I’ve been messing around with the FlexOnRails Cairngorm/WebORB app and wanted to add some more fields to the flex form for projects (I’m building a construction project tracker so I need to add the project’s address). However as I’m a lazy programmer I quickly got tired of typing all the values to be passed in the event dispatcher. Here’s the original code:

private function projectFormValues () : Object
{
    var values : Object = new Object();

    values.street_address = street_address.text;
    values.suite = suite.text;
    values.city = city.text;
    // etc…

    return values;
}

And below is my revised ‘projectFormValues’ method, it now loops over the form and gets all the values:

private function projectFormValues () : Object
{
    var values : Object = new Object();

    // get form items
    var formItems = project_form.getChildren();

    // loop items and add values
    for (var i = 0; i < formItems.length; i++)
    {
        // formItem
        var formItem = formItems[i].getChildren();
        values[formItem[0].name] = formItem[0].text;
    }

    return values;
}

The form just for reference…

<mx:Form height=“100%” width=“100%” id=“project_form”>
        <mx:FormItem label=“Street Address:”>
            <mx:TextInput id=“street_address” text=“{model.selectedProject.street_address}”/>
        </mx:FormItem>
        <mx:FormItem label=“Suite:”>
            <mx:TextInput id=“suite” text=“{model.selectedProject.suite}”/>
        </mx:FormItem>
        <mx:FormItem label=“City:”>
            <mx:TextInput id=“city” text=“{model.selectedProject.city}”/>
        </mx:FormItem>
        <!– more form items… –>
    </mx:Form>

FlexOnRails have two (first, second) detailed posts on using WebORB for Rails with Flex. The demo app uses Adobe’s Cairngorm a framework for Flex and it’s Value Objects which can be mapped (through WebORB) to server side objects. Make sure to read the comments on the second post as Derek Wischusen explains the value of Value Objects.

The app also makes use of a pretty cool reflection effect (which no Web 2.0 app can be without) by Ben Stucki (check out some of his other flex components).

When uploading a file through Flash every file comes through as with it’s .content_type as ‘application/octet-stream’ so you can’t check it using traditional methods*.

You can limit what kind of file is uploaded in ActionScript:

var allTypes:Array = new Array();
        var imageTypes:Object = new Object();
        imageTypes.description = “Images (*.jpg, *.jpeg, *.gif, *.png)”;
        imageTypes.extension = “*.jpg; *.jpeg; *.gif; *.png”;
        allTypes.push(imageTypes);

        fileRef.browse(allTypes);

This isn’t secure yet because someone could still change the extension of a malicious file. Most file uploads are images so you can use RMagick to detect if the file is an image:

img = Magick::Image::read(path_to_file).first

If the file isn’t an image Rails will bug out and you’ll get an ‘onHTTPError’ returned to Flash, which you can then handle gracefully by alerting the user of the error.

*Note: even when checking a file’s content_type it’s possible for someone to fake it. This is just one of many file ’sanitizations’ that you should apply to any upload.