backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleaned auth module by removing useless code.

Browse Source 
Added CMS_USER_API.user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE
Added enabled/disabled status in admin/install.
This commit is contained in:
Jocelyn FIAT
2015-07-14 18:59:09 +02:00
parent d4fc9f9411
commit 2040a746dd
6 changed files with 123 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
modules/auth/cms_authentication_module.e
View File

@@ -102,9 +102,9 @@ feature -- Hooks configuration
value_table_alter (a_value: CMS_VALUE_TABLE; a_response: CMS_RESPONSE)
-- <Precursor>
do
a_value.force (a_response.user, "user")
end
menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
-- Hook execution on collection of menu contained by `a_menu_system'
-- for related response `a_response'.
@@ -129,11 +129,9 @@ feature -- Handler
r: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_value ("Account Info", "optional_content_type")
if attached template_block ("account_info", r) as l_tpl_block then
r.set_value (current_user (req), "user")
if attached current_user (req) as l_user then
if attached r.user as l_user then
r.set_value (api.user_api.user_roles (l_user), "roles")
end
r.add_block (l_tpl_block, "content")
@@ -158,7 +156,6 @@ feature -- Handler
r.execute
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_value ("Login", "optional_content_type")
r.execute
end
end
@@ -172,14 +169,11 @@ feature -- Handler
r.execute
end
handle_register (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
l_user_api: CMS_USER_API
u: CMS_USER
l_roles: LIST [CMS_USER_ROLE]
l_exist: BOOLEAN
es: CMS_AUTHENTICATON_EMAIL_SERVICE
l_url: STRING
@@ -187,7 +181,6 @@ feature -- Handler
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("account register") then
r.set_value ("Register", "optional_content_type")
if req.is_post_request_method then
if
attached {WSF_STRING} req.form_parameter ("name") as l_name and then
@@ -198,24 +191,20 @@ feature -- Handler
if attached l_user_api.user_by_name (l_name.value) then
-- Username already exist.
r.values.force ("User name already exists!", "error_name")
r.set_value ("User name already exists!", "error_name")
l_exist := True
end
if attached l_user_api.user_by_email (l_email.value) then
-- Emails already exist.
r.values.force ("An account is already associated with that email address!", "error_email")
r.set_value ("An account is already associated with that email address!", "error_email")
l_exist := True
end
if not l_exist then
-- New user
create {ARRAYED_LIST [CMS_USER_ROLE]}l_roles.make (1)
l_roles.force (l_user_api.authenticated_user_role)
create u.make (l_name.value)
u.set_email (l_email.value)
u.set_password (l_password.value)
u.set_roles (l_roles)
l_user_api.new_user (u)
-- Create activation token
@@ -229,8 +218,8 @@ feature -- Handler
es.send_contact_email (l_email.value, l_url)
else
r.values.force (l_name.value, "name")
r.values.force (l_email.value, "email")
r.set_value (l_name.value, "name")
r.set_value (l_email.value, "email")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
end
@@ -257,12 +246,10 @@ feature -- Handler
l_user.mark_active
l_user_api.update_user (l_user)
l_user_api.remove_activation (l_token.value)
r.set_value ("Account activated", "optional_content_type")
r.set_main_content ("<p> Your account <i>"+ l_user.name +"</i> has been activated</p>")
else
-- the token does not exist, or it was already used.
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
r.set_value ("Account not activated", "optional_content_type")
r.set_main_content ("<p>The token <i>" + l_token.value +"</i> is not valid " + r.link ("Reactivate Account", "account/reactivate", Void) + "</p>")
end
r.execute
@@ -290,7 +277,7 @@ feature -- Handler
if attached {CMS_USER} l_user_api.user_by_email (l_email.value) as l_user then
-- User exist create a new token and send a new email.
if l_user.is_active then
r.values.force ("The asociated user to the given email " + l_email.value + " , is already active", "is_active")
r.set_value ("The asociated user to the given email " + l_email.value + " , is already active", "is_active")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
else
l_token := new_token
@@ -303,8 +290,8 @@ feature -- Handler
es.send_contact_activation_email (l_email.value, l_url)
end
else
r.values.force ("The email does not exist or !", "error_email")
r.values.force (l_email.value, "email")
r.set_value ("The email does not exist or !", "error_email")
r.set_value (l_email.value, "email")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
end
@@ -336,8 +323,8 @@ feature -- Handler
write_debug_log (generator + ".handle register: send_contact_password_email")
es.send_contact_password_email (l_email.value, l_url)
else
r.values.force ("The email does not exist !", "error_email")
r.values.force (l_email.value, "email")
r.set_value ("The email does not exist !", "error_email")
r.set_value (l_email.value, "email")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
elseif attached {WSF_STRING} req.form_parameter ("username") as l_username then
@@ -354,8 +341,8 @@ feature -- Handler
write_debug_log (generator + ".handle register: send_contact_password_email")
es.send_contact_password_email (l_email, l_url)
else
r.values.force ("The username does not exist !", "error_username")
r.values.force (l_username.value, "username")
r.set_value ("The username does not exist !", "error_username")
r.set_value (l_username.value, "username")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
end
@@ -372,9 +359,9 @@ feature -- Handler
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
l_user_api := api.user_api
if attached {WSF_STRING} req.query_parameter ("token") as l_token then
r.values.force (l_token.value, "token")
r.set_value (l_token.value, "token")
if l_user_api.user_by_password_token (l_token.value) = Void then
r.values.force ("The token " + l_token.value + " is not valid, " + r.link ("click here" , "account/new-password", Void) + " to generate a new token.", "error_token")
r.set_value ("The token " + l_token.value + " is not valid, " + r.link ("click here" , "account/new-password", Void) + " to generate a new token.", "error_token")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
end
@@ -395,8 +382,8 @@ feature -- Handler
l_user_api.remove_password (l_token.value)
end
else
r.values.force ("Passwords Don't Match", "error_password")
r.values.force (l_token.value, "token")
r.set_value ("Passwords Don't Match", "error_password")
r.set_value (l_token.value, "token")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
end
@@ -426,8 +413,8 @@ feature -- Handler
r.set_redirection (req.absolute_script_url ("/account/post-change-password"))
else
if attached template_block ("account_info", r) as l_tpl_block then
r.set_value (l_user, "user")
r.values.force ("Passwords Don't Match", "error_password")
-- r.set_value (l_user, "user")
r.set_value ("Passwords Don't Match", "error_password")
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
r.add_block (l_tpl_block, "content")
end
@@ -536,17 +523,17 @@ feature {NONE} -- Block views
get_block_view_login (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
local
vals: CMS_VALUE_TABLE
-- vals: CMS_VALUE_TABLE
do
if attached template_block (a_block_id, a_response) as l_tpl_block then
create vals.make (1)
-- add the variable to the block
value_table_alter (vals, a_response)
across
vals as ic
loop
l_tpl_block.set_value (ic.item, ic.key)
end
-- create vals.make (1)
-- -- add the variable to the block
-- value_table_alter (vals, a_response)
-- across
-- vals as ic
-- loop
-- l_tpl_block.set_value (ic.item, ic.key)
-- end
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
@@ -557,33 +544,35 @@ feature {NONE} -- Block views
get_block_view_register (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
do
if a_response.request.is_get_request_method then
if attached template_block (a_block_id, a_response) as l_tpl_block then
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
a_response.add_warning_message ("Error with block [" + a_block_id + "]")
end
end
elseif a_response.request.is_post_request_method then
if a_response.values.has ("error_name") or else a_response.values.has ("error_email") then
if a_response.has_permission ("account register") then
if a_response.request.is_get_request_method then
if attached template_block (a_block_id, a_response) as l_tpl_block then
l_tpl_block.set_value (a_response.values.item ("error_name"), "error_name")
l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
l_tpl_block.set_value (a_response.values.item ("email"), "email")
l_tpl_block.set_value (a_response.values.item ("name"), "name")
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
a_response.add_warning_message ("Error with block [" + a_block_id + "]")
end
end
else
if attached template_block ("post_register", a_response) as l_tpl_block then
a_response.add_block (l_tpl_block, "content")
elseif a_response.request.is_post_request_method then
if a_response.values.has ("error_name") or else a_response.values.has ("error_email") then
if attached template_block (a_block_id, a_response) as l_tpl_block then
-- l_tpl_block.set_value (a_response.values.item ("error_name"), "error_name")
-- l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
-- l_tpl_block.set_value (a_response.values.item ("email"), "email")
-- l_tpl_block.set_value (a_response.values.item ("name"), "name")
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
a_response.add_warning_message ("Error with block [" + a_block_id + "]")
end
end
else
debug ("cms")
a_response.add_warning_message ("Error with block [" + a_block_id + "]")
if attached template_block ("post_register", a_response) as l_tpl_block then
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
a_response.add_warning_message ("Error with block [" + a_block_id + "]")
end
end
end
end
@@ -604,9 +593,9 @@ feature {NONE} -- Block views
elseif a_response.request.is_post_request_method then
if a_response.values.has ("error_email") or else a_response.values.has ("is_active") then
if attached template_block (a_block_id, a_response) as l_tpl_block then
l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
l_tpl_block.set_value (a_response.values.item ("email"), "email")
l_tpl_block.set_value (a_response.values.item ("is_active"), "is_active")
-- l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
-- l_tpl_block.set_value (a_response.values.item ("email"), "email")
-- l_tpl_block.set_value (a_response.values.item ("is_active"), "is_active")
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
@@ -638,10 +627,10 @@ feature {NONE} -- Block views
elseif a_response.request.is_post_request_method then
if a_response.values.has ("error_email") or else a_response.values.has ("error_username") then
if attached template_block (a_block_id, a_response) as l_tpl_block then
l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
l_tpl_block.set_value (a_response.values.item ("email"), "email")
l_tpl_block.set_value (a_response.values.item ("error_username"), "error_username")
l_tpl_block.set_value (a_response.values.item ("username"), "username")
-- l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
-- l_tpl_block.set_value (a_response.values.item ("email"), "email")
-- l_tpl_block.set_value (a_response.values.item ("error_username"), "error_username")
-- l_tpl_block.set_value (a_response.values.item ("username"), "username")
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
@@ -664,8 +653,8 @@ feature {NONE} -- Block views
do
if a_response.request.is_get_request_method then
if attached template_block (a_block_id, a_response) as l_tpl_block then
l_tpl_block.set_value (a_response.values.item ("token"), "token")
l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
-- l_tpl_block.set_value (a_response.values.item ("token"), "token")
-- l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
@@ -675,9 +664,9 @@ feature {NONE} -- Block views
elseif a_response.request.is_post_request_method then
if a_response.values.has ("error_token") or else a_response.values.has ("error_password") then
if attached template_block (a_block_id, a_response) as l_tpl_block then
l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
l_tpl_block.set_value (a_response.values.item ("error_password"), "error_password")
l_tpl_block.set_value (a_response.values.item ("token"), "token")
-- l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
-- l_tpl_block.set_value (a_response.values.item ("error_password"), "error_password")
-- l_tpl_block.set_value (a_response.values.item ("token"), "token")
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")

8
src/persistence/user/cms_user_storage_i.e
View File

@@ -137,6 +137,11 @@ feature -- Access: roles and permissions
deferred
end
user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE
-- User role by name `a_id', if any.
deferred
end
user_roles_for (a_user: CMS_USER): LIST [CMS_USER_ROLE]
-- User roles for user `a_user'.
-- Note: anonymous and authenticated roles are not included.
@@ -179,4 +184,7 @@ feature -- Change: User password recovery
deferred
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

7
src/persistence/user/cms_user_storage_null.e
View File

@@ -66,6 +66,10 @@ feature -- Access: roles and permissions
do
end
user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE
do
end
user_roles_for (a_user: CMS_USER): LIST [CMS_USER_ROLE]
-- User roles for user `a_user'.
-- Note: anonymous and authenticated roles are not included.
@@ -108,4 +112,7 @@ feature -- Change: User password recovery
do
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

23
src/persistence/user/cms_user_storage_sql_i.e
View File

@@ -357,6 +357,26 @@ feature -- Access: roles and permissions
end
end
user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE
-- User role by name `a_name', if any.
local
l_parameters: STRING_TABLE [ANY]
do
error_handler.reset
write_information_log (generator + ".user_role_by_name")
create l_parameters.make (1)
l_parameters.put (a_name, "name")
sql_query (select_user_role_by_name, l_parameters)
if sql_rows_count = 1 then
Result := fetch_user_role
if Result /= Void and not has_error then
fill_user_role (Result)
end
else
check no_more_than_one: sql_rows_count = 0 end
end
end
user_roles_for (a_user: CMS_USER): LIST [CMS_USER_ROLE]
local
l_parameters: STRING_TABLE [ANY]
@@ -817,6 +837,9 @@ feature {NONE} -- Sql Queries: USER ROLE
select_user_role_by_id: STRING = "SELECT rid, name FROM roles WHERE rid=:rid;"
-- User role for role id :rid;
select_user_role_by_name: STRING = "SELECT rid, name FROM roles WHERE name=:name;"
-- User role for role name :name;
sql_insert_user_role_permission: STRING = "INSERT INTO role_permissions (rid, permission, module) VALUES (:rid, :permission, :module);"
-- SQL Insert a new permission :permission for user role :rid.

24
src/service/handler/cms_admin_install_handler.e
View File

@@ -66,7 +66,13 @@ feature -- HTTP Methods
loop
l_module := ic.item
if api.is_module_installed (l_module) then
s.append ("<li>" + l_module.name + " is already installed.</li>%N")
s.append ("<li>")
s.append (l_module.name)
if l_module.is_enabled then
s.append (" </strong>[enabled]</strong>")
end
s.append (" is already installed.")
s.append ("</li>%N")
else
lst.force (l_module)
end
@@ -76,11 +82,19 @@ feature -- HTTP Methods
lst as ic
loop
l_module := ic.item
if api.is_module_installed (l_module) then
s.append ("<li>" + l_module.name + " was successfully installed.</li>%N")
else
s.append ("<li>" + l_module.name + " could not be installed!</li>%N")
s.append ("<li>")
s.append (l_module.name)
if l_module.is_enabled then
s.append (" </strong>[enabled]</strong>")
end
if api.is_module_installed (l_module) then
s.append (" was successfully installed.")
else
s.append (" could not be installed!")
s.append (" <span class=%"error%">[ERROR]</span>")
end
s.append ("</li>%N")
end
s.append ("</ul>")
r.set_main_content (s)

5
src/service/user/cms_user_api.e
View File

@@ -123,6 +123,11 @@ feature -- User roles.
Result := storage.user_role_by_id (a_id)
end
user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE
do
Result := storage.user_role_by_name (a_name)
end
feature -- Change User
new_user (a_user: CMS_USER)