I have just checked in some changes that untangle security and url/request mappings.

So far, views using ZMRedirectView as view class had a parameter of secure=true in the mapping to make the redirect to a secure url. That means, however, that information about secure URLs were stored in two different places, and even more so, potentially could get out of sync.

With the changes as of today that is no longer the case. I also changed ZMUrlMapper to allow to configure a couple more things, including the controller class and a form id for automatic validation (not supported yet).

All in all, this means that the url and security mappings now are able to control pretty much all aspects of request handling as a proper MVC framework should be able to.

it is worth noting that mappings are only required if defaults are not sufficient. This would  be the case if:

• the view class is not the default (PageView)
• the view id used by the controller is not the page name (typically the case for POST requests)
• the views template name does not match the page name (for example, all products use product_info as page name, but the template name is derived from the product type)
• a controller class is to be reused for a different page name

I should perhaps also mention that the reason for all these changes was the need to do what the last list item describes.

As a result of this now being implemented, there is going to be a new plugin called zm_form_handler. What it does is that it allows to set up an unlimited number of page (names) with corresponding templates, where each page/template contains a different form. Forms can be validated using the page name/id as form id. Sucessfully submitted form data will then be emailed to a configurable email address (or the store email).

So, this is what every better ISP offers as CGI or custom form handler.

Considering that static pages and custom forms (incl. email notification) are often searched for features (and also pretty basic stuff), it’s good to finally be able to be able to offer this!

EDIT: The next would be, of course, to get rid of the secure parameter on url generating methods and leave the decision about that also to ZMSacsMapper! I’ll have to ponder that for a while, though…