In the second screencast about CRX Quickstart I show how to create a web site like TheServerSide.com in 15 minutes(*). This is achieved in a Data First-like approach: no schemas or the like have to be set up to get up and running. Since the JCR compliant repository underneath has functionality like search, versioning, access control, etc built right in the software created in this demo is not a throw-away prototype, but can evolve into production.
(*) The first screencast is here - you might find it beneficial to watch it first if you want to follow the technical details of this screencast.
Update: for doing the examples yourself with current versions of Sling or CRX Quickstart please see the errata before.
I am a little concerned about the filtering of allowed data on the client side: if this data would have been sensitive, it would have been a problem, since first the content is retrieved (with Sling.getContent()) and then the data is filtered. But that is just a security guy's reflex, sorry for that :).
the data is actually filtered on the server side. The repository will return only the nodes to which to user (in the case of the video: the anonymous user) has access to. The application will not see any other data, hence security concerns are removed from the app developer. This is quite different from typical RDBMS-based web apps where the connection to the db occurs through a technical user so that the application needs to filter rows.
Cheers
Michael
Don't mean to be picky, but if also the "not yet approved" posts would be filtered out on the server side, no
if post.approved=="yes"statement would be necessary (at about 12' in the video). This means that the anonymous user should be able to see also the unapproved posts in the http response stream. Perhaps you can check this with firebug.AFAIK there is no possibility to define an access check on attribute values in JCR. One possibility would be to move the unapproved posts to another location in the tree, which is only accessible by admins.
This is a general issue with ajax-enabled web applications, nothing special to Sling.
Cheers
thanks for your suggestions. Feed generation is really simple (here is an example ), but I am not quite sure what yo mean with feed integration. On the client side? That would be pure JS. Or do you want to write a feed into the repository on the server?
You can also drop me a line (see mail address in the footer)
Cheers
Michael
Also how would you go about validating fields? Would this be done in client side javascript or can this be done in the JCR?
Resource dumped by HtmlRendererServlet
Resource path: /content/usergenerated/content/ddc/blog/2008/04/firststeps2/jcr:content/comments/Thanksfort[2]
Resource metadata: {sling.resolutionPath=/content/usergenerated/content/ddc/blog/2008/04/firststeps2/jcr:content/comments/Thanksfort[2]}
Resource type: cq:Comment
Resource super type: -
Resource properties
jcr:createdBy: admin
jcr:created: java.util.GregorianCalendar[time=1263977020397,areFieldsSet=true,areAllFieldsSet=true,lenient=false,zone=sun.util.calendar.ZoneInfo[id="GMT-05:00",offset=-18000000,dstSavings=0,useDaylight=false,transitions=0,lastRule=null],firstDayOfWeek=1,minimalDaysInFirstWeek=1,ERA=1,YEAR=2010,MONTH=0,WEEK_OF_YEAR=4,WEEK_OF_MONTH=4,DAY_OF_MONTH=20,DAY_OF_YEAR=20,DAY_OF_WEEK=4,DAY_OF_WEEK_IN_MONTH=3,AM_PM=0,HOUR=3,HOUR_OF_DAY=3,MINUTE=43,SECOND=40,MILLISECOND=397,ZONE_OFFSET=-18000000,DST_OFFSET=0]
jcr:primaryType: cq:Comment