I’ve started working on amfphp 2 and if there is one thing I hate about amfphp it is certainly writing that darn methodTable. Now with amfphp 1.2 I’ve made it so it’s possible to generate the method table from the service browser, thanks to Christophe Herreman’s MethodTable class. I still hate the fact that methodTable is still used though. I’m all with Aral on convention over configuration, so I’m thinking of scrapping the whole thing, and I want your opinion.

Here is a list of all the keywords that are supported in methodTable. The most important keyword here is access, which is set to remote for a remote method. I was thinking using the same convention as CakePHP: if it starts with an underscore, it’s private, otherwise, it’s a remote method (public and private keywords may be used instead in PHP5). The metadata tags (args and description) are only needed in the service browser and can be generated on the fly by it, if required, so that’s accounted for. Instance and alias are old features that are barely used AFAIK so we could scrap them without anybody crying.

So we have left roles, returns and pagesize. For pagesize, I could always check if there exists a method called ${methodName}_count and then assume it’s a pageable recordset if there is such a method. The pagesize value is actually only used on the first call, so I don’t think it would be a major pain to always set it to 15 or 20. Returns is only ever useful if you want to type an xml strings as xml and not as a string; but why would you send xml through amfphp? I’ve also seen a lot of people misuse the feature and getting strange bugs, so I don’t think it’d be a big deal.

The big one is roles. Although I can definitely see the theoretical usefulness of roles, I think the way it was implemented in Remoting is flawed. First of all credentials are sent on every call, and logging out is not as straightforward as it seems; I have patched amfphp however to get around these issues. Roles don’t carry across services in a straightforward manner. The fact that you have to ping a dummy remote method to see if your login was succesful is downright annoying. I also think that for any serious security you would probably use some ready-made authentication package like what comes in Cake or in PEAR. So my question is: is roles useful, and if so, is it useful enough to warrant keeping the methodTable?