diff --git a/modules/node/handler/cms_node_type_webform_manager.e b/modules/node/handler/cms_node_type_webform_manager.e index eda76d9..5d991e9 100644 --- a/modules/node/handler/cms_node_type_webform_manager.e +++ b/modules/node/handler/cms_node_type_webform_manager.e @@ -192,7 +192,7 @@ feature -- Output a_node /= Void and then a_node.id > 0 and then attached node_api.node_type_for (a_node) as l_type and then - a_response.has_permission ("delete " + node_api.permission_scope (a_response.current_user (a_response.request), a_node) + " " + l_type.name) + node_api.has_permission_for_action_on_node ("delete", a_node, a_response.current_user (a_response.request)) then create lnk.make ("Delete", node_api.node_path (a_node) + "/delete") lnk.set_weight (3) diff --git a/modules/node/handler/node_form_response.e b/modules/node/handler/node_form_response.e index 40b14dd..598a09b 100644 --- a/modules/node/handler/node_form_response.e +++ b/modules/node/handler/node_form_response.e @@ -48,7 +48,11 @@ feature -- Execution attached node_api.node (nid) as l_node then if attached node_api.node_type_for (l_node) as l_type then - if node_api.has_permission_for_action_on_node ("edit", l_node, current_user (request)) then + fixme ("refactor: process_edit, process_create porcess edit") + if + request.path_info.ends_with_general ("/edit") and then + node_api.has_permission_for_action_on_node ("edit", l_node, current_user (request)) + then f := new_edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type) invoke_form_alter (f, fd) if request.is_post_request_method then @@ -71,6 +75,30 @@ feature -- Execution set_title (formatted_string (translation ("Edit $1 #$2", Void), [l_type.title, l_node.id])) f.append_to_html (wsf_theme, b) end + elseif + request.path_info.ends_with_general ("/delete") and then + node_api.has_permission_for_action_on_node ("delete", l_node, current_user (request)) + then + f := new_delete_form (l_node, url (request.path_info, Void), "delete-" + l_type.name, l_type) + invoke_form_alter (f, fd) + if request.is_post_request_method then + f.process (Current) + fd := f.last_data + end + if l_node.has_id then + add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("View", Void), node_url (l_node)), primary_tabs) + add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Edit", Void), "/node/" + l_node.id.out + "/edit"), primary_tabs) + add_to_menu (create {CMS_LOCAL_LINK}.make ("Delete", "/node/" + l_node.id.out + "/delete"), primary_tabs) + end + + if attached redirection as l_location then + -- FIXME: Hack for now + set_title (l_node.title) + b.append (html_encoded (l_type.title) + " deleted") + else + set_title (formatted_string (translation ("Delete $1 #$2", Void), [l_type.title, l_node.id])) + f.append_to_html (wsf_theme, b) + end else b.append ("

") b.append (translation ("Access denied", Void)) @@ -244,10 +272,25 @@ feature -- Form ts.set_default_value ("Preview") f.extend (ts) + Result := f + end + + + new_delete_form (a_node: detachable CMS_NODE; a_url: READABLE_STRING_8; a_name: STRING; a_node_type: CMS_NODE_TYPE [CMS_NODE]): CMS_FORM + -- Create a web form named `a_name' for node `a_node' (if set), using form action url `a_url', and for type of node `a_node_type'. + local + f: CMS_FORM + ts: WSF_FORM_SUBMIT_INPUT + do + create f.make (a_url, a_name) + + f.extend_html_text ("
") + f.extend_html_text ("Are you sure you want to delete?") + + -- TODO check if we need to check for has_permissions!! if a_node /= Void and then - a_node.id > 0 and then - has_permission ("delete " + a_name) + a_node.id > 0 then create ts.make ("op") ts.set_default_value ("Delete") @@ -255,6 +298,8 @@ feature -- Form ts.set_default_value (translation ("Delete")) ]") f.extend (ts) + fixme ("wsf_html: add support for HTML5 input attributes!!! ") + f.extend_html_text("" ) end Result := f diff --git a/modules/node/handler/node_handler.e b/modules/node/handler/node_handler.e index de50f39..5ef662d 100644 --- a/modules/node/handler/node_handler.e +++ b/modules/node/handler/node_handler.e @@ -89,6 +89,10 @@ feature -- HTTP Methods check valid_url: req.path_info.starts_with_general ("/node/") end create edit_response.make (req, res, api, node_api) edit_response.execute + elseif req.path_info.ends_with_general ("/delete") then + check valid_url: req.path_info.starts_with_general ("/node/") end + create edit_response.make (req, res, api, node_api) + edit_response.execute else -- Display existing node l_nid := node_id_path_parameter (req) @@ -116,14 +120,14 @@ feature -- HTTP Methods do fixme ("Refactor code: extract methods: edit_node and add_node") if req.path_info.ends_with_general ("/edit") then + create edit_response.make (req, res, api, node_api) + edit_response.execute + elseif req.path_info.ends_with_general ("/delete") then if attached {WSF_STRING} req.form_parameter ("op") as l_op and then l_op.value.same_string ("Delete") then do_delete (req, res) - else - create edit_response.make (req, res, api, node_api) - edit_response.execute end elseif req.path_info.starts_with_general ("/node/add/") then create edit_response.make (req, res, api, node_api) diff --git a/modules/node/node_module.e b/modules/node/node_module.e index 65b07f1..2f49c9c 100644 --- a/modules/node/node_module.e +++ b/modules/node/node_module.e @@ -135,6 +135,7 @@ feature -- Access: router a_router.handle_with_request_methods ("/node/add/{type}", l_node_handler, a_router.methods_get_post) a_router.handle_with_request_methods ("/node/{id}/edit", l_node_handler, a_router.methods_get_post) + a_router.handle_with_request_methods ("/node/{id}/delete", l_node_handler, a_router.methods_get_post) a_router.handle_with_request_methods ("/node/{id}", l_node_handler, a_router.methods_get) -- For now: no REST API handling... a_router.methods_get_put_delete + a_router.methods_get_post)