CSRF Token, viewing Symfony forms in ExtJS

[goof03]

Hi,

how do you handle form load i understand that the action to handle forms is for form submit. But for the load ?
My problem is mostly to handle the CSRF token.

Otherwise my "patch" seems to be ok.

[wujashek]

We don't use Symfony forms for viewing only for saving data. So CSRF token is not implemented right now

[goof03]

But how do you submit a form without token for saving ? do you have disable it in app/config ?

[wujashek]

Yes, protection is disabled, i will make notice in documentation about that. Maybe we find real solution for that

[goof03]

Ok i have add this method to your Form object :

public function toArray(){

    foreach($this->form->getChildren() as $form_field) {
        $list[$form_field->getName()] = $form_field->getClientData();
    } 

    return $list;
}

And tada ! :) i can do in my controller action (without @Form annotation) :

$editForm = $this->createForm(new EntityType(), $entity);
return new Form($editForm);

form is loaded (for edit or create) with _token field.

Don't know if it's right method but it work and like you i don't manage subform yet.

I think it will be better to test if $form var passed to contructor is an instance of SF Form and if not put an exception.
And add serialized form fields to your form action json reponse to get id on create or other value wich can change on form submit like for exemple last modified date …

Hope this help …

[wujashek]

Please fork bundle and add this to form response, then make a pull request and patch will be in our code. Great idea.

[goof03]

Don't know if i will find time to fork i've make many modifications to use it with Extjs4 MVC architecture i will try.

This is my last change because my last function dont work on form errors :

public function toArray(){
    if($this->form->isBound()){
        return $this->getContent();
    }
    else{
        foreach($this->form->getChildren() as $form_field) {
            $list[$form_field->getName()] = $form_field->getClientData();
        }
        return $list;
    }
}

i change string returned on validation from msg to errors to get errors automaticly shown on field of the form without more code.

I'll will take a look to your last change too I saw the javascript_vendor_path but i dont understand why you dont want to upgrade to full last Extjs4 version ? No need to have duplicate extjs code …

Other thing the javascript add in header.html.twig seems to be a bad idea for me because you make this bundle dependant to your futur admin bundle for exemple i already manage this in MVC way with an app.js add in my index view with something like:

Ext.application({
    name: 'sfExtjs',

    appFolder: 'bundles/mybundlecore/js/app',

    controllers: [
        'Core'
    ],

    launch:function(){
        Ext.tip.QuickTipManager.init();
        sfExtjs.app = this
   },

   autoCreateViewport: true
});

for exemple you can have an extjs app by bundle loaded dynamically with its controller in a main app. i can mail you my code if your are interrested but it's in an early stage and i've dont test it with many bundle.

[wujashek]

Send me code. Don't worry about headers, admin related javascripts will be in other place. If header has already something which could be optional, just tell me.
Vendor path is for custom extjs javascript source, I must provide default package to easily deploy apps.
Forking and sending pull requests is realy easy, just change your symfony deps to point your fork and you can make changes to bundle source, then send pull request and i will merge it.