Added delete option as a tab only if the current user has permissions to delete the

current resource

modules/node/handler/cms_node_type_webform_manager.e

@@ -192,7 +192,7 @@ feature -- Output
 				a_node /= Void and then
 				a_node.id > 0 and then
 				attached node_api.node_type_for (a_node) as l_type and then
-				a_response.has_permission ("delete " + node_api.permission_scope (a_response.current_user (a_response.request), a_node) + " " + l_type.name)
+				node_api.has_permission_for_action_on_node ("delete", a_node, a_response.current_user (a_response.request))
 			then
 				create lnk.make ("Delete", node_api.node_path (a_node) + "/delete")
 				lnk.set_weight (3)

modules/node/handler/node_form_response.e

@@ -48,7 +48,11 @@ feature -- Execution
 				attached node_api.node (nid) as l_node
 			then
 				if attached node_api.node_type_for (l_node) as l_type then
-					if node_api.has_permission_for_action_on_node ("edit", l_node, current_user (request)) then
+ 					fixme ("refactor: process_edit, process_create porcess edit")
+ 					if
+						request.path_info.ends_with_general ("/edit") and then
+						node_api.has_permission_for_action_on_node ("edit", l_node, current_user (request))
+					then
 						f := new_edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
 						invoke_form_alter (f, fd)
 						if request.is_post_request_method then
@@ -71,6 +75,30 @@ feature -- Execution
 							set_title (formatted_string (translation ("Edit $1 #$2", Void), [l_type.title, l_node.id]))
 							f.append_to_html (wsf_theme, b)
 						end
+					elseif
+						request.path_info.ends_with_general ("/delete") and then
+						node_api.has_permission_for_action_on_node ("delete", l_node, current_user (request))
+					then
+						f := new_delete_form (l_node, url (request.path_info, Void), "delete-" + l_type.name, l_type)
+						invoke_form_alter (f, fd)
+						if request.is_post_request_method then
+							f.process (Current)
+							fd := f.last_data
+						end
+						if l_node.has_id then
+							add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("View", Void), node_url (l_node)), primary_tabs)
+							add_to_menu (create {CMS_LOCAL_LINK}.make (translation ("Edit", Void), "/node/" + l_node.id.out + "/edit"), primary_tabs)
+							add_to_menu (create {CMS_LOCAL_LINK}.make ("Delete", "/node/" + l_node.id.out + "/delete"), primary_tabs)
+						end
+
+						if attached redirection as l_location then
+								-- FIXME: Hack for now
+							set_title (l_node.title)
+							b.append (html_encoded (l_type.title) + " deleted")
+						else
+							set_title (formatted_string (translation ("Delete $1 #$2", Void), [l_type.title, l_node.id]))
+							f.append_to_html (wsf_theme, b)
+						end
 					else
 						b.append ("<h1>")
 						b.append (translation ("Access denied", Void))
@@ -244,10 +272,25 @@ feature -- Form
 			ts.set_default_value ("Preview")
 			f.extend (ts)
 
+			Result := f
+		end
+
+
+	new_delete_form (a_node: detachable CMS_NODE; a_url: READABLE_STRING_8; a_name: STRING; a_node_type: CMS_NODE_TYPE [CMS_NODE]): CMS_FORM
+			-- Create a web form named `a_name' for node `a_node' (if set), using form action url `a_url', and for type of node `a_node_type'.
+		local
+			f: CMS_FORM
+			ts: WSF_FORM_SUBMIT_INPUT
+		do
+			create f.make (a_url, a_name)
+
+			f.extend_html_text ("<br/>")
+			f.extend_html_text ("<legend>Are you sure you want to delete?</legend>")
+
+				-- TODO check if we need to check for has_permissions!!
 			if
 				a_node /= Void and then
-				a_node.id > 0 and then
+				a_node.id > 0
-				has_permission ("delete " + a_name)
 			then
 				create ts.make ("op")
 				ts.set_default_value ("Delete")
@@ -255,6 +298,8 @@ feature -- Form
 					ts.set_default_value (translation ("Delete"))
 					]")
 				f.extend (ts)
+				fixme ("wsf_html: add support for HTML5 input attributes!!! ")
+				f.extend_html_text("<input type='submit' value='Cancel' formmethod='GET', formaction='/node/"+a_node.id.out+"'>" )
 			end
 
 			Result := f

modules/node/handler/node_handler.e

@@ -89,6 +89,10 @@ feature -- HTTP Methods
 				check valid_url: req.path_info.starts_with_general ("/node/") end
 				create edit_response.make (req, res, api, node_api)
 				edit_response.execute
+			elseif req.path_info.ends_with_general ("/delete")  then
+				check valid_url: req.path_info.starts_with_general ("/node/") end
+				create edit_response.make (req, res, api, node_api)
+				edit_response.execute
 			else
 					-- Display existing node
 				l_nid := node_id_path_parameter (req)
@@ -116,14 +120,14 @@ feature -- HTTP Methods
 		do
 			fixme ("Refactor code: extract methods: edit_node and add_node")
 			if req.path_info.ends_with_general ("/edit") then
+				create edit_response.make (req, res, api, node_api)
+				edit_response.execute
+			elseif req.path_info.ends_with_general ("/delete") then
 				if
 					attached {WSF_STRING} req.form_parameter ("op") as l_op and then
 					l_op.value.same_string ("Delete")
 				then
 					do_delete (req, res)
-				else
-					create edit_response.make (req, res, api, node_api)
-					edit_response.execute
 				end
 			elseif req.path_info.starts_with_general ("/node/add/") then
 				create edit_response.make (req, res, api, node_api)

modules/node/node_module.e

@@ -135,6 +135,7 @@ feature -- Access: router
 
 			a_router.handle_with_request_methods ("/node/add/{type}", l_node_handler, a_router.methods_get_post)
 			a_router.handle_with_request_methods ("/node/{id}/edit", l_node_handler, a_router.methods_get_post)
+			a_router.handle_with_request_methods ("/node/{id}/delete", l_node_handler, a_router.methods_get_post)
 
 			a_router.handle_with_request_methods ("/node/{id}", l_node_handler, a_router.methods_get)
 				-- For now: no REST API handling... a_router.methods_get_put_delete + a_router.methods_get_post)