backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed obsolete calls, harmonized predefine response, added non admin user pages.

Browse Source 
When access is denied, also provide when possible and wanted, the needed
permissions so that in the future, user will be able to ask for
permission easily.
Renamed previous user handlers as admin user handlers.
Added non admin user handler /user/{uid} .
Add new `send_...` response to `CMS_API.response_api`, and use them
instead of `create {...RESPONSE}.... ; execute`.
Fixed potential issue with storage mailer initialization if folder does
not exist.
Added utf_8_encoded helpers function on CMS_API interface.
Fixed a few unicode potential issues.
Removed a few obsolete calls.
This commit is contained in:
Jocelyn Fiat
2017-06-09 09:29:41 +02:00
parent 359344c9dd
commit 78ef7af5f8
73 changed files with 903 additions and 343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/admin/cms_admin_module_administration.e
View File

@@ -51,7 +51,7 @@ feature {NONE} -- Router/administration
l_roles_handler: CMS_ADMIN_ROLES_HANDLER
l_formats_handler: CMS_ADMIN_FORMATS_HANDLER
l_user_handler: CMS_USER_HANDLER
l_user_handler: CMS_ADMIN_USER_HANDLER
l_role_handler: CMS_ROLE_HANDLER
l_admin_logs_handler: CMS_LOGS_HANDLER

8
modules/admin/handler/cms_admin_cache_handler.e
View File

@@ -47,10 +47,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_custom_access_denied (Void, <<"admin cache">>, req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -77,10 +77,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_custom_access_denied (Void, <<"admin cache">>, req, res)
end
l_response.execute
end
feature -- Widget

8
modules/admin/handler/cms_admin_export_handler.e
View File

@@ -47,10 +47,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -92,10 +92,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
feature -- Widget

12
modules/admin/handler/cms_admin_handler.e
View File

@@ -3,7 +3,7 @@ note
handler for CMS admin in the CMS interface.
TODO: implement REST API.
]"
]"
date: "$Date$"
revision: "$Revision$"
@@ -64,12 +64,11 @@ feature -- HTTP Methods
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if api.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
r.execute
else
r.execute
send_access_denied (req, res)
end
end
@@ -77,12 +76,11 @@ feature -- HTTP Methods
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if api.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
r.execute
else
r.execute
send_access_denied (req, res)
end
end

9
modules/admin/handler/cms_admin_import_handler.e
View File

@@ -47,10 +47,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -99,11 +99,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
feature -- Widget

19
modules/admin/handler/cms_admin_modules_handler.e
View File

@@ -60,8 +60,7 @@ feature -- Execution
l_denied := True
end
if l_denied then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You do not have permission to access CMS module uninstallation procedure!")
send_custom_access_denied ("You do not have permission to access CMS module uninstallation procedure!", Void, req, res)
else
create s.make_empty
across
@@ -82,8 +81,8 @@ feature -- Execution
end
s.append (r.link ("Back to modules management", r.location, Void))
r.set_main_content (s)
r.execute
end
r.execute
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
create s.make_empty
@@ -119,8 +118,7 @@ feature -- Execution
l_denied := True
end
if l_denied then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You do not have permission to access CMS module installation procedure!")
send_custom_access_denied ("You do not have permission to access CMS module installation procedure!", Void, req, res)
else
f := modules_to_install_collection_web_form (r)
f.submit_actions.extend (agent on_installation_submit)
@@ -138,8 +136,8 @@ feature -- Execution
r.add_notice_message ("Operation on module(s) succeeded.")
r.set_redirection (r.location)
end
r.execute
end
r.execute
elseif l_op.same_string ("Update status") then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if api.has_permission ("admin module") then
@@ -159,15 +157,12 @@ feature -- Execution
r.add_notice_message ("Operation on module(s) succeeded.")
r.set_redirection (r.location)
end
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You do not have permission to administrate CMS modules!")
send_custom_access_denied ("You do not have permission to administrate CMS modules!", Void, req, res)
end
r.execute
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
send_bad_request (req, res)
end
else
do_get (req, res)

10
modules/admin/handler/cms_admin_path_alias_handler.e
View File

@@ -81,10 +81,10 @@ feature -- Execution
s.append ("</ul>")
end
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -114,11 +114,11 @@ feature -- Execution
l_response.set_redirection (l_response.location)
l_response.set_redirection_delay (3)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
l_response.set_redirection (l_response.location)
send_access_denied (req, res)
-- CHECK: set redirection?
end
l_response.execute
end
end

12
modules/admin/handler/format/cms_admin_formats_handler.e
View File

@@ -152,8 +152,8 @@ feature -- View/edit Format
i := i + 1
l_name := f_ic.item.name
l_all_filters.force (f_ic.item, l_name)
create cb.make_with_value ("filters[" + l_name + "]", l_name)
cb.set_title (f_ic.item.title)
create cb.make_with_value ("filters[" + l_name + "]", l_name.to_string_32)
cb.set_title (f_ic.item.title.to_string_32)
cb.set_checked (True)
create hf.make_with_text ("filter_weight[" + l_name + "]", i.out)
@@ -178,8 +178,8 @@ feature -- View/edit Format
l_name := f_ic.item.name
if l_all_filters.has (l_name) then
else
create cb.make_with_value ("filters[" + l_name + "]", l_name)
cb.set_title (f_ic.item.title)
create cb.make_with_value ("filters[" + l_name + "]", l_name.to_string_32)
cb.set_title (f_ic.item.title.to_string_32)
create ftb_row.make (2)
ftb.add_row (ftb_row)
ftb_row.add_widget (cb)
@@ -195,8 +195,8 @@ feature -- View/edit Format
api.content_types as ct_ic
loop
l_name := ct_ic.item.name
create cb.make_with_value ("content_types[]", l_name)
cb.set_title (l_name)
create cb.make_with_value ("content_types[]", l_name.to_string_32)
cb.set_title (l_name.to_string_32)
if f /= Void and then ct_ic.item.has_format (f.name) then
cb.set_checked (True)
end

7
modules/admin/handler/logs/cms_logs_handler.e
View File

@@ -63,7 +63,7 @@ feature -- HTTP Methods
l_logs: LIST [CMS_LOG]
l_log: CMS_LOG
r: CMS_RESPONSE
l_cat: detachable READABLE_STRING_8
l_cat: detachable READABLE_STRING_32
l_lower: INTEGER
l_count: INTEGER
b: STRING
@@ -104,11 +104,10 @@ feature -- HTTP Methods
r.set_main_content (b)
r.set_page_title ("Logs ...")
r.set_title ("Logs")
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
send_access_denied (req, res)
end
r.execute
end
end

16
modules/admin/handler/role/cms_role_form_response.e
View File

@@ -348,9 +348,9 @@ feature -- Form
fs.extend (lab)
string_sorter.sort (l_permissions)
across l_permissions as ic loop
create cb.make_with_value ("cms_permissions", ic.item)
create cb.make_with_value ("cms_permissions", ic.item.to_string_32)
cb.set_checked (across l_role_permissions as rp_ic some rp_ic.item.is_case_insensitive_equal (ic.item) end)
cb.set_title (ic.item)
cb.set_title (ic.item.to_string_32)
fs.extend (cb)
end
end
@@ -389,7 +389,7 @@ feature -- Form
update_role (a_form_data: WSF_FORM_DATA; a_role: CMS_USER_ROLE)
-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
local
l_perm: READABLE_STRING_8
l_perm: READABLE_STRING_GENERAL
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Update role") then
@@ -400,16 +400,16 @@ feature -- Form
then
if attached {WSF_STRING} a_form_data.item ("cms_permissions") as u_role then
a_role.permissions.wipe_out
a_role.add_permission (u_role.value)
a_role.add_permission (api.utf_8_encoded (u_role.value)) -- TODO: utf-8 or require valid string 8?
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_permissions") as u_permissions then
a_role.permissions.wipe_out
-- Enable checked permissions.
across
u_permissions as ic
loop
l_perm := ic.item.value.as_string_8
l_perm := ic.item.value
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
a_role.add_permission (api.utf_8_encoded (l_perm)) -- TODO: utf-8 or require valid string 8?
end
end
else
@@ -421,9 +421,9 @@ feature -- Form
l_cms_perms.values as ic
loop
if attached {WSF_STRING} ic.item as p then
l_perm := p.value.as_string_8
l_perm := p.value
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
a_role.add_permission (api.utf_8_encoded (l_perm))
end
end
end

13
modules/admin/handler/role/cms_role_handler.e
View File

@@ -81,10 +81,8 @@ feature -- HTTP Methods
l_uid: INTEGER_64
edit_response: CMS_ROLE_FORM_RESPONSE
view_response: CMS_ROLE_VIEW_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin roles") then
if api.has_permission ("admin roles") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general (api.administration_path ("/role/")) end
create edit_response.make (req, res, api)
@@ -111,18 +109,15 @@ feature -- HTTP Methods
end
end
else
r.execute
send_access_denied (req, res)
end
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_ROLE_FORM_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin roles") then
if api.has_permission ("admin roles") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
@@ -138,7 +133,7 @@ feature -- HTTP Methods
edit_response.execute
end
else
r.execute
send_access_denied (req, res)
end
end

2
modules/admin/handler/role/cms_role_view_response.e
View File

@@ -71,7 +71,7 @@ feature -- Execution
s.append ("<div class=%"info%"> ")
s.append ("<h4>Role Information</h4>")
s.append ("<p>Role:")
s.append (a_role.name)
s.append (html_encoded (a_role.name))
s.append ("</p>")
s.append ("<h4>Permissions:</h4>")

10
modules/admin/handler/user/cms_user_form_response.e → modules/admin/handler/user/cms_admin_user_form_response.e
View File

@@ -1,10 +1,10 @@
note
description: "Summary description for {CMS_USER_FORM_RESPONSE}."
description: "Summary description for {CMS_ADMIN_USER_FORM_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_FORM_RESPONSE
CMS_ADMIN_USER_FORM_RESPONSE
inherit
CMS_RESPONSE
@@ -324,10 +324,10 @@ feature -- Form
create fs.make
fs.set_legend ("Basic User Account Information")
fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
fs.extend_html_text (a_user.name)
fs.extend_raw_text (a_user.name)
if attached a_user.email as l_email then
create fe.make_with_text ("email", l_email)
create fe.make_with_text ("email", l_email.to_string_32)
else
create fe.make_with_text ("email", "")
end
@@ -477,7 +477,7 @@ feature -- Form
api.user_api.user_by_email (l_email) = Void
then
-- Valid email
a_user.set_email (l_email)
a_user.set_email (api.utf_8_encoded (l_email))
else
if attached l_user.email as u_email and then not u_email.is_case_insensitive_equal_general (l_email) then
a_form_data.report_invalid_field ("email", "Email already exist!")

24
modules/admin/handler/user/cms_user_handler.e → modules/admin/handler/user/cms_admin_user_handler.e
View File

@@ -1,12 +1,12 @@
note
description: "[
Handler for a CMS user in the CMS interface
Administration handler for a CMS user in the CMS interface
]"
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_HANDLER
CMS_ADMIN_USER_HANDLER
inherit
CMS_HANDLER
@@ -79,12 +79,10 @@ feature -- HTTP Methods
local
l_user: detachable CMS_USER
l_uid: INTEGER_64
edit_response: CMS_USER_FORM_RESPONSE
view_response: CMS_USER_VIEW_RESPONSE
r: CMS_RESPONSE
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
view_response: CMS_ADMIN_USER_VIEW_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin users") then
if api.has_permission ("admin users") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general (api.administration_path ("/user/")) end
create edit_response.make (req, res, api)
@@ -111,18 +109,16 @@ feature -- HTTP Methods
end
end
else
r.execute
send_access_denied (req, res)
end
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_USER_FORM_RESPONSE
r: CMS_RESPONSE
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin users") then
if api.has_permission ("admin users") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
@@ -138,7 +134,7 @@ feature -- HTTP Methods
edit_response.execute
end
else
r.execute
send_access_denied (req, res)
end
end
@@ -190,7 +186,7 @@ feature {NONE} -- New User
create_new_user (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_USER_FORM_RESPONSE
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
do
if req.percent_encoded_path_info.starts_with (api.administration_path ("/add/user")) then
create edit_response.make (req, res, api)

5
modules/admin/handler/user/cms_user_view_response.e → modules/admin/handler/user/cms_admin_user_view_response.e
View File

@@ -1,10 +1,10 @@
note
description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
description: "Summary description for {CMS_ADMIN_USER_VIEW_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_VIEW_RESPONSE
CMS_ADMIN_USER_VIEW_RESPONSE
inherit
CMS_RESPONSE
@@ -27,7 +27,6 @@ feature -- Query
end
end
feature -- Execution
process

5
modules/admin/handler/user/cms_admin_users_handler.e
View File

@@ -73,8 +73,7 @@ feature -- HTTP Methods
-- get them from the configuration file and load them into
-- the setup class.
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
if l_response.has_permission ("admin users") then
if api.has_permission ("admin users") then
user_api := api.user_api
l_count := user_api.users_count
@@ -157,7 +156,7 @@ feature -- HTTP Methods
l_response.set_main_content (s)
l_response.execute
else
l_response.execute
send_access_denied (req, res)
end
end
end

4
modules/auth/cms_authentication_email_service.e
View File

@@ -81,7 +81,7 @@ feature -- Basic Operations / Internal
feature -- Basic Operations / Contact
send_account_evaluation (a_user: CMS_USER; a_application, a_url_activate, a_url_reject, a_host: READABLE_STRING_8)
send_account_evaluation (a_user: CMS_USER; a_application: READABLE_STRING_GENERAL; a_url_activate, a_url_reject, a_host: READABLE_STRING_8)
-- Send new user register to webmaster to confirm or reject itt.
local
l_message: STRING
@@ -95,7 +95,7 @@ feature -- Basic Operations / Contact
else
l_message.replace_substring_all ("$email", "unknown email")
end
l_message.replace_substring_all ("$application", a_application)
l_message.replace_substring_all ("$application", cms_api.utf_8_encoded (a_application))
l_message.replace_substring_all ("$activation_url", a_url_activate)
l_message.replace_substring_all ("$rejection_url", a_url_reject)
send_message (contact_email_address, contact_email_address, parameters.contact_subject_account_evaluation, l_message)

11
modules/auth/cms_authentication_email_service_parameters.e
View File

@@ -13,7 +13,6 @@ feature {NONE} -- Initialization
make (a_cms_api: CMS_API)
local
utf: UTF_CONVERTER
s: detachable READABLE_STRING_32
l_utf8_site_name: IMMUTABLE_STRING_8
l_contact_email, l_subject_register, l_subject_activate, l_subject_password, l_subject_oauth: detachable READABLE_STRING_8
@@ -31,23 +30,23 @@ feature {NONE} -- Initialization
if attached a_cms_api.module_configuration_by_name ({CMS_AUTHENTICATION_MODULE}.name, Void) as cfg then
s := cfg.text_item ("email")
if s /= Void then
l_contact_email := utf.utf_32_string_to_utf_8_string_8 (s)
l_contact_email := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_register")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_register := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_activate")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_register := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_password")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_register := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_oauth")
if s /= Void then
l_subject_oauth := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_oauth := cms_api.utf_8_encoded (s)
end
end
if l_contact_email = Void then

44
modules/auth/cms_authentication_module.e
View File

@@ -65,6 +65,7 @@ feature -- Access
Result.force ("account reject")
Result.force ("account reactivate")
Result.force ("change own username")
Result.force ("view user")
end
feature {CMS_EXECUTION} -- Administration
@@ -123,6 +124,8 @@ feature -- Router
a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password(a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password(a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/change/{field}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_change_field (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/user/{uid}", create {CMS_USER_HANDLER}.make (a_api), a_router.methods_get)
end
feature -- Hooks configuration
@@ -382,7 +385,7 @@ feature -- Handler
l_exist := True
end
if attached recaptcha_secret_key (api) as l_recaptcha_key then
if attached {WSF_STRING} req.form_parameter ("g-recaptcha-response") as l_recaptcha_response and then is_captcha_verified (l_recaptcha_key, l_recaptcha_response.value) then
if attached {WSF_STRING} req.form_parameter ("g-recaptcha-response") as l_recaptcha_response and then is_captcha_verified (l_recaptcha_key, l_recaptcha_response.url_encoded_value) then
l_captcha_passed := True
else
--| Bad or missing captcha
@@ -428,15 +431,13 @@ feature -- Handler
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("There were issue with your application, invalid or missing values.")
api.response_api.send_bad_request ("There were issue with your application, invalid or missing values.", req, res)
end
end
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You can also contact the webmaster to ask for an account.")
api.response_api.send_permissions_access_denied ("You can also contact the webmaster to ask for an account.", Void, req, res)
end
r.execute
end
handle_activation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -500,8 +501,7 @@ feature -- Handler
l_ir.execute
end
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
api.response_api.send_access_denied (Void, req, res)
end
end
@@ -536,8 +536,7 @@ feature -- Handler
l_ir.execute
end
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
api.response_api.send_access_denied (Void, req, res)
end
end
@@ -551,8 +550,8 @@ feature -- Handler
l_url_reject: STRING
l_email: READABLE_STRING_8
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("account reactivate") then
if api.has_permission ("account reactivate") then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if req.is_post_request_method then
if attached {WSF_STRING} req.form_parameter ("email") as p_email then
if p_email.value.is_valid_as_string_8 then
@@ -587,11 +586,10 @@ feature -- Handler
end
end
end
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
else
api.response_api.send_access_denied (Void, req, res)
end
r.execute
end
handle_new_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -700,7 +698,7 @@ feature -- Handler
l_fieldname := p_field.url_encoded_value
end
if l_fieldname = Void then
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
api.response_api.send_bad_request (Void, req, res)
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
@@ -814,8 +812,8 @@ feature -- Handler
end
r.set_main_content (b)
end
r.execute
end
r.execute
end
block_list: ITERABLE [like {CMS_BLOCK}.name]
@@ -1118,36 +1116,30 @@ feature -- Access: configuration
form_registration_application_description (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if attached cfg.text_item ("forms.registration.application_description") as l_desc and then not l_desc.is_whitespace then
Result := utf.utf_32_string_to_utf_8_string_8 (l_desc)
Result := api.utf_8_encoded (l_desc)
end
end
end
recaptcha_secret_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if attached cfg.text_item ("recaptcha.secret_key") as l_recaptcha_key and then not l_recaptcha_key.is_empty then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end
recaptcha_site_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if attached cfg.text_item ("recaptcha.site_key") as l_recaptcha_key and then not l_recaptcha_key.is_empty then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end

5
modules/auth/cms_authentication_module_administration.e
View File

@@ -54,9 +54,8 @@ feature -- Request handling
-- get them from the configuration file and load them into
-- the setup class.
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
if
l_response.has_permission ("admin registration")
api.has_permission ("admin registration")
then
l_user_api := api.user_api
@@ -127,7 +126,7 @@ feature -- Request handling
l_response.set_main_content (s)
l_response.execute
else
l_response.execute
api.response_api.send_access_denied (Void, req, res)
end
end

103
modules/auth/cms_user_handler.e Normal file
View File

@@ -0,0 +1,103 @@
note
description: "[
Handler for a CMS user in the CMS interface
]"
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
rename
execute as uri_execute,
new_mapping as new_uri_mapping
end
WSF_URI_TEMPLATE_HANDLER
rename
execute as uri_template_execute,
new_mapping as new_uri_template_mapping
select
new_uri_template_mapping
end
WSF_RESOURCE_HANDLER_HELPER
redefine
do_get
end
REFACTORING_HELPER
create
make
feature -- execute
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute_methods (req, res)
end
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
feature -- Query
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("uid") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
local
l_user: detachable CMS_USER
l_uid: INTEGER_64
view_response: CMS_USER_VIEW_RESPONSE
do
if api.has_permission ("view user") then
-- Display existing node
l_uid := user_id_path_parameter (req)
if l_uid > 0 then
l_user := api.user_api.user_by_id (l_uid)
if
l_user /= Void
then
create view_response.make (req, res, api)
view_response.execute
else
send_not_found (req, res)
end
else
send_bad_request (req, res)
end
else
send_access_denied (req, res)
end
end
end

103
modules/auth/cms_user_view_response.e Normal file
View File

@@ -0,0 +1,103 @@
note
description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_VIEW_RESPONSE
inherit
CMS_RESPONSE
create
make
feature -- Query
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("uid") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- Process
process
-- Computed response message.
local
b: STRING_8
uid: INTEGER_64
user_api: CMS_USER_API
f: CMS_FORM
do
user_api := api.user_api
create b.make_empty
uid := user_id_path_parameter (request)
if
uid > 0 and then
attached user_api.user_by_id (uid) as l_user
then
if
api.has_permission ("view user")
or l_user.same_as (user) -- Same user
then
f := new_view_form (l_user, request.request_uri, "view-user")
f.append_to_html (wsf_theme, b)
else
b.append ("You don't have the permission to view this user!")
end
else
b.append ("User not found!")
end
set_main_content (b)
end
feature -- Process Edit
new_view_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING): CMS_FORM
-- Create a web form named `a_name' for user `a_user' (if set), using form action url `a_url'.
local
th: WSF_FORM_HIDDEN_INPUT
do
create Result.make (a_url, a_name)
create th.make ("user-id")
if a_user /= Void then
th.set_text_value (a_user.id.out)
else
th.set_text_value ("0")
end
Result.extend (th)
populate_form (Result, a_user)
end
populate_form (a_form: WSF_FORM; a_user: detachable CMS_USER)
-- Fill the web form `a_form' with data from `a_node' if set,
-- and apply this to content type `a_content_type'.
local
ti: WSF_FORM_TEXT_INPUT
fs: WSF_FORM_FIELD_SET
do
if a_user /= Void then
create fs.make
fs.set_legend ("User Information")
create ti.make_with_text ("profile_name", a_user.name)
if attached a_user.profile_name as l_profile_name then
ti.set_text_value (l_profile_name)
end
ti.set_label ("Profile name")
ti.set_is_readonly (True)
fs.extend (ti)
a_form.extend (fs)
end
end
end

8
modules/blog/handler/blog_user_handler.e
View File

@@ -37,8 +37,6 @@ feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
local
l_error: NOT_FOUND_ERROR_CMS_RESPONSE
do
check user_void: user = Void end
if attached user_from_request (req) as l_user then
@@ -47,13 +45,11 @@ feature -- HTTP Methods
Precursor (req, res)
else
-- Throw a bad request error because the user is not valid
create l_error.make (req, res, api)
if attached user_parameter (req) as l_user_id then
l_error.set_main_content ("<h1>Error</h1>User with id " + api.html_encoded (l_user_id) + " not found!</h1>")
api.response_api.send_not_found ("<h1>Error</h1>User with id " + api.html_encoded (l_user_id) + " not found!</h1>", req, res)
else
l_error.set_main_content ("<h1>Error</h1>User not found!</h1>")
api.response_api.send_not_found ("<h1>Error</h1>User not found!</h1>", req, res)
end
l_error.execute
end
user := Void
end

8
modules/contact/src/cms_contact_module.e
View File

@@ -123,30 +123,26 @@ feature -- Recaptcha
recaptcha_secret_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if
attached cfg.text_item ("recaptcha.secret_key") as l_recaptcha_key and then
not l_recaptcha_key.is_empty
then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end
recaptcha_site_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if
attached cfg.text_item ("recaptcha.site_key") as l_recaptcha_key and then
not l_recaptcha_key.is_empty
then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end

7
modules/contact/src/contact_email_service_parameters.e
View File

@@ -13,13 +13,12 @@ feature {NONE} -- Initialization
make (a_cms_api: CMS_API; a_contact_module: CMS_CONTACT_MODULE)
local
utf: UTF_CONVERTER
l_site_name: READABLE_STRING_8
s: detachable READABLE_STRING_32
l_contact_email, l_contact_subject: detachable READABLE_STRING_8
do
-- Use global smtp setting if any, otherwise "localhost"
l_site_name := utf.escaped_utf_32_string_to_utf_8_string_8 (a_cms_api.setup.site_name)
l_site_name := a_cms_api.utf_8_encoded (a_cms_api.setup.site_name)
admin_email := a_cms_api.setup.site_email
if not admin_email.has ('<') then
@@ -29,11 +28,11 @@ feature {NONE} -- Initialization
if attached {CONFIG_READER} a_cms_api.module_configuration (a_contact_module, Void) as cfg then
s := cfg.text_item ("email")
if s /= Void then
l_contact_email := utf.utf_32_string_to_utf_8_string_8 (s)
l_contact_email := a_cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject")
if s /= Void then
l_contact_subject := utf.utf_32_string_to_utf_8_string_8 (s)
l_contact_subject := a_cms_api.utf_8_encoded (s)
end
end
if l_contact_email /= Void then

5
modules/contact/src/persistence/contact_storage_fs.e
View File

@@ -25,7 +25,6 @@ feature -- Change
save_contact_message (m: CONTACT_MESSAGE)
local
s: STRING
utf: UTF_CONVERTER
now: DATE_TIME
do
error_handler.reset
@@ -38,7 +37,7 @@ feature -- Change
s.append (m.date.out)
s.append_character ('%N')
s.append ("name=")
s.append (utf.utf_32_string_to_utf_8_string_8 (m.username))
s.append (api.utf_8_encoded (m.username))
s.append_character ('%N')
if attached m.email as l_email then
@@ -47,7 +46,7 @@ feature -- Change
s.append_character ('%N')
end
s.append ("message=%N")
s.append (utf.utf_32_string_to_utf_8_string_8 (m.message))
s.append (api.utf_8_encoded (m.message))
s.append_character ('%N')
save_to_file (s, date_to_yyyymmdd_hhmmss_string (now))

12
modules/embedded_video/src/video_content_filter.e
View File

@@ -253,11 +253,19 @@ feature {NONE} -- Implementation
end
replace_substring_all (s: STRING_GENERAL; a_old: READABLE_STRING_8; a_new: STRING_GENERAL)
local
utf: UTF_CONVERTER
do
if attached {STRING_8} s as s8 then
s8.replace_substring_all (a_old, a_new.to_string_8)
if a_new.is_valid_as_string_8 then
s8.replace_substring_all (a_old, a_new.to_string_8)
else
check a_new_is_string_8: False end
-- Use UTF-8 for now.
s8.replace_substring_all (a_old, utf.utf_32_string_to_utf_8_string_8 (a_new))
end
elseif attached {STRING_32} s as s32 then
s32.replace_substring_all (a_old, a_new)
s32.replace_substring_all (a_old.to_string_32, a_new)
end
end

9
modules/feed_aggregator/feed_aggregator_api.e
View File

@@ -35,7 +35,6 @@ feature -- Access
l_feed_id: READABLE_STRING_32
l_title: detachable READABLE_STRING_GENERAL
l_locations: detachable STRING_TABLE [READABLE_STRING_8]
utf: UTF_CONVERTER
l_table: like internal_aggregations
do
l_table := internal_aggregations
@@ -56,20 +55,20 @@ feature -- Access
across
l_location_list as loc_ic
loop
l_locations.force (utf.utf_32_string_to_utf_8_string_8 (loc_ic.item), loc_ic.item)
l_locations.force (cms_api.utf_8_encoded (loc_ic.item), loc_ic.item)
end
end
if attached cfg.text_table_item ({STRING_32} "feeds." + l_feed_id + ".locations") as l_location_table then
across
l_location_table as loc_tb_ic
loop
l_locations.force (utf.utf_32_string_to_utf_8_string_8 (loc_tb_ic.item), loc_tb_ic.key)
l_locations.force (cms_api.utf_8_encoded (loc_tb_ic.item), loc_tb_ic.key)
end
end
if
attached cfg.text_item ({STRING_32} "feeds." + l_feed_id + ".location") as l_location
then
l_locations.force (utf.utf_32_string_to_utf_8_string_8 (l_location), l_location)
l_locations.force (cms_api.utf_8_encoded (l_location), l_location)
end
if l_locations /= Void and then not l_locations.is_empty then
l_title := cfg.text_item ({STRING_32} "feeds." + l_feed_id + ".title")
@@ -93,7 +92,7 @@ feature -- Access
across
l_locations as loc_ic
loop
agg.locations.force (utf.utf_32_string_to_utf_8_string_8 (loc_ic.item))
agg.locations.force (cms_api.utf_8_encoded (loc_ic.item))
end
Result.force (agg, l_feed_id)
if attached cfg.text_list_item ({STRING_32} "feeds." + l_feed_id + ".categories") as l_cats then

9
modules/feed_aggregator/feed_aggregator_module.e
View File

@@ -98,8 +98,7 @@ feature -- Handle
m.header.put_content_type_text_html
res.send (m)
else
create {NOT_FOUND_ERROR_CMS_RESPONSE} r.make (req, res, a_api)
r.execute
a_api.response_api.send_not_found (Void, req, res)
end
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_api)
@@ -143,8 +142,7 @@ feature -- Handle
r.execute
end
else
create {NOT_FOUND_ERROR_CMS_RESPONSE} r.make (req, res, a_api)
r.execute
a_api.response_api.send_not_found (Void, req, res)
end
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_api)
@@ -199,7 +197,6 @@ feature -- Hook
-- List of block names, managed by current object.
local
res: ARRAYED_LIST [like {CMS_BLOCK}.name]
utf_conv: UTF_CONVERTER
do
if
attached feed_aggregator_api as l_feed_api and then
@@ -209,7 +206,7 @@ feature -- Hook
across
l_aggs as ic
loop
res.force ("?feed." + utf_conv.utf_32_string_to_utf_8_string_8 (ic.item))
res.force ("?feed." + utf_8_encoded (ic.item))
end
else
create res.make (0)

19
modules/files/cms_files_module.e
View File

@@ -140,8 +140,8 @@ feature -- Handler
do
check req.is_get_request_method end
if not api.has_permission (browse_files_permission) then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.add_error_message ("You are not allowed to browse CMS files!")
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<browse_files_permission>>)
r.add_error_message ("You are not allowed to browse files!")
elseif attached {WSF_STRING} req.path_parameter ("filename") as p_filename then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
@@ -276,7 +276,7 @@ feature -- Handler
body.append ("<form action=%"" + r.url (uploads_location, Void) + "%" class=%"dropzone%">")
body.append ("</form>%N")
body.append ("<a href=%""+ r.url (uploads_location, Void) +"?basic_upload=yes%">Use basic file uploading.</a>%N")
body.append ("<a href=%""+ r.url (uploads_location, Void) + "?basic_upload=yes%">Use basic file uploading.</a>%N")
end
body.append ("</div>")
end
@@ -284,15 +284,15 @@ feature -- Handler
if req.is_get_head_request_method then
-- Build the response.
if r.has_permission (browse_files_permission) then
body.append ("<br/><div class=%"center%"><a class=%"button%" href=%""+ r.url (uploads_location, Void) +"%">Refresh uploaded</a></div>")
body.append ("<br/><div class=%"center%"><a class=%"button%" href=%"" + r.url (uploads_location, Void) + "%">Refresh uploaded</a></div>")
append_uploaded_file_album_to (req, api, body)
else
r.add_warning_message ("You are not allowed to browse files!")
end
end
r.set_main_content (body)
r.execute
elseif req.is_post_request_method then
if api.has_permission (upload_files_permission) then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
@@ -305,14 +305,13 @@ feature -- Handler
r.set_redirection (r.url (uploads_location, Void))
end
r.set_main_content (body)
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You are not allowed to upload file!")
api.response_api.send_permissions_access_denied ("You are not allowed to upload file!", <<upload_files_permission>>, req, res)
end
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
api.response_api.send_bad_request (Void, req, res)
end
r.execute
end
process_uploaded_files (req: WSF_REQUEST; api: CMS_API; a_output: STRING)
@@ -472,7 +471,7 @@ feature -- Handler
do
if attached files_api as l_files_api then
if not api.has_permission (admin_files_permission) then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<admin_files_permission>>)
r.add_error_message ("You are not allowed to remove file!")
elseif attached {WSF_STRING} req.path_parameter ("filename") as p_filename then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)

12
modules/files/cms_uploaded_file.e
View File

@@ -83,14 +83,16 @@ feature -- Element change
-- sets `a_number' after the name. This is done when the file was already uploaded
local
position: INTEGER_32
new_name: STRING_8
new_name: STRING_32
l_uploaded_file_string_representation: READABLE_STRING_32
do
position := uploaded_file.string_representation.index_of ('.', 1)
l_uploaded_file_string_representation := uploaded_file.string_representation
position := l_uploaded_file_string_representation.index_of ('.', 1)
create new_name.make_empty
new_name := uploaded_file.string_representation.head (position-1)
new_name.append ("_(" + a_number.out + ")")
new_name.append (uploaded_file.string_representation.substring (position, uploaded_file.string_representation.count))
new_name := l_uploaded_file_string_representation.head (position-1)
new_name.append_string_general ("_(" + a_number.out + ")")
new_name.append (l_uploaded_file_string_representation.substring (position, l_uploaded_file_string_representation.count))
location := uploads_directory.extended (new_name)
end

4
modules/google_search_20/src/google_custom_search_module_20.e
View File

@@ -57,15 +57,13 @@ feature -- GCSE Keys
gcse_cx_key (api: CMS_API): detachable READABLE_STRING_8
-- Get google custom search engine id.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if
attached cfg.text_item ("gcse.search_engine_id") as l_gcse_cx_key and then
not l_gcse_cx_key.is_empty
then
Result := utf.utf_32_string_to_utf_8_string_8 (l_gcse_cx_key)
Result := api.utf_8_encoded (l_gcse_cx_key)
end
end
end

9
modules/messaging/src/cms_messaging_module.e
View File

@@ -223,12 +223,12 @@ $(document).ready(function() {
local
r: CMS_RESPONSE
do
if api.has_permission ("use messaging") or api.has_permission ("message any user") then
if api.has_permissions (<<"use messaging", "message any user">>) then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.values.force ("messaging", "messaging")
r.set_main_content (new_html_messaging_form (r, api))
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<"use messaging", "message any user">>)
end
r.execute
end
@@ -314,7 +314,7 @@ $(document).ready(function() {
end
r.set_main_content (s)
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<"message any user">>)
end
r.execute
end
@@ -337,9 +337,8 @@ feature {NONE} -- Contact Message
resolved_template_text (api: CMS_API; a_text: READABLE_STRING_GENERAL; a_target_user: detachable CMS_USER): STRING_8
local
smt: CMS_SMARTY_TEMPLATE_TEXT
utf: UTF_CONVERTER
do
create smt.make (utf.utf_32_string_to_utf_8_string_8 (a_text))
create smt.make (api.utf_8_encoded (a_text))
across
api.builtin_variables as vars_ic
loop

2
modules/node/cms_node_module.e
View File

@@ -372,7 +372,7 @@ feature -- Hooks
loop
if
attached ic.item.typename as l_typename and then
across l_node_typenames as t_ic some t_ic.item.same_string (l_typename) end
across l_node_typenames as t_ic some t_ic.item.same_string_general (l_typename) end
then
if ic.item.entity.is_integer then
nid := ic.item.entity.to_integer_64

6
modules/node/handler/cms_node_type_webform_manager.e
View File

@@ -142,8 +142,8 @@ feature -- Forms ...
ti.set_description ("Optionally specify an alternative URL path by which this content can be accessed.<br/>%NFor example, type 'about' when writing an about page. Use a relative path or the URL alias won't work.")
end
ti.set_text_value (l_uri)
ti.set_placeholder (l_auto_path_alias)
ti.set_text_value (l_uri.to_string_32)
ti.set_placeholder (l_auto_path_alias.to_string_32)
ti.set_validation_action (agent (fd: WSF_FORM_DATA; ia_response: NODE_RESPONSE; ia_node: detachable CMS_NODE)
do
if
@@ -204,7 +204,7 @@ feature -- Forms ...
end
-- Auto path alias / suggestion
create thi.make ("auto_path_alias")
thi.set_text_value (l_auto_path_alias)
thi.set_text_value (l_auto_path_alias.to_string_32)
thi.set_is_readonly (True)
f.insert_before (thi, w)
end

6
modules/node/handler/node_form_response.e
View File

@@ -241,7 +241,11 @@ feature -- Form
if attached fd.string_item ("content") as l_content then
b.append ("<strong>Content:</strong><div class=%"content%">")
if l_format /= Void then
b.append (l_format.formatted_output (l_content))
if l_content.is_valid_as_string_8 then
b.append (l_format.formatted_output (l_content.to_string_8))
else
b.append (l_format.formatted_output (api.utf_8_encoded (l_content)))
end
else
b.append (html_encoded (l_content))
end

17
modules/node/handler/node_handler.e
View File

@@ -75,6 +75,14 @@ feature -- Query
end
end
feature -- Permissions
view_unpublished_permissions (a_node: CMS_NODE): ITERABLE [READABLE_STRING_8]
-- Permissions to view unpublished node `a_node`.
do
Result := <<"view unpublished " + a_node.content_type>>
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -148,7 +156,7 @@ feature -- HTTP Methods
attached api.user as l_user and then
( node_api.is_author_of_node (l_user, l_node)
or else (
api.user_has_permission (l_user, "view unpublished " + l_node.content_type)
api.user_has_permissions (l_user, view_unpublished_permissions (l_node))
)
)
then
@@ -403,15 +411,10 @@ feature -- Error
send_access_denied_to_unpublished_node (req: WSF_REQUEST; res: WSF_RESPONSE; a_node: CMS_NODE)
-- Forbidden response.
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("This content is NOT published!")
r.execute
send_custom_access_denied ("This content is NOT published!", view_unpublished_permissions (a_node), req, res)
end
feature {NONE} -- Node
create_new_node (req: WSF_REQUEST; res: WSF_RESPONSE)

3
modules/node/handler/trash_handler.e
View File

@@ -86,8 +86,7 @@ feature -- HTTP Methods
-- l_page.add_block (create {CMS_CONTENT_BLOCK}.make ("nodes_warning", Void, "/nodes/ is not yet fully implemented<br/>", Void), "highlighted")
l_page.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
l_page.execute
send_custom_access_denied (Void, <<"view trash", "view any trash", "view own trash">>, req, res)
end
end

2
modules/openid/cms_openid_api.e
View File

@@ -79,7 +79,7 @@ feature -- Access: Consumers OAuth20
Result := openid_storage.openid_consumers
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
do
Result := openid_storage.openid_consumer_by_name (a_name)

12
modules/openid/cms_openid_module.e
View File

@@ -226,7 +226,7 @@ feature -- Hooks
create o.make (req.absolute_script_url ("/account/auth/login-with-openid"))
o.ask_email (True)
o.ask_all_info (False)
if attached o.auth_url (p_openid) as l_url then
if p_openid.is_valid_as_string_8 and then attached o.auth_url (p_openid.to_string_8) as l_url then
r.set_redirection (l_url)
else
s.append (" Failure")
@@ -248,7 +248,7 @@ feature -- Hooks
attached {WSF_STRING} req.cookie (a_openid_api.session_token) as l_cookie_token
then
-- Logout OAuth
create l_cookie.make (a_openid_api.session_token, l_cookie_token.value)
create l_cookie.make (a_openid_api.session_token, l_cookie_token.url_encoded_value)
l_cookie.set_path ("/")
l_cookie.set_max_age (-1)
res.add_cookie (l_cookie)
@@ -335,6 +335,7 @@ feature -- Openid Login
b: STRING
o: OPENID_CONSUMER
v: OPENID_CONSUMER_VALIDATION
l_email: STRING_8
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
create b.make_empty
@@ -346,8 +347,9 @@ feature -- Openid Login
v.validate
if v.is_valid then
if attached v.identity as l_identity and then
attached v.email_attribute as l_email
attached v.email_attribute as l_email_attrib
then
l_email := api.utf_8_encoded (l_email_attrib)
l_user_api := api.user_api
if attached l_user_api.user_by_email (l_email) as p_user then
-- User with email exist
@@ -355,7 +357,7 @@ feature -- Openid Login
-- Update openid entry?
else
-- create a oauth entry
a_openid_api.new_user_openid (l_identity,p_user)
a_openid_api.new_user_openid (l_identity, p_user)
end
create l_cookie.make (a_openid_api.session_token, l_identity)
l_cookie.set_max_age (a_openid_api.session_max_age)
@@ -368,7 +370,7 @@ feature -- Openid Login
l_roles.force (l_user_api.authenticated_user_role)
-- Create a new user and oauth entry
create l_user.make (l_email)
create l_user.make (l_email_attrib)
l_user.set_email (l_email)
l_user.set_password (new_token) -- generate a random password.
l_user.set_roles (l_roles)

4
modules/openid/persitence/cms_openid_storage_i.e
View File

@@ -37,7 +37,7 @@ feature -- Access: Consumers
deferred
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
deferred
end
@@ -49,6 +49,6 @@ feature -- Change: User Oauth2
deferred
end
end

2
modules/openid/persitence/cms_openid_storage_null.e
View File

@@ -39,7 +39,7 @@ feature -- Access: Consumers
create {ARRAYED_LIST[STRING]}Result.make(0)
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- <Precursor>
do
end

2
modules/openid/persitence/cms_openid_storage_sql.e
View File

@@ -99,7 +99,7 @@ feature --Access: Consumers
sql_finalize
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
local
l_parameters: STRING_TABLE [detachable ANY]

13
modules/recent_changes/cms_recent_changes_module.e
View File

@@ -141,7 +141,7 @@ feature -- Hook
create s.make_empty
if attached ch.information as l_information then
s.append (l_information)
s.append_string_general (l_information)
end
if attached ch.summary as sum then
if not s.is_empty then
@@ -248,9 +248,9 @@ feature -- Handler
l_size := 25
end
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("view recent changes") then
l_user := r.user
if api.has_permission ("view recent changes") then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
l_user := api.user
create l_changes.make (l_size, l_until_date, l_filter_source)
create l_content.make (1024)
@@ -406,11 +406,10 @@ feature -- Handler
create htdate.make_from_date_time (l_until_date)
r.set_title ("Recent changes before " + htdate.string)
end
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
api.response_api.send_permissions_access_denied (Void, <<"view recent changes">>, req, res)
end
r.execute
end
feature -- Hooks configuration

3
modules/sitemap/cms_sitemap_module.e
View File

@@ -123,8 +123,7 @@ feature -- Handler
mesg.set_payload (l_sitemap_xml)
res.send (mesg)
else
create {NOT_FOUND_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
api.response_api.send_not_found (Void, req, res)
end
end
end

4
modules/taxonomy/handler/taxonomy_handler.e
View File

@@ -143,11 +143,11 @@ feature -- HTTP Methods
s.append ("No entity found.")
end
l_page.set_main_content (s)
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {NOT_FOUND_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
send_not_found (req, res)
end
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {BAD_REQUEST_ERROR_CMS_RESPONSE} l_page.make (req, res, api)

8
modules/taxonomy/handler/taxonomy_vocabulary_admin_handler.e
View File

@@ -277,13 +277,13 @@ feature -- HTTP Methods
l_typename := ic.item.name
create w_cb.make_with_value ("typenames[]", api.html_encoded (l_typename))
w_cb.set_title (ic.item.name)
w_cb.set_title (ic.item.name.to_string_32)
wtb_row.set_item (create {WSF_WIDGET_TABLE_ITEM}.make_with_content (w_cb), 1)
v := Void
if
l_typenames /= Void and then
across l_typenames as tn_ic some l_typename.is_case_insensitive_equal (tn_ic.item) end
across l_typenames as tn_ic some l_typename.is_case_insensitive_equal_general (tn_ic.item) end
then
w_cb.set_checked (True)
if attached taxonomy_api.vocabularies_for_type (l_typename) as v_list then
@@ -319,11 +319,11 @@ feature -- HTTP Methods
create s.make_empty
f.append_to_html (l_page.wsf_theme, s)
l_page.set_main_content (s)
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {NOT_FOUND_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
send_not_found (req, res)
end
l_page.execute
end
do_get_vocabularies (req: WSF_REQUEST; res: WSF_RESPONSE)

4
modules/taxonomy/handler/taxonomy_vocabulary_handler.e
View File

@@ -99,11 +99,11 @@ feature -- HTTP Methods
end
s.append ("</ul>")
l_page.set_main_content (s)
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {NOT_FOUND_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
send_not_found (req, res)
end
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)