backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated cms admin

Browse Source
This commit is contained in:
jvelilla
2015-07-29 19:31:18 -03:00
parent 500f8f78a4
commit 3ebffad3d6
21 changed files with 2825 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
modules/admin/handler/cms_admin_handler.e Normal file
View File

@@ -0,0 +1,91 @@
note
description: "[
handler for CMS admin in the CMS interface.
TODO: implement REST API.
]" author: ""
date: "$Date$"
revision: "$Revision$"
class
CMS_ADMIN_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
rename
execute as uri_execute,
new_mapping as new_uri_mapping
end
WSF_URI_TEMPLATE_HANDLER
rename
execute as uri_template_execute,
new_mapping as new_uri_template_mapping
select
new_uri_template_mapping
end
WSF_RESOURCE_HANDLER_HELPER
redefine
do_get,
do_post
end
REFACTORING_HELPER
create
make
feature -- execute
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute_methods (req, res)
end
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
r.execute
else
r.execute
end
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
r.execute
else
r.execute
end
end
end

241
modules/admin/handler/cms_admin_response.e Normal file
View File

@@ -0,0 +1,241 @@
note
description: "Summary description for {CMS_ADMIN_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_ADMIN_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
end
create
make
feature {NONE} -- Initialization
make (req: WSF_REQUEST; res: WSF_RESPONSE; a_api: like api)
do
create {WSF_NULL_THEME} wsf_theme.make
Precursor (req, res, a_api)
end
initialize
do
Precursor
create {CMS_TO_WSF_THEME} wsf_theme.make (Current, theme)
end
wsf_theme: WSF_THEME
feature -- Process
process
local
b: STRING
do
create b.make_empty
set_title (translation ("Admin Page", Void))
b.append ("<ul id=%"content-types%">")
fixme ("Check how to make it configurable")
if has_permissions (<< "View any">>) then
b.append ("<li>" + link ("Users", "admin/users", Void))
b.append ("<div class=%"description%">View/Edit/Add Users</div>")
b.append ("</li>")
b.append ("<li>" + link ("Roles", "admin/roles", Void))
b.append ("<div class=%"description%">View/Edit/Add Roles</div>")
b.append ("</li>")
end
b.append ("</ul>")
set_main_content (b)
end
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
feature -- Admin: Add User Form
handle_admin_user_form
local
s: STRING
f: CMS_FORM
t: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
f_submit: WSF_FORM_SUBMIT_INPUT
do
create f.make (request.percent_encoded_path_info, {CMS_ADMIN_MODULE}.name )
create fs.make
fs.set_legend ("Create new user without password:")
create t.make_with_text ("username", "")
t.set_label ("User name")
t.enable_required
t.set_placeholder ("username")
fs.extend (t)
create fe.make_with_text ("email", "")
fe.set_label ("Email")
fe.set_placeholder ("valid email")
fs.extend (fe)
create f_submit.make_with_text ("op", "Create user")
fs.extend (f_submit)
create f_submit.make_with_text ("op", "Update user")
fs.extend (f_submit)
f.extend (fs)
if request.is_post_request_method then
create s.make_empty
f.validation_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API)
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if attached fd.string_item ("username") as l_username then
if attached ia_api.user_api.user_by_name (l_username) then
fd.report_invalid_field ("username", "Username already taken!")
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached ia_api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if ia_api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end(?, api)
)
f.submit_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API; a_output: STRING)
local
u: CMS_USER
l_roles: detachable LIST [CMS_USER_ROLE]
l_trusted_user_role: detachable CMS_USER_ROLE
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if
attached fd.string_item ("username") as l_username and then
attached fd.string_item ("email") as l_email and then
l_email.is_valid_as_string_8
then
create u.make (l_username)
u.set_email (l_email.as_string_8)
u.set_password (new_random_password (u))
ia_api.user_api.new_user (u)
if ia_api.user_api.has_error then
end
a_output.append ("<li>New user ["+ html_encoded (l_username) +"] created.</li>")
else
fd.report_invalid_field ("username", "Missing username!")
fd.report_invalid_field ("email", "Missing email address!")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if
attached fd.string_item ("username") as l_username and then
attached ia_api.user_api.user_by_name (l_username) as l_user
then
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role = Void then
create l_trusted_user_role.make ("trusted")
ia_api.user_api.save_user_role (l_trusted_user_role)
end
l_trusted_user_role.add_permission ("admin wdocs")
l_trusted_user_role.add_permission ("edit wdocs page")
l_trusted_user_role.add_permission ("create wdocs page")
l_trusted_user_role.add_permission ("delete wdocs page")
l_trusted_user_role.add_permission ("edit any wdocs page")
l_trusted_user_role.add_permission ("delete any wdocs page")
l_trusted_user_role.add_permission ("clear wdocs cache")
l_trusted_user_role.add_permission ("create page")
l_trusted_user_role.add_permission ("edit any page")
l_trusted_user_role.add_permission ("delete any page")
l_trusted_user_role.add_permission ("create blog")
l_trusted_user_role.add_permission ("edit any blog")
l_trusted_user_role.add_permission ("delete any blog")
l_trusted_user_role.add_permission ("edit any node")
l_trusted_user_role.add_permission ("delete any node")
ia_api.user_api.save_user_role (l_trusted_user_role)
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role /= Void then
u := l_user
ia_api.user_api.update_user (u)
l_roles := u.roles
if l_roles = Void then
create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1)
end
l_roles.force (l_trusted_user_role)
u.set_roles (l_roles)
ia_api.user_api.update_user (u)
a_output.append ("<li>User ["+ html_encoded (l_username) +"] updated.</li>")
else
a_output.append ("<li>User ["+ html_encoded (l_username) +"] NOT updated! [ERROR].</li>")
end
else
fd.report_invalid_field ("username", "User does not exist!")
end
end
end
end(?, api, s)
)
f.process (Current)
f.append_to_html (create {CMS_TO_WSF_THEME}.make (Current, Current.theme), s)
Current.set_main_content (s)
elseif request.is_get_head_request_method then
create s.make_empty
f.append_to_html (create {CMS_TO_WSF_THEME}.make (Current, Current.theme), s)
Current.set_main_content (s)
end
end
new_random_password (u: CMS_USER): STRING
-- Generate a new token activation token
local
l_token: STRING
l_security: SECURITY_PROVIDER
l_encode: URL_ENCODER
do
create l_security
l_token := l_security.token
create l_encode
from until l_token.same_string (l_encode.encoded_string (l_token)) loop
-- Loop ensure that we have a security token that does not contain characters that need encoding.
-- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
-- but the user will need to use an unencoded token if activation has to be done manually.
l_token := l_security.token
end
Result := l_token + url_encoded (u.name) + u.creation_date.out
end
end

113
modules/admin/handler/role/cms_admin_roles_handler.e Normal file
View File

@@ -0,0 +1,113 @@
note
description: "Summary description for {CMS_ADMIN_ROLE_HANDLER}."
date: "$Date$"
revision: "$Revision$"
class
CMS_ADMIN_ROLES_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
rename
execute as uri_execute,
new_mapping as new_uri_mapping
end
WSF_URI_TEMPLATE_HANDLER
rename
execute as uri_template_execute,
new_mapping as new_uri_template_mapping
select
new_uri_template_mapping
end
WSF_RESOURCE_HANDLER_HELPER
redefine
do_get
end
REFACTORING_HELPER
create
make
feature -- execute
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute_methods (req, res)
end
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
local
l_response: CMS_RESPONSE
s: STRING
u: CMS_USER_ROLE
l_count: INTEGER
user_api: CMS_USER_API
do
-- At the moment the template are hardcoded, but we can
-- get them from the configuration file and load them into
-- the setup class.
user_api := api.user_api
l_count := user_api.roles_count
create {GENERIC_VIEW_CMS_RESPONSE} l_response.make (req, res, api)
create s.make_empty
if l_count > 1 then
l_response.set_title ("Listing " + l_count.out + " Roles")
else
l_response.set_title ("Listing " + l_count.out + " Role")
end
if attached user_api.roles as lst then
s.append ("<ul class=%"cms-roles%">%N")
across
lst as ic
loop
u := ic.item
s.append ("<li class=%"cms_role%">")
s.append ("<a href=%"")
s.append (req.absolute_script_url ("/admin/role/"+u.id.out))
s.append ("%">")
s.append (u.name)
s.append ("</a>")
s.append ("</li>%N")
end
s.append ("</ul>%N")
end
if l_response.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
s.append (l_response.link ("Add Role", "admin/add/role", Void))
end
l_response.set_main_content (s)
l_response.execute
end
end

489
modules/admin/handler/role/cms_role_form_response.e Normal file
View File

@@ -0,0 +1,489 @@
note
description: "Summary description for {CMS_ROLE_FORM_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_ROLE_FORM_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
end
create
make
feature {NONE} -- Initialization
make (req: WSF_REQUEST; res: WSF_RESPONSE; a_api: like api)
do
create {WSF_NULL_THEME} wsf_theme.make
Precursor (req, res, a_api)
end
initialize
do
Precursor
create {CMS_TO_WSF_THEME} wsf_theme.make (Current, theme)
end
wsf_theme: WSF_THEME
feature -- Query
role_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- Role id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("id") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- Process
process
-- Computed response message.
local
b: STRING_8
uid: INTEGER_64
user_api: CMS_USER_API
do
user_api := api.user_api
create b.make_empty
uid := role_id_path_parameter (request)
if uid > 0 and then attached user_api.user_role_by_id (uid.to_integer) as l_role then
fixme ("refactor: process_edit, process_create process edit")
if request.path_info.ends_with_general ("/edit") then
edit_form (l_role)
elseif request.path_info.ends_with_general ("/delete") then
delete_form (l_role)
end
else
new_form
end
end
feature -- Process Edit
edit_form (a_role: CMS_USER_ROLE)
local
f: like new_edit_form
b: STRING
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_edit_form (a_role, url (request.path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent edit_form_validate(?,a_role, b))
f.submit_actions.extend (agent edit_form_submit(?, a_role, b))
f.process (Current)
fd := f.last_data
end
if a_role.has_id then
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("View", Void), "admin/role/" + a_role.id.out), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Edit", Void), "admin/role/" + a_role.id.out + "/edit"), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Delete", Void), "admin/role/" + a_role.id.out + "/delete"), primary_tabs)
end
if attached redirection as l_location then
-- FIXME: Hack for now
set_title (a_role.name)
b.append (html_encoded (a_role.name) + " saved")
else
set_title (formatted_string (translation ("Edit $1 #$2", Void), [a_role.name, a_role.id]))
f.append_to_html (wsf_theme, b)
end
set_main_content (b)
end
feature -- Process Delete
delete_form (a_role: CMS_USER_ROLE)
local
f: like new_delete_form
b: STRING
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_delete_form (a_role, url (request.path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
fd := f.last_data
end
if a_role.has_id then
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("View", Void), "admin/role/" + a_role.id.out), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Edit", Void), "admin/role/" + a_role.id.out + "/edit"), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Delete", Void), "admin/role/" + a_role.id.out + "/delete"), primary_tabs)
end
if attached redirection as l_location then
-- FIXME: Hack for now
set_title (a_role.name)
b.append (html_encoded (a_role.name) + " deleted")
else
set_title (formatted_string (translation ("Delete $1 #$2", Void), [a_role.name, a_role.id]))
f.append_to_html (wsf_theme, b)
end
set_main_content (b)
end
feature -- Process New
new_form
local
f: like new_edit_form
b: STRING
fd: detachable WSF_FORM_DATA
l_role: detachable CMS_USER_ROLE
do
create b.make_empty
f := new_edit_form (l_role, url (request.path_info, Void), "create-role")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent new_form_validate(?, b))
f.submit_actions.extend (agent edit_form_submit(?, l_role, b))
f.process (Current)
fd := f.last_data
end
if attached redirection as l_location then
-- FIXME: Hack for now
if attached l_role then
set_title (l_role.name)
b.append (html_encoded (l_role.name) + " Saved")
end
else
if attached l_role then
set_title (formatted_string (translation ("Saved $1 #$2", Void), [l_role.name, l_role.id]))
end
f.append_to_html (wsf_theme, b)
end
set_main_content (b)
end
feature -- Form
edit_form_submit (fd: WSF_FORM_DATA; a_role: detachable CMS_USER_ROLE; b: STRING)
local
l_save_role: BOOLEAN
l_update_role: BOOLEAN
l_role: detachable CMS_USER_ROLE
s: STRING
lnk: CMS_LINK
do
l_save_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Create role")
if l_save_role then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
end
b.append ("</li>")
end
end
create_role (fd)
end
l_update_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Update role")
if l_update_role then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
end
b.append ("</li>")
end
end
if attached a_role as u_role then
update_role (fd, u_role)
else
fd.report_error ("Missing Role")
end
end
end
edit_form_validate (fd: WSF_FORM_DATA; a_role: CMS_USER_ROLE; b: STRING)
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Update role") then
if
attached fd.string_item ("role") as l_role and then
not a_role.name.is_case_insensitive_equal (l_role)
then
if attached api.user_api.user_role_by_name (l_role) then
fd.report_invalid_field ("role", "Role already taken!")
end
else
if fd.string_item ("role") = Void then
fd.report_invalid_field ("role", "missing role")
end
end
if attached {WSF_TABLE} fd.item ("cms_perm[]") as l_perm then
a_role.permissions.compare_objects
from
l_perm.values.start
until
l_perm.values.after
loop
if attached {WSF_STRING} l_perm.value (l_perm.values.key_for_iteration) as l_value then
if a_role.permissions.has (l_value.value) then
fd.report_invalid_field ("cms_perm[]", "Permission " + l_value.value + " already taken!")
end
end
l_perm.values.forth
end
end
end
end
end
new_edit_form (a_role: detachable CMS_USER_ROLE; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for uSER `a_YSER' (if set), using form action url `a_url'.
local
f: CMS_FORM
th: WSF_FORM_HIDDEN_INPUT
do
create f.make (a_url, a_name)
create th.make ("role-id")
if a_role /= Void then
th.set_text_value (a_role.id.out)
else
th.set_text_value ("0")
end
f.extend (th)
populate_form (f, a_role)
Result := f
end
new_form_validate (fd: WSF_FORM_DATA; b: STRING)
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create role") then
if attached fd.string_item ("role") as l_role then
if attached api.user_api.user_role_by_name (l_role) then
fd.report_invalid_field ("role", "Role already taken!")
end
else
fd.report_invalid_field ("role", "missing role")
end
end
end
end
new_delete_form (a_role: detachable CMS_USER_ROLE; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for node `a_user' (if set), using form action url `a_url'.
local
f: CMS_FORM
ts: WSF_FORM_SUBMIT_INPUT
do
create f.make (a_url, a_name)
f.extend_html_text ("<br/>")
f.extend_html_text ("<legend>Are you sure you want to delete?</legend>")
-- TODO check if we need to check for has_permissions!!
if a_role /= Void and then a_role.has_id then
create ts.make ("op")
ts.set_default_value ("Delete")
fixme ("[
ts.set_default_value (translation ("Delete"))
]")
f.extend (ts)
create ts.make ("op")
ts.set_default_value ("Cancel")
ts.set_formmethod ("GET")
ts.set_formaction ("/admin/role/" + a_role.id.out)
f.extend (ts)
end
Result := f
end
populate_form (a_form: WSF_FORM; a_role: detachable CMS_USER_ROLE)
-- Fill the web form `a_form' with data from `a_node' if set,
-- and apply this to content type `a_content_type'.
local
ti: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
cb: WSF_FORM_CHECKBOX_INPUT
ts: WSF_FORM_SUBMIT_INPUT
do
if attached a_role as l_role then
create fs.make
fs.set_legend ("User Role")
create ti.make_with_text ("role", a_role.name)
ti.set_label ("Role")
ti.enable_required
fs.extend (ti)
a_form.extend (fs)
a_form.extend_html_text ("<br/>")
create fs.make
fs.set_legend ("Permissions")
if not l_role.permissions.is_empty then
across l_role.permissions as ic loop
create cb.make_with_value ("cms_permissions", ic.item)
cb.set_checked (True)
cb.set_label (ic.item)
fs.extend (cb)
end
end
fs.extend_html_text ("<div class=%"input_fields_wrap%"><button class=%"add_field_button%">Add More Permissions</button></div>")
create ti.make ("cms_perm[]")
fs.extend (ti)
a_form.extend (fs)
add_javascript_content (script_add_remove_items)
create ts.make ("op")
ts.set_default_value ("Update role")
a_form.extend (ts)
a_form.extend_html_text ("<hr>")
else
create fs.make
fs.set_legend ("User Role")
create ti.make ("role")
ti.set_label ("Role")
ti.enable_required
fs.extend (ti)
a_form.extend (fs)
a_form.extend_html_text ("<br/>")
create ts.make ("op")
ts.set_default_value ("Create role")
a_form.extend (ts)
a_form.extend_html_text ("<hr>")
end
end
update_role (a_form_data: WSF_FORM_DATA; a_role: CMS_USER_ROLE)
-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
local
l_permissions: LIST [READABLE_STRING_8]
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Update role") then
if
attached a_form_data.string_item("role") as l_role_name and then
attached a_form_data.string_item ("role-id") as l_role_id
and then attached {CMS_USER_ROLE} api.user_api.user_role_by_id (l_role_id.to_integer) as l_role
then
l_permissions := a_role.permissions
l_permissions.compare_objects
if attached {WSF_STRING} a_form_data.item ("cms_permissions") as u_role then
a_role.permissions.wipe_out
a_role.add_permission (u_role.value)
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_permissions") as u_permissions then
across
u_permissions as ic
loop
if not l_permissions.has (ic.item.value) then
a_role.remove_permission (ic.item.value)
end
end
else
a_role.permissions.wipe_out
end
if attached {WSF_TABLE} a_form_data.item ("cms_perm[]") as l_perm then
a_role.permissions.compare_objects
from
l_perm.values.start
until
l_perm.values.after
loop
if
attached {WSF_STRING} l_perm.value (l_perm.values.key_for_iteration) as l_value and then
not l_value.value.is_whitespace
then
a_role.add_permission (l_value.value)
end
l_perm.values.forth
end
end
if not a_form_data.has_error then
a_role.set_name (l_role_name)
api.user_api.save_user_role (a_role)
add_success_message ("Permissions updated")
end
else
a_form_data.report_error ("Missing Role")
end
end
end
end
create_role (a_form_data: WSF_FORM_DATA)
local
u: CMS_USER_ROLE
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create role") then
if attached a_form_data.string_item ("role") as l_role then
create u.make (l_role)
api.user_api.save_user_role (u)
if api.user_api.has_error then
-- handle error
else
add_success_message ("Created Role")
end
else
a_form_data.report_invalid_field ("username", "Missing role!")
end
end
end
end
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across
l_variables as c
loop
page.register_variable (c.item, c.key)
end
end
end
script_add_remove_items: STRING = "[
$(document).ready(function() {
var max_fields = 10; //maximum input boxes allowed
var wrapper = $(".input_fields_wrap"); //Fields wrapper
var add_button = $(".add_field_button"); //Add button ID
var x = 1; //initlal text box count
$(add_button).click(function(e){ //on add input button click
e.preventDefault();
if(x < max_fields){ //max input box allowed
x++; //text box increment
$(wrapper).append('<div><input type="text" name="cms_perm[]"/><a href="#" class="remove_field">Remove</a></div>'); //add input box
}
});
$(wrapper).on("click",".remove_field", function(e){ //user click on remove text
e.preventDefault(); $(this).parent('div').remove(); x--;
})
});
]"
end

203
modules/admin/handler/role/cms_role_handler.e Normal file
View File

@@ -0,0 +1,203 @@
note
description: "[
Handler for a CMS user in the CMS interface
]"
date: "$Date$"
revision: "$Revision$"
class
CMS_ROLE_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
rename
execute as uri_execute,
new_mapping as new_uri_mapping
end
WSF_URI_TEMPLATE_HANDLER
rename
execute as uri_template_execute,
new_mapping as new_uri_template_mapping
select
new_uri_template_mapping
end
WSF_RESOURCE_HANDLER_HELPER
redefine
do_get,
do_post,
do_delete
end
REFACTORING_HELPER
create
make
feature -- execute
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute_methods (req, res)
end
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
feature -- Query
role_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("id") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
local
l_role: detachable CMS_USER_ROLE
l_uid: INTEGER_64
edit_response: CMS_ROLE_FORM_RESPONSE
view_response: CMS_ROLE_VIEW_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/admin/role/") end
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/admin/role/") end
create edit_response.make (req, res, api)
edit_response.execute
else
-- Display existing node
l_uid := role_id_path_parameter (req)
if l_uid > 0 then
l_role := api.user_api.user_role_by_id (l_uid.to_integer)
if
l_role /= Void
then
create view_response.make (req, res, api)
view_response.execute
else
send_not_found (req, res)
end
else
create_new_role (req, res)
end
end
else
r.execute
end
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_ROLE_FORM_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/add/role") then
create edit_response.make (req, res, api)
edit_response.execute
end
else
r.execute
end
end
feature -- Error
do_error (req: WSF_REQUEST; res: WSF_RESPONSE; a_id: detachable WSF_STRING)
-- Handling error.
local
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
end
do_delete (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
do
if attached current_user (req) as l_user then
if attached {WSF_STRING} req.path_parameter ("id") as l_id then
if
l_id.is_integer and then
attached api.user_api.user_role_by_id (l_id.integer_value) as l_role
then
api.user_api.delete_role (l_role)
res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url ("")))
else
do_error (req, res, l_id)
end
else
(create {INTERNAL_SERVER_ERROR_CMS_RESPONSE}.make (req, res, api)).execute
end
else
send_access_denied (req, res)
end
end
feature {NONE} -- New User
create_new_role (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_ROLE_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/admin/add/role") then
create edit_response.make (req, res, api)
edit_response.execute
else
send_bad_request (req, res)
end
end
end

128
modules/admin/handler/user/cms_admin_users_handler.e Normal file
View File

@@ -0,0 +1,128 @@
note
description: "Summary description for {CMS_ADMIN_USER_HANDLER}."
date: "$Date$"
revision: "$Revision$"
class
CMS_ADMIN_USERS_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
rename
execute as uri_execute,
new_mapping as new_uri_mapping
end
WSF_URI_TEMPLATE_HANDLER
rename
execute as uri_template_execute,
new_mapping as new_uri_template_mapping
select
new_uri_template_mapping
end
WSF_RESOURCE_HANDLER_HELPER
redefine
do_get
end
REFACTORING_HELPER
create
make
feature -- execute
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute_methods (req, res)
end
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
local
l_response: CMS_RESPONSE
s: STRING
u: CMS_USER
l_page_helper: CMS_PAGINATION_GENERATOR
s_pager: STRING
l_count: INTEGER
user_api: CMS_USER_API
do
-- At the moment the template are hardcoded, but we can
-- get them from the configuration file and load them into
-- the setup class.
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
if l_response.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
user_api := api.user_api
l_count := user_api.users_count
create {GENERIC_VIEW_CMS_RESPONSE} l_response.make (req, res, api)
create s.make_empty
if l_count > 1 then
l_response.set_title ("Listing " + l_count.out + " Users")
else
l_response.set_title ("Listing " + l_count.out + " User")
end
create s_pager.make_empty
create l_page_helper.make ("admin/users/?page={page}&size={size}", user_api.users_count.as_natural_64, 25) -- FIXME: Make this default page size a global CMS settings
l_page_helper.get_setting_from_request (req)
if l_page_helper.has_upper_limit and then l_page_helper.pages_count > 1 then
l_page_helper.append_to_html (l_response, s_pager)
if l_page_helper.page_size > 25 then
s.append (s_pager)
end
end
if attached user_api.recent_users (create {CMS_DATA_QUERY_PARAMETERS}.make (l_page_helper.current_page_offset, l_page_helper.page_size)) as lst then
s.append ("<ul class=%"cms-users%">%N")
across
lst as ic
loop
u := ic.item
s.append ("<li class=%"cms_user%">")
s.append ("<a href=%"")
s.append (req.absolute_script_url ("/admin/user/"+u.id.out))
s.append ("%">")
s.append (u.name)
s.append ("</a>")
s.append ("</li>%N")
end
s.append ("</ul>%N")
end
-- Again the pager at the bottom, if needed
s.append (s_pager)
if l_response.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
s.append (l_response.link ("Add User", "admin/add/user", Void))
end
l_response.set_main_content (s)
l_response.execute
else
l_response.execute
end
end
end

114
modules/admin/handler/user/cms_role_view_response.e Normal file
View File

@@ -0,0 +1,114 @@
note
description: "Summary description for {CMS_ROLE_VIEW_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_ROLE_VIEW_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize
end
create
make
feature {NONE} -- Initialization
make (req: WSF_REQUEST; res: WSF_RESPONSE; a_api: like api;)
do
create {WSF_NULL_THEME} wsf_theme.make
Precursor (req, res, a_api)
end
initialize
do
Precursor
create {CMS_TO_WSF_THEME} wsf_theme.make (Current, theme)
end
wsf_theme: WSF_THEME
feature -- Query
role_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- Role id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("id") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- Execution
process
-- Computed response message.
local
uid: INTEGER_64
user_api : CMS_USER_API
do
user_api := api.user_api
uid := role_id_path_parameter (request)
if uid > 0 and then attached user_api.user_role_by_id (uid.to_integer) as l_role then
append_html_to_output (l_role, Current)
else
set_main_content ("Missing Role")
end
end
append_html_to_output (a_role: CMS_USER_ROLE; a_response: CMS_RESPONSE )
local
lnk: CMS_LOCAL_LINK
s: STRING
do
a_response.add_variable (a_role, "role")
create lnk.make (a_response.translation ("View", Void), "admin/role/" + a_role.id.out)
lnk.set_is_active (True)
lnk.set_weight (1)
a_response.add_to_primary_tabs (lnk)
create lnk.make (a_response.translation ("Edit", Void), "admin/role/" + a_role.id.out + "/edit")
lnk.set_weight (2)
a_response.add_to_primary_tabs (lnk)
if a_role /= Void and then a_role.id > 0 then
create lnk.make (a_response.translation ("Delete", Void), "admin/role/" + a_role.id.out + "/delete")
lnk.set_weight (3)
a_response.add_to_primary_tabs (lnk)
end
create s.make_empty
s.append ("<div class=%"info%"> ")
s.append ("<h4>Role Information</h4>")
s.append ("<p>Role:")
s.append (a_role.name)
s.append ("</p>")
s.append ("<h4>Permissions:</h4>")
if
not a_role.permissions.is_empty
then
s.append ("<ul class=%"cms-permissions%">%N")
across a_role.permissions as ic loop
s.append ("<li class=%"cms-permission%">"+ ic.item + "</li>%N")
end
s.append ("</ul>%N")
end
s.append ("</div>")
a_response.set_title (a_role.name)
a_response.set_main_content (s)
end
end

697
modules/admin/handler/user/cms_user_form_response.e Normal file
View File

@@ -0,0 +1,697 @@
note
description: "Summary description for {CMS_USER_FORM_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_FORM_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
end
create
make
feature {NONE} -- Initialization
make (req: WSF_REQUEST; res: WSF_RESPONSE; a_api: like api)
do
create {WSF_NULL_THEME} wsf_theme.make
Precursor (req, res, a_api)
end
initialize
do
Precursor
create {CMS_TO_WSF_THEME} wsf_theme.make (Current, theme)
end
wsf_theme: WSF_THEME
feature -- Query
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("id") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- Process
process
-- Computed response message.
local
b: STRING_8
uid: INTEGER_64
user_api: CMS_USER_API
do
user_api := api.user_api
create b.make_empty
uid := user_id_path_parameter (request)
if
uid > 0 and then
attached user_api.user_by_id (uid) as l_user
then
fixme ("refactor: process_edit, process_create process edit")
if
request.path_info.ends_with_general ("/edit")
then
edit_form (l_user)
elseif request.path_info.ends_with_general ("/delete") then
delete_form (l_user)
end
else
new_form
end
end
feature -- Process Edit
edit_form (a_user: CMS_USER)
local
f: like new_edit_form
b: STRING
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_edit_form (a_user, url (request.path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.submit_actions.extend (agent edit_form_submit (?, a_user, b))
f.process (Current)
fd := f.last_data
end
if a_user.has_id then
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("View", Void),"admin/user/" + a_user.id.out), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Edit", Void),"admin/user/" + a_user.id.out + "/edit"), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Delete", Void),"admin/user/" + a_user.id.out + "/delete"), primary_tabs)
end
if attached redirection as l_location then
-- FIXME: Hack for now
set_title (a_user.name)
b.append (html_encoded (a_user.name) + " saved")
else
set_title (formatted_string (translation ("Edit $1 #$2", Void), [a_user.name, a_user.id]))
f.append_to_html (wsf_theme, b)
end
set_main_content (b)
end
feature -- Process Delete
delete_form (a_user: CMS_USER)
local
f: like new_delete_form
b: STRING
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_delete_form (a_user, url (request.path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
fd := f.last_data
end
if a_user.has_id then
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("View", Void),"admin/user/" + a_user.id.out ), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Edit", Void),"admin/user/" + a_user.id.out + "/edit"), primary_tabs)
add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Delete", Void),"admin/user/" + a_user.id.out + "/delete"), primary_tabs)
end
if attached redirection as l_location then
-- FIXME: Hack for now
set_title (a_user.name)
b.append (html_encoded (a_user.name) + " deleted")
else
set_title (formatted_string (translation ("Delete $1 #$2", Void), [a_user.name, a_user.id]))
f.append_to_html (wsf_theme, b)
end
set_main_content (b)
end
feature -- Process New
new_form
local
f: like new_edit_form
b: STRING
fd: detachable WSF_FORM_DATA
l_user: detachable CMS_USER
do
create b.make_empty
f := new_edit_form (l_user, url (request.path_info, Void), "create-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent new_form_validate (?, b))
f.submit_actions.extend (agent edit_form_submit (?, l_user, b))
f.process (Current)
fd := f.last_data
end
if attached redirection as l_location then
-- FIXME: Hack for now
if attached l_user then
set_title (l_user.name)
b.append (html_encoded (l_user.name) + " Saved")
end
else
if attached l_user then
set_title (formatted_string (translation ("Saved $1 #$2", Void), [l_user.name, l_user.id]))
end
f.append_to_html (wsf_theme, b)
end
set_main_content (b)
end
feature -- Form
edit_form_submit (fd: WSF_FORM_DATA; a_user: detachable CMS_USER; b: STRING)
local
l_update_roles: BOOLEAN
l_update_user: BOOLEAN
l_save_user: BOOLEAN
l_user: detachable CMS_USER
s: STRING
lnk: CMS_LINK
do
l_update_roles := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Update user role")
if l_update_roles then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
end
b.append ("</li>")
end
end
if a_user /= Void then
l_user := a_user
if l_user.has_id then
create {CMS_LOCAL_LINK}lnk.make (translation ("View", Void),"admin/user/" + l_user.id.out )
change_user (fd, a_user)
s := "modified"
set_redirection (lnk.location)
end
end
end
l_update_user := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Update user")
if l_update_user then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
end
b.append ("</li>")
end
end
if a_user /= Void then
l_user := a_user
if l_user.has_id then
change_user (fd, a_user)
s := "modified"
end
end
end
l_save_user := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Create user")
if l_save_user then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
end
b.append ("</li>")
end
end
create_user (fd)
end
end
new_edit_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for uSER `a_YSER' (if set), using form action url `a_url'.
local
f: CMS_FORM
th: WSF_FORM_HIDDEN_INPUT
do
create f.make (a_url, a_name)
create th.make ("user-id")
if a_user /= Void then
th.set_text_value (a_user.id.out)
else
th.set_text_value ("0")
end
f.extend (th)
populate_form (f, a_user)
Result := f
end
new_form_validate (fd: WSF_FORM_DATA; b: STRING)
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if attached fd.string_item ("username") as l_username then
if attached api.user_api.user_by_name (l_username) then
fd.report_invalid_field ("username", "Username already taken!")
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end
new_delete_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for node `a_user' (if set), using form action url `a_url'.
local
f: CMS_FORM
ts: WSF_FORM_SUBMIT_INPUT
do
create f.make (a_url, a_name)
f.extend_html_text ("<br/>")
f.extend_html_text ("<legend>Are you sure you want to delete?</legend>")
-- TODO check if we need to check for has_permissions!!
if
a_user /= Void and then
a_user.has_id
then
create ts.make ("op")
ts.set_default_value ("Delete")
fixme ("[
ts.set_default_value (translation ("Delete"))
]")
f.extend (ts)
create ts.make ("op")
ts.set_default_value ("Cancel")
ts.set_formmethod ("GET")
ts.set_formaction ("/admin/user/" + a_user.id.out)
f.extend (ts)
end
Result := f
end
populate_form (a_form: WSF_FORM; a_user: detachable CMS_USER)
-- Fill the web form `a_form' with data from `a_node' if set,
-- and apply this to content type `a_content_type'.
local
ti: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
cb: WSF_FORM_CHECKBOX_INPUT
ts: WSF_FORM_SUBMIT_INPUT
do
if attached a_user as l_user then
create fs.make
fs.set_legend ("Basic User Account Information")
fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
fs.extend_html_text (l_user.name)
if attached l_user.email as l_email then
create fe.make_with_text ("email", l_email)
else
create fe.make_with_text ("email", "")
end
fe.set_label ("Email")
fe.enable_required
fs.extend (fe)
a_form.extend (fs)
a_form.extend_html_text ("<br/>")
create ts.make ("op")
ts.set_default_value ("Update user")
a_form.extend (ts)
a_form.extend_html_text ("<hr>")
create fs.make
fs.set_legend ("User Roles")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (l_user) as u_roles and then
not u_roles.is_empty
then
u_roles.compare_objects
across api.user_api.roles as ic loop
if u_roles.has (ic.item) then
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_checked (True)
cb.set_label (ic.item.name)
fs.extend (cb)
else
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
end
else
across api.user_api.roles as ic loop
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
end
a_form.extend (fs)
create ts.make ("op")
ts.set_default_value ("Update user role")
a_form.extend (ts)
else
create fs.make
fs.set_legend ("Basic User Account Information")
create ti.make ("username")
ti.set_label ("Username")
ti.enable_required
fs.extend (ti)
create fe.make_with_text ("email", "")
fe.set_label ("Email")
fe.enable_required
fs.extend (fe)
a_form.extend (fs)
a_form.extend_html_text ("<br/>")
create ts.make ("op")
ts.set_default_value ("Create user")
a_form.extend (ts)
a_form.extend_html_text ("<hr>")
end
end
change_user (a_form_data: WSF_FORM_DATA; a_user: CMS_USER)
-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
local
l_uroles: LIST [CMS_USER_ROLE]
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Update user role") then
if attached a_form_data.string_item ("user-id") as l_user_id and then
attached {CMS_USER} api.user_api.user_by_id (l_user_id.to_integer) as l_user
then
l_uroles := api.user_api.user_roles (l_user)
l_uroles.compare_objects
if attached {WSF_STRING} a_form_data.item ("cms_roles") as l_role then
if attached api.user_api.user_role_by_id (l_role.integer_value) as role then
if not l_uroles.has (role) then
api.user_api.assign_role_to_user (role, a_user)
end
end
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_roles") as l_roles then
across l_roles as ic loop
if attached api.user_api.user_role_by_id (ic.item.integer_value) as role then
if not l_uroles.has (role) then
api.user_api.assign_role_to_user (role, a_user)
end
end
end
else
across api.user_api.roles as ic loop
api.user_api.unassign_role_from_user (ic.item, a_user)
end
end
add_success_message ("Roles updated")
else
a_form_data.report_error ("Missing User")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if
attached a_form_data.string_item ("user-id") as l_user_id and then
attached {CMS_USER} api.user_api.user_by_id (l_user_id.to_integer) as l_user
then
if
attached a_form_data.string_item ("email") as l_email
then
if
attached l_user.email as u_email and then
not u_email.is_case_insensitive_equal_general (l_email) and then
api.user_api.user_by_email (l_email) = Void
then
-- Valid email
a_user.set_email (l_email)
else
if attached l_user.email as u_email and then not u_email.is_case_insensitive_equal_general (l_email) then
a_form_data.report_invalid_field ("email", "Email already exist!")
end
end
if not a_form_data.has_error then
api.user_api.update_user (a_user)
add_success_message ("Updated basic info")
end
end
end
end
end
end
create_user (a_form_data: WSF_FORM_DATA)
local
u: CMS_USER
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if
attached a_form_data.string_item ("username") as l_username and then
attached a_form_data.string_item ("email") as l_email and then
l_email.is_valid_as_string_8
then
create u.make (l_username)
u.set_email (l_email.as_string_8)
u.set_password (new_random_password (u))
api.user_api.new_user (u)
if api.user_api.has_error then
-- handle error
else
add_success_message ("Created user")
end
else
a_form_data.report_invalid_field ("username", "Missing username!")
a_form_data.report_invalid_field ("email", "Missing email address!")
end
end
end
end
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
handle_admin_hack (a_api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
s: STRING
r: CMS_RESPONSE
f: CMS_FORM
t: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
f_submit: WSF_FORM_SUBMIT_INPUT
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_api)
create f.make (req.percent_encoded_path_info, {CMS_ADMIN_MODULE}.name + "_hack_form")
create fs.make
fs.set_legend ("Create new user without password:")
create t.make_with_text ("username", "")
t.set_label ("User name")
t.enable_required
t.set_placeholder ("username")
fs.extend (t)
create fe.make_with_text ("email", "")
fe.set_label ("Email")
fe.set_placeholder ("valid email")
fs.extend (fe)
create f_submit.make_with_text ("op", "Create user")
fs.extend (f_submit)
create f_submit.make_with_text ("op", "Update user")
fs.extend (f_submit)
f.extend (fs)
if req.is_post_request_method then
create s.make_empty
f.validation_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API)
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if attached fd.string_item ("username") as l_username then
if attached ia_api.user_api.user_by_name (l_username) then
fd.report_invalid_field ("username", "Username already taken!")
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached ia_api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if ia_api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end(?, a_api)
)
f.submit_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API; a_output: STRING)
local
u: CMS_USER
l_roles: detachable LIST [CMS_USER_ROLE]
l_trusted_user_role: detachable CMS_USER_ROLE
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if
attached fd.string_item ("username") as l_username and then
attached fd.string_item ("email") as l_email and then
l_email.is_valid_as_string_8
then
create u.make (l_username)
u.set_email (l_email.as_string_8)
u.set_password (new_random_password (u))
ia_api.user_api.new_user (u)
if ia_api.user_api.has_error then
end
a_output.append ("<li>New user ["+ html_encoded (l_username) +"] created.</li>")
else
fd.report_invalid_field ("username", "Missing username!")
fd.report_invalid_field ("email", "Missing email address!")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if
attached fd.string_item ("username") as l_username and then
attached ia_api.user_api.user_by_name (l_username) as l_user
then
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role = Void then
create l_trusted_user_role.make ("trusted")
ia_api.user_api.save_user_role (l_trusted_user_role)
end
l_trusted_user_role.add_permission ("admin wdocs")
l_trusted_user_role.add_permission ("edit wdocs page")
l_trusted_user_role.add_permission ("create wdocs page")
l_trusted_user_role.add_permission ("delete wdocs page")
l_trusted_user_role.add_permission ("edit any wdocs page")
l_trusted_user_role.add_permission ("delete any wdocs page")
l_trusted_user_role.add_permission ("clear wdocs cache")
l_trusted_user_role.add_permission ("create page")
l_trusted_user_role.add_permission ("edit any page")
l_trusted_user_role.add_permission ("delete any page")
l_trusted_user_role.add_permission ("create blog")
l_trusted_user_role.add_permission ("edit any blog")
l_trusted_user_role.add_permission ("delete any blog")
l_trusted_user_role.add_permission ("edit any node")
l_trusted_user_role.add_permission ("delete any node")
ia_api.user_api.save_user_role (l_trusted_user_role)
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role /= Void then
u := l_user
ia_api.user_api.update_user (u)
l_roles := u.roles
if l_roles = Void then
create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1)
end
l_roles.force (l_trusted_user_role)
u.set_roles (l_roles)
ia_api.user_api.update_user (u)
a_output.append ("<li>User ["+ html_encoded (l_username) +"] updated.</li>")
else
a_output.append ("<li>User ["+ html_encoded (l_username) +"] NOT updated! [ERROR].</li>")
end
else
fd.report_invalid_field ("username", "User does not exist!")
end
end
end
end(?, a_api, s)
)
f.process (r)
f.append_to_html (create {CMS_TO_WSF_THEME}.make (r, r.theme), s)
r.set_main_content (s)
elseif req.is_get_head_request_method then
create s.make_empty
f.append_to_html (create {CMS_TO_WSF_THEME}.make (r, r.theme), s)
r.set_main_content (s)
end
r.execute
end
new_random_password (u: CMS_USER): STRING
-- Generate a new token activation token
local
l_token: STRING
l_security: SECURITY_PROVIDER
l_encode: URL_ENCODER
do
create l_security
l_token := l_security.token
create l_encode
from until l_token.same_string (l_encode.encoded_string (l_token)) loop
-- Loop ensure that we have a security token that does not contain characters that need encoding.
-- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
-- but the user will need to use an unencoded token if activation has to be done manually.
l_token := l_security.token
end
Result := l_token + url_encoded (u.name) + u.creation_date.out
end
end

203
modules/admin/handler/user/cms_user_handler.e Normal file
View File

@@ -0,0 +1,203 @@
note
description: "[
Handler for a CMS user in the CMS interface
]"
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
rename
execute as uri_execute,
new_mapping as new_uri_mapping
end
WSF_URI_TEMPLATE_HANDLER
rename
execute as uri_template_execute,
new_mapping as new_uri_template_mapping
select
new_uri_template_mapping
end
WSF_RESOURCE_HANDLER_HELPER
redefine
do_get,
do_post,
do_delete
end
REFACTORING_HELPER
create
make
feature -- execute
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute_methods (req, res)
end
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
feature -- Query
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("id") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
local
l_user: detachable CMS_USER
l_uid: INTEGER_64
edit_response: CMS_USER_FORM_RESPONSE
view_response: CMS_USER_VIEW_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
else
-- Display existing node
l_uid := user_id_path_parameter (req)
if l_uid > 0 then
l_user := api.user_api.user_by_id (l_uid)
if
l_user /= Void
then
create view_response.make (req, res, api)
view_response.execute
else
send_not_found (req, res)
end
else
create_new_user (req, res)
end
end
else
r.execute
end
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_USER_FORM_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
end
else
r.execute
end
end
feature -- Error
do_error (req: WSF_REQUEST; res: WSF_RESPONSE; a_id: detachable WSF_STRING)
-- Handling error.
local
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
end
do_delete (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
do
if attached current_user (req) as l_user then
if attached {WSF_STRING} req.path_parameter ("id") as l_id then
if
l_id.is_integer and then
attached api.user_api.user_by_id (l_id.integer_value) as u_user
then
api.user_api.delete_user(u_user)
res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url ("")))
else
do_error (req, res, l_id)
end
else
(create {INTERNAL_SERVER_ERROR_CMS_RESPONSE}.make (req, res, api)).execute
end
else
send_access_denied (req, res)
end
end
feature {NONE} -- New User
create_new_user (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_USER_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/admin/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
else
send_bad_request (req, res)
end
end
end

124
modules/admin/handler/user/cms_user_view_response.e Normal file
View File

@@ -0,0 +1,124 @@
note
description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_VIEW_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize
end
create
make
feature {NONE} -- Initialization
make (req: WSF_REQUEST; res: WSF_RESPONSE; a_api: like api;)
do
create {WSF_NULL_THEME} wsf_theme.make
Precursor (req, res, a_api)
end
initialize
do
Precursor
create {CMS_TO_WSF_THEME} wsf_theme.make (Current, theme)
end
wsf_theme: WSF_THEME
feature -- Query
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("id") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- Execution
process
-- Computed response message.
local
uid: INTEGER_64
user_api : CMS_USER_API
do
user_api := api.user_api
uid := user_id_path_parameter (request)
if uid > 0 and then attached user_api.user_by_id (uid) as l_user then
append_html_to_output (l_user, Current)
else
set_main_content ("Missing User")
end
end
append_html_to_output (a_user: CMS_USER; a_response: CMS_RESPONSE )
local
lnk: CMS_LOCAL_LINK
s: STRING
do
a_response.add_variable (a_user, "user")
create lnk.make (a_response.translation ("View", Void), "admin/user/" + a_user.id.out)
lnk.set_is_active (True)
lnk.set_weight (1)
a_response.add_to_primary_tabs (lnk)
create lnk.make (a_response.translation ("Edit", Void), "admin/user/" + a_user.id.out + "/edit")
lnk.set_weight (2)
a_response.add_to_primary_tabs (lnk)
if a_user /= Void and then a_user.id > 0 then
create lnk.make (a_response.translation ("Delete", Void), "admin/user/" + a_user.id.out + "/delete")
lnk.set_weight (3)
a_response.add_to_primary_tabs (lnk)
end
create s.make_empty
s.append ("<div class=%"info%"> ")
s.append ("<h4>Account Information</h4>")
s.append ("<p>UserName:")
s.append (a_user.name)
s.append ("</p>")
if attached a_user.email as l_email then
s.append ("<p>Email:")
s.append (l_email)
s.append ("</p>")
end
s.append ("<h4>User Role:</h4>")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (a_user) as l_roles and then
not l_roles.is_empty
then
across l_roles as ic loop
s.append ("<i>")
s.append (ic.item.name)
s.append ("</i>")
s.append ("<h5>Permissions:</h5>")
s.append ("<ul class=%"cms-permissions%">%N")
across ic.item.permissions as c loop
s.append ("<li class=%"cms-permission%">"+ c.item + "</li>%N")
end
s.append ("</ul>%N")
end
end
s.append ("</div>")
a_response.set_title (a_user.name)
a_response.set_main_content (s)
end
end