Hi! Finally i was able to creata a simple toolbar from JSON and i want to share with you.

Here is the code

[HTML]<html>
<head>
<title>LimeStudio - Servicios de imagen,comunicaci

First of all, don't EVER use eval() for Json processing; use Ext.decode() instead.

Second, I don't see the point of custom toolbars; for me, a toolbar is stuff which does not change frequently, except of user-customizable-draggable toolbars.

malotor, very nice job, tnks for sharing

I'll try using Ext.decode, of course it looks more elegant than "eval" ;). There are some situations where you need a dinamic toolbar. In example, i'm working ina CMS where each user have a diferent toolbar depending on their permissions.

Thanks for your replies.

yes malotor, i need something like that too, tnks for sharing again!

pd. tu hablas en espa

First of all, don't EVER use eval() for Json processing; use Ext.decode() instead.

Normally I'd agree with you, but while digging around the Ext 1.1 beta I noticed that Ext.decode no longer does any checks of the json:
this.decode = function(json){
return eval("(" + json + ')');
};

It's not any more safe than the eval used at the top of the thread...

Normally I'd agree with you, but while digging around the Ext 1.1 beta I noticed that Ext.decode no longer does any checks of the json:
this.decode = function(json){
return eval("(" + json + ')');
};

It's not any more safe than the eval used at the top of the thread...
"Safe"?! What precisely is not "safe" about eval()?

If you're using XHR to retrieve JSON then it must come from your own domain and is therefore trustworthy. As such, there's nothing to warrant the monstrous processing necessary to manually process a JSON string into an object or array literal.

Hm, I never said that it wasn't safe, just that the two calls are, for all intents and pursoses, identical...

Hm, I never said that it wasn't safe, just that the two calls are, for all intents and pursoses, identical...

Ext.decode is still a preferred call because the way how it does decode may be changed in future versions of the lib.

hey guys, what are you think about this:



<?php

require_once '../../config/config.inc.php';
require_once 'json.php';

$json_service = new Services_JSON();

$userPerfil = 'admin';

$tbElements = Array();

switch($userPerfil)
{
case 'admin' :
$tbElements[] = Array(
'type' => 'button',
'config' => Array(
'id' => 'Modulo4',
'title' => utf8_encode('Modulo 4: Inventario'),
'cls' => 'x-btn-icon mod4',
'enableToggle' => true,
'toggleGroup' => 'modulos',
'toggleHandler' => 'this.onItemToggle',
'tooltip' => Array(
'title' => utf8_encode('Modulo 4: Inventario'),
'text' => utf8_encode('Administrar el Inventario de Insumos'),
'autoHide' => true
),
'hidden' => false,
'disabled' => false
)
);
break;

default :
echo '..';
break;
}

echo $json_service->encode($tbElements);

?>


my dynamic_toolbar.js :


var WestToolbar = function() {
var west_tb;
return {
init : function() {
west_tb = new Ext.Toolbar('west-tb');

//BOTENES DE LOS MODULOS
Ext.Ajax.request({
url:'web/commands/westTbElements.php',
method:'post',
callback: function(opts,suss,resp){
jsonData = Ext.decode(resp.responseText);
removeAllElementsFromToolbar();
addElementsToToolbar(jsonData);
}
});

function removeAllElementsFromToolbar(){
while(west_tb.items.getCount() > 0)
{
var item = west_tb.items.itemAt(0);
west_tb.items.removeAt(0);
item.destroy();
}
};

function addElementsToToolbar(elements){
for(var i=0; i<elements.length; i++){
var element = elements[i];
switch (element.type)
{
case 'button' :
if(element.config['handler']){
element.config['handler'] = /*Ext.decode*/eval(element.config['handler']);
}
west_tb.addButton(element.config);
break;

case 'separator' :
west_tb.add('-');
break;

case 'texfield' :
west_tb.addField(new Ext.form.TextField(element.config));
break;

case 'text' :
west_tb.addText(element.config);
break;

default :
alert('button type: unknow');
}
}
};
},

onItemToggle : function(item, pressed){
if(pressed){
MainViewer.addMenuTree(item.id, item.title);
}
}
};
}();
//Ext.onReady(west_tb.init, west_tb);

I think also that the preferred way to decode JSON is to use Ext.decode(), for safety reasons.

Here is recommended way which adds common "*toJSON" methods, in javaScript, via JSON.org:

http://www.json.org/json.js

violinista,

ok, i'm agree with you. "the preferred way to decode JSON is to use Ext.decode(), for safety reasons", but so, can you helpme with that:

this works: (php encode to json)


'handler' => 'onItemToggle',


my js:



case 'button' :
if(element.config['handler']){
element.config['handler'] = eval(element.config['handler']);
}


but this dont work:


element.config['handler'] = Ext.decode(element.config['handler']);

return: onItemToggle is not define

whats i wrong??

violinista...??? :-|

violinista...??? :-|
or someone else. i wanna know the reason as well. cheers..

"Safe"?! What precisely is not "safe" about eval()?

If you're using XHR to retrieve JSON then it must come from your own domain and is therefore trustworthy. As such, there's nothing to warrant the monstrous processing necessary to manually process a JSON string into an object or array literal.

Actually, that is the entry point for a "man in the middle attack". If your site is spoofed... which is possible, even on SSL, a normal user may ignore the warning by the browser, and allow the site to continue... this would now allow a data request (which was suppose to fail on JSON format) to execute un-intented javascript code. Now you may say its the user's fault... however, its best to assume that users do not understand this... and its our duty to protect them.

Then again... what can you do if the static JS files were spoofed. I guess its a matter of reducing the risk? Ideally your correct, the server should be secured and trusted.

nice work... thanks for this... very helpful... any updates on the code?