following the ones defined for the original Eloquent methods:
    • foreignKey [optional], valid for hasOne, hasMany, belongsTo and belongsToMany
    • table,otherKey [optional],timestamps [boolean, optional], and pivotKeys [array, optional], valid for belongsToMany
    • name, type and id, used by morphTo, morphOne and morphMany (the last two requires name to be defined)

Note: This feature was based on the easy relations on Yii 1.1 ActiveRecord.

Automatically Hydrate Ardent Entities

Ardent is capable of hydrating your entity model class from the form input submission automatically!

Let’s see it action. Consider this snippet of code:

$user           = new User;
$user->name     = Input::get('name');
$user->email    = Input::get('email');
$user->password = Hash::make(Input::get('password'));
$user->save();

Let’s invoke the magick of Ardent and rewrite the previous snippet:

$user = new User;
$user->save();

That’s it! All we’ve done is remove the boring stuff.

Believe it or not, the code above performs essentially the same task as its older, albeit rather verbose sibling. Ardent populates the model object with attributes from user submitted form data. No more hair-pulling trying to find out which Eloquent property you’ve forgotten to populate. Let Ardent take care of the boring stuff, while you get on with the fun stuffs!
It follows the same mass assignment rules internally, depending on the $fillable/$guarded properties.

To enable the auto-hydration feature, simply set the $autoHydrateEntityFromInput instance variable to true in your model class. However, to prevent filling pre-existent properties, if you want auto-hydration also for update scenarios, you should use instead $forceEntityHydrationFromInput:

class User extends \LaravelArdent\Ardent\Ardent {
  public $autoHydrateEntityFromInput = true;    // hydrates on new entries' validation
  public $forceEntityHydrationFromInput = true; // hydrates whenever validation is called
}

Automatically Purge Redundant Form Data

Ardent models can auto-magically purge redundant input data (such as password confirmation, hidden CSRF _token or custom HTTP _method fields) - so that the extra data is never saved to database. Ardent will use the confirmation fields to validate form input, then prudently discard these attributes before saving the model instance to database!

To enable this feature, simply set the $autoPurgeRedundantAttributes instance variable to true in your model class:

class User extends \LaravelArdent\Ardent\Ardent {
  public $autoPurgeRedundantAttributes = true;
}

You can also purge additional fields. The attribute Ardent::$purgeFilters is an array of closures to which you can add your custom rules. Those closures receive the attribute key as argument and should return false for attributes that should be purged. Like this:

function __construct($attributes = array()) {
  parent::__construct($attributes);

  $this->purgeFilters[] = function($key) {
    $purge = array('tempData', 'myAttribute');
    return ! in_array($key, $purge);
  };
}

Automatically Transform Secure-Text Attributes

Suppose you have an attribute named password in your model class, but don’t want to store the plain-text version in the database. The pragmatic thing to do would be to store the hash of the original content. Worry not, Ardent is fully capable of transmogrifying any number of secure fields automatically for you!

To do that, add the attribute name to the Ardent::$passwordAttributes static array variable in your model class, and set the $autoHashPasswordAttributes instance variable to true:

class User extends \LaravelArdent\Ardent\Ardent {
  public static $passwordAttributes  = array('password');
  public $autoHashPasswordAttributes = true;
}

Ardent will automatically replace the plain-text password attribute with secure hash checksum and save it to database. It uses the Laravel Hash::make() method internally to generate hash. Note: It’s advised to use Eloquent’s $hidden attribute so the password, even hashed, won’t come out that easily if you’re building an API or similar 😃

In case you’re using Ardent standalone, you can use Ardent::$hasher to verify the field value, using something like User::$hasher->check($given_password, $user->password).

Updates with Unique Rules

Ardent can assist you with unique updates. According to the Laravel Documentation, when you update (and therefore validate) a field with a unique rule, you have to pass in the unique ID of the record you are updating. Without passing this ID, validation will fail because Laravel’s Validator will think this record is a duplicate.

From the Laravel Documentation:

    'email' => 'unique:users,email,10'

In the past, programmers had to manually manage the passing of the ID and changing of the ruleset to include the ID at runtime. Not so with Ardent. Simply set up your rules with unique, call function updateUniques and Ardent will take care of the rest.

Example:

In your extended model define your rules

  public static $rules = array(
     'email' => 'required|email|unique',
     'password' => 'required|between:4,20|confirmed',
     'password_confirmation' => 'between:4,20',
  );

In your controller, when you need to update, simply call

$model->updateUniques();

If required, you can runtime pass rules to updateUniques, otherwise it will use the static rules provided by your model.

Note that in the above example of the rules, we did not tell the Validator which table or even which field to use as it is described in the Laravel Documentation (ie unique:users,email,10). Ardent is clever enough to figure it out. (Thank you to github user @Sylph)