How to handle complex data in Flex Objects via custom Admin fields?

Hello! I’m looking for some advice regarding Flex Objects.

I want to store Go game data into a Flex Object from the Admin panel.
(Go is a board game, and the game state is represented as a 19×19 two-dimensional array.)

I referred to the following documentation and forum posts:

On the frontend side of the custom field, I have implemented an SVG board and JavaScript logic.
By clicking the SVG, I can dynamically generate the game state as a JavaScript 2D array.

My question is about the correct event to decode this data in a Flex Object.

Currently, my idea is:

• stringify the JavaScript object with JSON.stringify()
• set the result as the value of a hidden input field
• decode it with json_decode() on the PHP side in some event.

What event is recommended in this case?
Or, is there the list of flex objects events?

@g222, You are mentioning Flex Objects and custom Admin fields, but all I understand from your requirements, is that your frontend (not Admin) submits a json object async to the server using JS and the server should save the state in a file.

For that use-case you can simple catch the submission of the json object, save it as json object into any file on the server and close Grav.

You can catch the AJAX request directly inside event onPluginsInitialized, check the type of request and either:

• Handle storing the json object and die the Grav process
• Or let Grav handle any regular request.

When you need to fetch the state of the game, you open de file on the server, read the 2D array and sent the JSON object to the front-end.

I see no need for Flex Objects, nor custom Admin fields.

Do you have other requirements I’m missing?

@pamtbaau Hello, thank you for your quick response and the alternative suggestion!

I think I should clarify my requirements a bit more.
The game data will be created by authenticated users, not by anonymous visitors.

Since I am not confident in implementing a secure user-authentication and permission system via a login plugin, I was hoping to use the built-in Admin custom fields and Flex Objects.

Given this, do you think it’s still better to implement a custom process, or should I stick with Flex Objects?

@g222,

Since I am not confident in implementing a secure user-authentication and permission system via a login plugin, I was hoping to use the built-in Admin custom fields and Flex Objects.

Please know that the Admin plugin is using the Login plugin for secure user-authentication… Hence, Admin is as secure for user-authentication as the Login plugin is.

The permissions set by Admin are stored in user account files and group files and are used by the core of Grav to determine the permissions of a user/group.

@pamtbaau Hi, I think there was a slight misunderstanding.
What I meant is that I am not confident in my own technical ability to implement a custom plugin that is as secure as the official Admin plugin.
So, I prefer using built-in features like Admin custom fields and Flex Objects because they are secure “out of the box,” and I want to avoid making mistakes in my own implementation.
On that note, I would like to learn more about Flex Objects events.

I think giving users access to admin rather than adding a page with restricted access is so much more vulnerable. You would still need to add flags for these users to allow access only to these flex objects

@Karmalakas Thank you for your advice. I will follow the official documentation to ensure permissions are set correctly: User Accounts | Grav Documentation

Regarding the implementation, I have successfully managed to save data as JSON strings (2D arrays) within the Flex Objects. However, I am currently stuck on the PHP side. I couldn’t find enough information about Flex Object events, which is preventing me from implementing proper server-side validation for this specific format.

Additionally, if I were to create a frontend form on a page accessible only to authenticated users and use the save action ( Reference: Form Actions | Grav Documentation ), would the JSON strings sent through that form still be validatable (e.g., checking the structure of the 2D array)?

Hello! I found the onFlexObjectBeforeSave event by following steps:

• user/plugins/(plugin-name)/blueprints/flex-objects/(flex-type-name).yaml

  config:
      data:
          object:'Grav\Plugin\(plugin-name)\Flex\Types\(flex-type-name)\(flex-type-name)Object'
  

• user/plugins/(plugin-name)/classes/Flex/Types/(flex-type-name)/(flex-type-name)Object.php

  use Grav\Common\Flex\Types\Generic\GenericObject;
  class GoObject extends GenericObject
  

• system/src/Grav/Common/Flex/Types/Generic/GenericObject.php

  use Grav\Common\Flex\FlexObject;
  class GenericObject extends FlexObject
  

• system/src/Grav/Common/Flex/FlexObject.php

  abstract class FlexObject extends \Grav\Framework\Flex\FlexObject implements MediaInterface
  

• system/src/Grav/Framework/Flex/FlexObject.php

  public function save()
  {
      $this->triggerEvent('onBeforeSave');
  	...
  }
  public function triggerEvent(string $name, $event = null)
  {
      if (strpos($name, 'onFlexObject') !== 0 && strpos($name, 'on') === 0) {
          $name = 'onFlexObject' . substr($name, 2);
      }
  }
  

With this, I was able to create flex objects like this: GitHub - thirdcake/go-quiz-proto: Grav Flex Objects for Go game state

I’m not sure if this is the recommended approach, but I’ve managed to get a working prototype for now.

If you know of a better event or implementation, please let me know.