#1 Re: PDF Engine » PDFEngine Clipping Implementation + Output stream optimizations » 2022-06-10 07:52:43

ab wrote:

My concern is that almost every time I merge some pull request in SynPdf which pleases some users, there is a regression for others...
So I usually un-merge it a few days later...

Perhaps it would make sense to investigate some kind of PDF testing tool? I suspect, as an example, that it would be possible to use Chromium to produce images out of reference PDF documents, and some kind of image comparison algorithm to compare documents generated by nightly builds with those references.
Or perhaps a similar open source tool already exists in the JavaScript / Go / .net... ecosystem?
What do you think @ab ?

#2 PDF Engine » Setting the PDFA1 property after creation can raise and exception » 2016-05-31 15:55:22

Replies: 0

Hello Arnaud,

After creating an encrypted (and only in that case) TPdfDocument, if the document's PDFA1 property is changed, an exception is raised when the PDF document is saved.
This doesn't happen if the document is not encrypted or if the PDFA1 property is not modified after creation.

I can provide a test project, and open a ticket if needed.


#3 Re: PDF Engine » Hyperlinks in PDF Pages » 2016-05-27 15:22:34

ab wrote:

You could create a new CreateExternalLink method just like TPdfDocument.CreateLink, by following the PDF reference about such external links.

Hello Arnaud,
I've written the following procedure to create external hyperlinks.
Even though I'm not a PDF expert, it looks like it is working even for complex links. Any feedback is welcome.
Hopefully this can be included as-is in SynPDF source code:

function TPDFDocument.CreateExternalLink(const ARect: TPdfRect; const anUrl: RawUTF8;
  BorderStyle: TPdfAnnotationBorder; BorderWidth: integer): TPdfDictionary;
  anAction: TPdfDictionary;
  result := CreateAnnotation(asLink, ARect, BorderStyle, BorderWidth);
  anAction := TPdfDictionary.Create(FXRef);
  anAction.AddItem('Type', 'Action');
  anAction.AddItem('S', 'URI');
  anAction.AddItemTextUTF8('URI', anUrl);
  Result.AddItem('A', anAction);

#4 Re: PDF Engine » CreateLink coordinates » 2016-05-04 08:17:56

Perhaps you should create tickets: http://synopse.info/fossil/reportlist
Those would be great additions indeed.

#5 Re: PDF Engine » CreateLink coordinates » 2016-04-28 08:26:32

From a quick overview of your screenshot, it looks like the Y is simply inverted for the link.
Perhaps the CreateLink's reference point is the bottom left of the document while the rectangle's reference is the top left ? Not sure why.

#6 Re: mORMot 1 » @mORMot.ServiceContext.Factory is nil when method is called from Serve » 2015-06-01 09:47:55

I received the following PM from "douglasmmm" regarding this thread. Unfortunately, I do not recall how this was fixed and do not have access to that test anymore. So I'm posting the message here in case somebody can help him:

douglasmmm wrote:

about you post "@mORMot.ServiceContext.Factory is nil when method is called from Serve" in Synopse forum.

you could implement the solution?
I ask because I could not understand when AB says 'is to inject the TSQLRestServer instance in the interface constructor".


#7 Re: mORMot 1 » Server Side Validation » 2015-04-08 09:28:11

IMHO any kind of clients (REST included) must be put on a leash as there are plenty of bad things they could do which they shouldn't be allowed to. From the top of my head, I can think about:
- Access resources (rows/fields) without proper permission
- Delete/Update resources without proper permission
- Send invalid data which could result in either data corruption or server crash
- Send malformed (string instead of int, data is too long...) or missing data (required field) which could lead to future problems (data analysis, report generation...)

Where it should be done is another question which should be carefully thought out:
- Invalid access permissions should be checked (at the very least) before returning data to the client. If not before accessing data in the persistence storage
- Invalid modification access should be checked before modifying the persistence storage
- Invalid formated data or missing data should be checked before modifying the persistence storage
- Invalid data resulting in server crash should be handled as soon as it is received (e.g data flood, invalid characters, invalid requests...)
- Invalid data resulting in data corruption should be handled before writing to persistence storage

Regarding table access security, this is great but not enough for most systems: row-level and even field-level security and validation should be handled from the server.
I admit I do not know mORMot enough to say that it is not possible to do so or that it should handle everything.
But as far as I can tell mORMot includes both the data persistence access and REST server with direct interactions between them so it should provide a way to interfere and add safe guards between both.

I hope you'll see those remarks as constructive, not critics wink

#8 Re: mORMot 1 » Server Side Validation » 2015-04-08 06:21:31

ab wrote:

So validation should be done on client side, before sending the data to the server.

Clients must never be trusted!

#9 Re: mORMot 1 » The future of mORMot is BigData » 2015-01-02 12:25:01

Auto-synch between servers and clients would be amazing!
This would be a potential alternative to the very popular and great Firebase recently purchased by Google: https://www.firebase.com/
Happy new year Arnaud and best wishes for you and your rodents smile

#11 Re: mORMot 1 » Custom authorization: where to start ? » 2014-11-25 11:26:19

OK Thanks. Perhaps in a future update.

#12 mORMot 1 » Custom authorization: where to start ? » 2014-11-20 15:51:14

Replies: 2

I'm really confused about authorization in mORMot. I'm using a TSQLHttpServer.
I understand I should use TSQLAuthUser and TSQLAuthGroup to provide per-table restrictions.
However, how to handle more complex scenarios such as for example:

* A user who created a specific TBlogArticleRecord can have CRUD right access for it while other users can only have read access on that record ?
* A user can only receive a list of the TBlogArticleRecord he has the rights to read when calling for example TBlogArticleRecord.CreateAndFillPrepare as server will filter any un-authorized records ?

Thanks for any help.

#13 Re: SyNode » Adding JavaScript support for mORMot framework » 2014-11-20 13:28:41

That's exactly what I wanted. Thank you very much mpv!
Should I take care of freeing the TSMObjects (e.g. blogObj.free) when the engine is freed or are they owned by the engine ?

#14 Re: SyNode » Adding JavaScript support for mORMot framework » 2014-11-19 16:33:47

Is it possible and how to register an object method ? I tried the following:


But then I get the following error:

> blog.article.create('test');  // <-- Error: blog.article is undefined

I believe both "blog" and "blog.article" should be registered as objects but I do not know how this can be done.
Any help would be greatly appreciated.

#17 mORMot 1 » @mORMot.ServiceContext.Factory is nil when method is called from Serve » 2014-11-03 17:02:09

Replies: 6

I'm trying to access an interfaced based service method. It is working fine when called from the client, but when calling from the server, ServiceContext.Factory is always nil:

  aContext := @mORMot.ServiceContext;
  if Assigned(aContext.Factory) then  //  <---- Factory is nil when called from the server

I'm using this as I need to access the Rest server from that method, to do a DB.BackupBackground.
How can this be handled ? Should I not rely on ServiceContext and use a global instance of my server instead ? This won't be great as this method is shared by both client and server.

Any help would be greatly appreciated.

#18 Re: mORMot 1 » AV SpiderMonkey Mustache rendered failed » 2014-09-22 10:21:59

ab wrote:

BTW, did you try to define the method as such:

procedure JSContext.SetOptions(Value: TJSOptions);

(i.e. without the "const")

Unfortunately this still produces an exception in XE3.

#19 Re: mORMot 1 » AV SpiderMonkey Mustache rendered failed » 2014-09-18 13:17:40

I've tried multiple compilation options without any success. I've also tried disabling IDEFixPack without success.
The new code doesn't change anything either. And indeed, it looks like a wrong value is passer to the method.

So this is what I tried and it fixed the problem is:
- Make JSContext.SetOptions public
- In TSMEngine.Create call it instead of assigning to the property

Not sure how this can be explained.

#20 Re: mORMot 1 » AV SpiderMonkey Mustache rendered failed » 2014-09-18 10:20:19

mpv wrote:

Somebody REALLY need SM for XE3?

No but it's not reassuring that a specific Delphi version crashes wink
Anything we can do to try to debug this issue ?
Also, perhaps this should be prominently written somewhere to avoid people thinking either they got the wrong DLLs or the code is not working at all.

#21 Re: mORMot 1 » AV SpiderMonkey Mustache rendered failed » 2014-09-16 12:49:23

I can confirm the exception for JS_SetOptions on Delphi XE 3 sad

#22 Re: mORMot 1 » Business model and sponsored work » 2012-12-30 13:14:50

Thank you very much for taking the time to answer. I think accepting sponsored work through your company is a great idea and provides additional points for the mORMot project when used for commercial usages.

#23 mORMot 1 » Business model and sponsored work » 2012-12-27 17:03:22

Replies: 4


I'm currently evaluating various options for a future rewrite of a big project and I'm really impressed with the quantity of work and dedication Arnaud Bouchez put in the mORMot framework, documentation, web-site and associated projects. Congratulation!
That being said, choosing a framework for a project not only implies making sure it is technically good, but also that is will be supported and enhanced in the long run. Being open source is obviously a great start but this is not a guarantee that this will be updated in the future (See some great TurboPower projects which are hardly maintained anymore). So I wonder what is the business model around the mORMot framework: Is there some paid support or product covering the development costs, or a company sponsoring the work on the framework or... ? OR is it a pure gift to the Delphi community out of Arnaud Bouchez' own time ?
Also, would you consider sponsored work should we need a custom feature/fix/advanced support in the future ?

Thank you for your time and great framework. I will be back on those forums as I'll spend time evaluating the framework wink

Best regards.

Board footer

Powered by FluxBB