FormDefinitionPersistenceGuard
Guards direct DataHandler access to the form_definition table.
FormDefinitionRepository grants a per-invocation token before each DataHandler call. FormDefinitionDataHandlerHook verifies and consumes that token; unauthorised DataHandler operations are rejected. This prevents backend users from bypassing form persistence validation by writing directly to the table (e.g. list module, impexp).
Each token covers the command, the record identifier, and an HMAC of all field-pairs (ksort-ordered), so neither the operation nor any individual field value can be tampered with independently.
Table of Contents
Methods
- __construct() : mixed
- allowInvocation() : bool
- Allows a single DataHandler invocation for the given command and record.
- consumeInvocation() : void
- Consumes a matching invocation (removes it from the pending list).
- isInvocationAllowed() : bool
- Returns true if a matching invocation has been granted and not yet consumed.
Methods
__construct()
public
__construct(HashService $hashService) : mixed
Parameters
- $hashService : HashService
allowInvocation()
Allows a single DataHandler invocation for the given command and record.
public
allowInvocation(FormDefinitionPersistenceCommand $command, string|int $identifier[, array<string|int, mixed>|null $fields = null ]) : bool
Write commands (create, update) must supply the exact field-pairs that will be passed to DataHandler; delete passes null.
Returns false if an identical invocation is already pending (duplicate).
Parameters
- $command : FormDefinitionPersistenceCommand
- $identifier : string|int
- $fields : array<string|int, mixed>|null = null
Return values
boolconsumeInvocation()
Consumes a matching invocation (removes it from the pending list).
public
consumeInvocation(FormDefinitionPersistenceCommand $command, string|int $identifier[, array<string|int, mixed>|null $fields = null ]) : void
Called both by the hook after successful verification (single-use enforcement) and by the repository's finally block (cleanup).
Parameters
- $command : FormDefinitionPersistenceCommand
- $identifier : string|int
- $fields : array<string|int, mixed>|null = null
isInvocationAllowed()
Returns true if a matching invocation has been granted and not yet consumed.
public
isInvocationAllowed(FormDefinitionPersistenceCommand $command, string|int $identifier[, array<string|int, mixed>|null $fields = null ]) : bool
The provided fields must produce the same sorted key list and HMAC as the fields that were registered via allowInvocation().
Parameters
- $command : FormDefinitionPersistenceCommand
- $identifier : string|int
- $fields : array<string|int, mixed>|null = null