Monthly Archives: June 2007

Meaningful Seaside Links after Session Expiry

There’s something about Seaside’s URLs that has bothered me for a long time, and I just discovered a solution. I haven’t seen anything about this anywhere else, so I figured I’d write it down in case it’s useful to anyone else.

Since your URLs are managed by your Seaside session, they all become invalid when your session times out. Leave your browser alone for a while, then return and click a link. Instead of taking you where it said it would, the link ends up taking you back to the first page of the app.

The well-known pattern for creating “bookmarkable URLs” is part of the solution here. You override #updateUrl: in your component, and then you override #initialRequest: in your root component or one of its children (i.e. something that’s visible by default). However, that only solves the problem of returning to your current page and has nothing to do with meaningful links on your current page after your session expires.

For most applications, this sort of behavior is not a big deal. Your session times out, you click something, and you’re kicked back to the “please sign in” page. Users tolerate this, because they’re used to the idea that their computer shouldn’t stay signed in forever.

But on a public area of a site, this sort of behavior really can get frustrating. I often pull up a page, get interrupted, and don’t get back to the page for several hours or days. The SqueakSource site has done this to me more than once. Browse to a SqueakSource page, go have lunch, and then come back and click a link. You get shown the homepage instead. Argh!

Thankfully, there are hooks in Seaside that make meaningful links possible. But they’re not very well known, and I can’t find any reference to them anywhere online. The methods are on WAAnchorTag, named #extraPath: and #extraParameters:. These two methods allow you to mangle the URL on the front side, just like you can with #updateUrl: on the other end.

You can use them like this:

(html anchor)
 callback: [self registerVolunteer];
 extraPath: 'volunteer';
 with: 'Become a Volunteer!'

If you’re already using the hooks for bookmarkable URLs, then it’s simply a matter of putting in the right path or parameters when you build the link.

It’s entirely possible to build meaningful URLs in Seaside. The tools are all there. And even though it seems harder than in other frameworks, it’s really not. It just feels hard, because Seaside gives you such a nice abstraction the rest of the time.

And if you’re building a content management system, you’ll likely be creating an abstraction that hides these details anyway.



Filed under Seaside

Alternatives to Model-Based Validation?

Rails has an decent set of validation rules for its database models. You can specify that particular variables must be present or satisfy certain constraints, either by themselves (“must be two characters long”) or in relation to each other (“password can’t be blank for administrators”). I’ve written several of my own extensions to these for validating phone numbers, email addresses, tracking numbers, and the like.

It works fine, at first. But model-based validation breaks down in several situations. Here are a few examples:

1. Wizard-like interfaces break the rules. By definition, a wizard decomposes the process into several steps. Your model objects are often invalid until you finish the last step. I have yet to see a solution to this. Most people end up adding some sort of knowledge about the wizard to the model’s validation code (“If I’m only asking for the person’s name and address right now, don’t try to validate his email address”).

2. In Rails, you can’t save your models unless they satisfy all of the validity conditions. This problem probably won’t arise at first, but as your code base evolves, it can have some nasty side-effects. Like when a user can’t change his password, because the model has lately been changed to require a variable that used to be optional.

Seaside itself provides nothing to help you with validation. Search some archives and you’ll find people recommending Magritte, which is a metadata descriptor system for model objects. It was written by Lukas Renggli, who is one of the lead developers of Seaside itself.

Magritte improves the problematic situations above in a couple of significant ways. For one, Magritte descriptions can be configured on any object, not just on database models. In Seaside, a wizard is likely to be implemented with several components (one per page), so a corresponding model could be built with just the validation rules it needs. Additionally, Magritte is completely separate from your persistence layer, so you are free to save your model objects regardless of whether Magritte’s validation rules are satisfied.

But I’m still not satisfied with the approach. Model-based validation has a bad smell to me, though in some limited ways I am sure it is useful. But the more I look at systems that work this way, the more I see what looks like UI-specific code in the model. Should your model really be concerned whether the user has entered matching strings for “password” and “password confirmation”? What if I want to use real first-class objects to represent a phone number? Validation should happen before the data ever gets to the model. It strikes me that validation belongs in the form, not in the model. In Seaside, that means that validation would happen at the component level.

So I’m looking for a better way. How are others handling validation in Seaside? Beyond that, how do other frameworks help with form validation? The most intriguing thing I’ve seen so far is the “newforms” framework in Django, which couples form inputs to their validation.

It seems that this would be fairly easy to implement in Seaside. You could use blocks to make its behavior pluggable. If you end up using one particular form in several places, make your own subclass of Form and reuse it. Or if you only need it once, build the Form instance programmatically.

Are there any other frameworks that provide validation hooks but are not model-based?


Filed under Rails, Seaside