Contentbox starting out questions

Hi there,

This has turned out to be a little long - so I am sorry about - and thanks for your time, in advance!

I started “investigating” ContentBox because I wanted to learn how to use the “Box” security modules and was advised that ContentBox might be a good source of learning material.

I haven’t used a CMS, before this.
My view on them was that it was for running a website (maintaining content-primarily) and/or blog. that was effectively for hosting your own “Wordpress” presence.
And while this is accurate - ContentBox is capable of a lot more…

So, this post is actually asking for two things, please…

Let me give you some context first:
I have an existing ColdBox app that I am writing and it is currently nothing more than a CRUD app.

  • List DB entries via ORM objects
  • Forms to insert/edit/delete DB entries via ORM objects

At the moment, at least, there is no (working) authentication/authorisation and there are any extensive “business rules” attached to any of the forms, yet either.

Q1:
Can I “embed” this (simple ColdBox app) into a “plain” ContentBox install?
From my reading it would seem to be a case of “just” treating my app as if it were any other “box” module that you might install into a ContentBox instance. Is that “pretty much” all there is to it?
(disregarding layouts/themes/etc - for the time being?)

And, Q2:
Thanks to what I am learning about ContentBox I am actually wondering if I even need to do the above…
Can I just use ContentBox to “Author” my application in a Contentbox instance, effectively turning me into a “ContentBox configurator/admin” for this task?

Let me preface this - and practically every single thing I ever post here with.
I am not being lazy.
I am happy to write any amount of code.
I am very happy to put in any amount of effort required to learn something that is new to me, or,
relearn something I have forgotten, or,
subsequently find out, I have been doing incorrectly.

I am currently writing this application from the ground-up and am happy to do so.
And sometimes I just cannot see the Ortus Forest for all the “box” trees…

Is what I am looking for missing in the docs? Or have I just found the right place in the docs?

Ortus has a lot of documentation - but I find it quite difficult to grok.

A common example of what I see in the Ortus docs is:

“When implementing an “AAA” - you can use the following example code”

For everyone with a sound working knowledge of ColdBox/xxxBox - it may well be entirely evident that THIS code snippet belongs in the handler and that the NEXT snippet goes in the model - or it belongs in the Coldbox.cfc as part of configuration… But if you don’t have that knowledge - you have absolutely no idea, because you’re completely brand new!

And to further confuse the newcomer… THIS example code is written as cfscript code… while another example a few paragraphs further along - but in the same “content” of the the docs: is written as a set of statements that belong in a server.json or similar.

There are most definitely places in the documentation where the topic is something like:

  • Here is how you do it in code - in the handler
  • Here is how you do, the same thing, via config - in the Coldbox.cfc
  • Here is how you do, the same thing, with ENV variables…

Other times it is like:
*Here is a snippet - that belongs in the server.json

That’s OK - because if you want to use ENV vars - you know how to convert a server.json snippet to an ENV var. (Or you can at least learn “that” and thus apply the same process to every server.json example code you ever read in any Ortus docs.

But quite often/very often there just isn’t any “direction” beyond the example code.

  • There is no file name
  • There is no text about "this belong in your model/handler/etc)
  • JUST the example snippet.
  • No “title” for the snippet at all.

Let me yell out loud"
That’s not meant as a slur/insult, in any way… just the reasoning behind my questions - that I am sure at times read like : “Write my app for me - I am too lazy to do it myself”.
This is never my intent.

Anyway:
One of the application requirements is that a user upload a current driver’s license/a current CPR certification/etc.
These documents have an expiry date - so they need to be renewed.
The business requires that someone else (HR) - validate the document that was uploaded - before it is seen as being “accepted”.

Sounds very much like using the Media Library and the approval process of blog comments, combined - already available in ContentBox will solve this requirement… Woohoo!

Now, with a few reminders, please:

  • I have never used a CMS before, let alone ContentBox
  • I am still on my initial learning curve of ColdBox, too…
  • I totally realise that ContentBox is open source…

Therefore,

  • If I want something to do “A” instead of “B” - hack away as needed.
  • AND: (If it is “good” / implemented well etc - consider a PR back to the project…)

Is there “ContentBox”/“Box”/“Ortus”, built-in goodness, way to do this?

I am totally happy with: “No. alter the media library yourself to include the specifics of your approval process.”

But to a large degree my question is prompted by:
I have found via my ColdBox learning via my currently simple CRUD app that there is an extensive security framework - that already exists… so I didn’t need to hand-code checks for cross-site forgery exploits. I could have utilised the appropriate cb module - that “just plugs in” with a ColdBox app, instead.

Afterall, it is tested, probably covers more “holes/exploits” than my code ever would - and even if it doesn’t - it would have served as a fantastic starting point - if I new about it!

As always - thanks again for sticking it out with me this long and I sincerely hope that my tone/intent isn’t misread, too…

Hi Gavin! I know this is 2+ weeks old and without any response, a fact that I am quite sure is because Ortus just had the IntoTheBox conference last week and that demands a great deal of time and attention from the entire Ortus team.

<shameless_ITB2026_Plug>
If you've never been to ITB
I would highly recommend it! 
Knowledge, Expertise and Networking galore!
</shameless_ITB2026_Plug>

I can give a few tips, pointers and my $0.02. Keep in mind that I am by no means an authority on ColdBox, ContentBox, etc. and I am not an Ortus employee, however I have used ContentBox for many sites. I am sure I will mention things you already know, but I hope it can help a bit and maybe anyone else who comes across this post later down the road.

The Box ecosystem can be confusing at first. I swear I have heard myself singing “here a box, there a box, everywhere a box box”! When I first started using ColdBox there was a bit of a learning curve since I came from the world of “roll your own” when it came to frameworks. The more I learned the ColdBox MVC the more I loved it. Now I can’t stand working on a project without it.

The way I like to think of it is that ColdBox is, of course the framework, the foundation, the core… whichever you prefer, and with few exceptions the other Box products all run on that. ContentBox is no different.

ContentBox is just a ColdBox module. (well technically three modules) It runs on ColdBox like any other module, it’s just a bit, how should I say it… presumptuous that it is primary. This is usually ok and desired. If you are running ContentBox it usually means you want it to handle the website layout, basic pages, and more.

In my experience when developing a module to run alongside and integrate with ContentBox the areas that need to be taken into consideration are not limited to, but primarily:

1. User Management / Security

If your app requires users to login, this needs to be taken into consideration. You mentioned in reference to ColdBox, “there is an extensive security framework”. I assume you are talking about CBSecurity. ContentBox uses CBSecurity for its authentication and authorization. If you want to use CBSecurity on the same site as ContentBox, I am pretty sure you will need to let ContentBox handle your authentication and authorization. The nice thing is that you can use the ContentBox admin to manage all these accounts and you can add custom roles and permissions for your app users that won’t allow login to the ContentBox admin.

2. Routing

Routing can always be a pain point for me when developing any ColdBox application, and it seems more so sometimes with ContentBox modules due to all the admin and public routes that are registered. That is why the ColdBox Route Visualizer can be your best friend some days! The ContentBox Docs do have some help on module routing as well.

3. layout

If you want your modules views to use the ContentBox themed layout you need to call cbHelper.prepareUIRequest( layout="pages" ) with the layout you want to use. Note that if you use a custom ContentBox theme you can create a custom layout to be used for your module instead of pages. So, how do you call this? Here is what I have done, although I don’t rule out that there may be a better way. All this is in the ContentBox Docs right here

  1. I inject the CBHelper model into my handler
component{

	property name="cbHelper" inject="CBHelper@cb";

	// ...
}
  1. To simplify and reduce repeating myself, I call this in the preHandler() interceptor so it is run for every handler action. This will setup the layout and most everything that ContentBox layout is looking for in the RC or PRC scopes.
// executes before any action
function preHandler( event, rc, prc, action, eventArguments ){
	cbHelper.prepareUIRequest( layout="pages" );
}

This seems to work well for me. If you don’t need to use the prepareUIRequest () in every action you can just call in in every action and remove it from the preHander()

Honestly, it’s up to you if you want to the ContentBox Media Library. IMO there may be a much larger learning curve to use these to do exactly what you want when you can probably already do this outside of the ContentBox functionality. You could handle this process yourself, being sure to place uploaded files outside the web root, etc. and create a ContentBox Admin page to handle the approval process. Here are a few links that may help with integrating with the ContentBox Admin.

I know my response is a little long winded. I hope it helps even a little bit. Anyone is always welcome to correct anything I may be off base on. Please feel free to follow up with any questions and/or comments and I will be more than happy to throw my $0.02 in again!

Have a great day!