I’m trying to rebuild a site and I have full control of how this will be done. I really need help deciding what to do. I could rewrite just the DB layer, add validation, add various security elements, etc, or I could move the 150+ modules into a framework (like Yii!). I’m open to any ideas!
Here’s what I need:
* A very flexible permissions system (or one that I can override) (I have many layers of permissions for different modules and within modules--not just read/edit.. some parts of modules load differently based on the user type)
* Ability to override/extend validation/canonicalization (I really like OWASP)
* Ability to extend/override authentication (modify salting/hashing method,bcrypt)
Things to consider:
* I've never used ORM, but it seems pretty straightforward.
* Almost nothing in the site is normal CRUD. All the views are complex and custom and involve multiple joins.
* I would prefer php5, but right now the site is procedural, so if the best fit lacks some OO features, that's ok.
* Support for multiple DBs would be nice, but it's not critical
* It's a high-traffic site (light on number of connections, but heavy on data and calculations), so speed is important. I'm not doing any caching and most of the content is dynamic so I'm not sure caching would help.
* Unit testing/logging would be nice, but isn't essential.
* I don't mind a learning curve as long as the flexibility is there. I would rather not have to redesign the views. I don't mind recoding them, though.
I’ve been looking a lot at Yii and it seems like I can do what I want, but I thought I’d ask in case there was an obvious deal-breaker that I missed.
Sounds like a lot of work no matter how you end up deciding to go about it
I’m certainly no yii/php guru, but I have a couple of answers:
Yii uses role based access control which should be flexible enough to suit your needs. Quite a few extensions have been written to take care of administering users in various ways - even if you don’t use one they can be quite helpful in understanding how it works.
Validation is usually quite nice - you can easily write your own validators for a model and specify a different set of validators to be used based on a scenario.
ORM/Activerecord is a biggie - a lot of the magic like bringing in related records for defined relationships and other time-savers rely on it.
There are certainly many times where you’ll want to write out your own SQL to get the best performance but for fast development using activerecord helps a lot.
In my (admittedly limited) experience, Yii is quite flexible. I’ve used other MVC frameworks such as cakephp/codeigniter in the past and have usually ended up banging my head against the wall after running into a roadblock - thus far not so with Yii.
I know I’m being vague. It’s hard to describe the project succinctly. I want to rebuild it because it’s been in development for 6 years and it’s very fragmented and difficult to maintain. It’s lacking some features like certain basic security methods. I can just fix the main query function, add in some validation, change the authentication system, create my own notification class, etc, or I can pick something that does all these things well and I can spend the time migrating the project to a known framework. I’m not sure which is best.
Thank you. I’m comforted by your last paragraph. I’ve looked into CI a lot, but I don’t like all the legacy code and I’m inclined to go fully OO if I’m going to go through the trouble of migrating the site. (And yes, I know about Kohana, but not enough)
The roles will work fine for most of the site. I do have an area (a forum) where the permissions are a combination of contact type/contact type status (Like ‘Staff Member’/‘Current’ or ‘Staff Member’/‘Part-Time’) which is something I can see being similar to roles and user-based permissions (certain people are allowed to see certain forum areas.
I did look through the validation area and it looks really great (and easy to customize/extend).
ORM looks fun, too, although I didn’t come across a way to migrate data, but I guess I can just copy tables from one database to another.