Server side validation for configuration values in Magento with backend: an how-to

I wrote few times ago a tutorial which explains that we can validate configuration values in Magento from the client side

But as you know, (and it’s not valid only for Magento) even if you validate the format from client side, you must also validate data from server side: this is the only way to be sure that expected data has been provided

The model provided by Magento to validate data is the backend

What is a backend?

Backend introduction

A backend is a model object used to do treatments from server side.

The common usage for these backends is to make post treatments when saving configurations values or attributes

Default structure for Magento backend configuration

In Magento, backends are models and so, are called with getModel instruction. This is done by the following instruction in Mage_Adminhtml_Block_System_Config_Form class:

So as you can see in the source code screenshot, backend models used for configuration values must be instances of Mage_Core_Model_Config_Data

Ok, it’s fine, but what are their roles?

Common Magento backend configuration usage

Magento backend has two majors roles. All is based on the fact that Mage_Core_Model_Config_Data class extends Varien_Object class, and so, can have the common method structures _beforeX and _afterX. Here’s their common usage:

Validate data: the _beforeSave Event

This step is launched on the _beforeSave method: you make your controls on this event, and if the value is not the expected one, you throw an Exception. It will be catched in higher level, and will be displayed in configuration form

Data won’t be saved if there is an error on this event

Prepare data: the _beforeSave Event

The _beforeSave method can also be useful to format data

Data won’t be saved if there is an error on this event

Do post treatment: the afterSave Event

Post treatments will be done after data has been saved. In configuration values, they are realized after configuration is recorded in core_config_data table

If you throw an error in this step, configuration value is already saved

Other possibles Magento backend usage

Mage_Core_Model_Config_Data extends Varien_Object and so, all the events availables on this class can also be used on a defined backend model. But for now, I haven’t seen their usage. Do you?

Ok, nice, backend seems really fine. But how can we define our own backends models?

How to define a backend for a configuration value in Magento?

This is very easy with Magento API for configuration values: we have only to define a node backend_model for our field structure. All is done in your system.xml module file

Here’s an example of backend_model definition:

For this field frequency, we will define our backend model MExplained_Criteo_Model_System_Config_Backend_Criteo_Cron

If backend_model node is not defined in system.xml field, there is no backend defined for our configuration field, and so, no treatment made server-side

Conclusion on Magento backend models

Backend models are classes which allow you to make pre and post treatments from server side. This is the only secure way to ensure that expected data has been provided!

I’ve used the Configuration API as example because I’ve found this API very simple and a good example for backend usage. But all functionnalities provided for backend configuration data is also available for attributes. Take a look at the eav_attribute table and you’ll see that you can also provide your own backend models for your attributes (except that they do not extend the same class)

Backend models are Magento models and so, can also be overwritten like other magento classes

With client-side validation, you’ll have a complete toolkit to validate configuration values. And as you can see, validating these data from server side and client side should not be more than half an hour. So it’s a shame to see that numbers of modules do not use these validations. For example, Owebia_Shipping module, a shipping module requires to set up a json configuration value. If this module had a backend usage to validate that configuration value provided is a valid json string, perhaps many of you would have gained time. That’s what you callĀ  quality of service, no?