Removed obsolete calls, harmonized predefine response, added non admin user pages.
When access is denied, also provide when possible and wanted, the needed
permissions so that in the future, user will be able to ask for
permission easily.
Renamed previous user handlers as admin user handlers.
Added non admin user handler /user/{uid} .
Add new `send_...` response to `CMS_API.response_api`, and use them
instead of `create {...RESPONSE}.... ; execute`.
Fixed potential issue with storage mailer initialization if folder does
not exist.
Added utf_8_encoded helpers function on CMS_API interface.
Fixed a few unicode potential issues.
Removed a few obsolete calls.
This commit is contained in:
Jocelyn Fiat
@@ -1,10 +1,10 @@
|
||||
note
|
||||
description: "Summary description for {CMS_USER_FORM_RESPONSE}."
|
||||
description: "Summary description for {CMS_ADMIN_USER_FORM_RESPONSE}."
|
||||
date: "$Date$"
|
||||
revision: "$Revision$"
|
||||
|
||||
class
|
||||
CMS_USER_FORM_RESPONSE
|
||||
CMS_ADMIN_USER_FORM_RESPONSE
|
||||
|
||||
inherit
|
||||
CMS_RESPONSE
|
||||
@@ -324,10 +324,10 @@ feature -- Form
|
||||
create fs.make
|
||||
fs.set_legend ("Basic User Account Information")
|
||||
fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
|
||||
fs.extend_html_text (a_user.name)
|
||||
fs.extend_raw_text (a_user.name)
|
||||
|
||||
if attached a_user.email as l_email then
|
||||
create fe.make_with_text ("email", l_email)
|
||||
create fe.make_with_text ("email", l_email.to_string_32)
|
||||
else
|
||||
create fe.make_with_text ("email", "")
|
||||
end
|
||||
@@ -477,7 +477,7 @@ feature -- Form
|
||||
api.user_api.user_by_email (l_email) = Void
|
||||
then
|
||||
-- Valid email
|
||||
a_user.set_email (l_email)
|
||||
a_user.set_email (api.utf_8_encoded (l_email))
|
||||
else
|
||||
if attached l_user.email as u_email and then not u_email.is_case_insensitive_equal_general (l_email) then
|
||||
a_form_data.report_invalid_field ("email", "Email already exist!")
|
||||
@@ -1,12 +1,12 @@
|
||||
note
|
||||
description: "[
|
||||
Handler for a CMS user in the CMS interface
|
||||
Administration handler for a CMS user in the CMS interface
|
||||
]"
|
||||
date: "$Date$"
|
||||
revision: "$Revision$"
|
||||
|
||||
class
|
||||
CMS_USER_HANDLER
|
||||
CMS_ADMIN_USER_HANDLER
|
||||
|
||||
inherit
|
||||
CMS_HANDLER
|
||||
@@ -79,12 +79,10 @@ feature -- HTTP Methods
|
||||
local
|
||||
l_user: detachable CMS_USER
|
||||
l_uid: INTEGER_64
|
||||
edit_response: CMS_USER_FORM_RESPONSE
|
||||
view_response: CMS_USER_VIEW_RESPONSE
|
||||
r: CMS_RESPONSE
|
||||
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
|
||||
view_response: CMS_ADMIN_USER_VIEW_RESPONSE
|
||||
do
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
if r.has_permission ("admin users") then
|
||||
if api.has_permission ("admin users") then
|
||||
if req.percent_encoded_path_info.ends_with_general ("/edit") then
|
||||
check valid_url: req.percent_encoded_path_info.starts_with_general (api.administration_path ("/user/")) end
|
||||
create edit_response.make (req, res, api)
|
||||
@@ -111,18 +109,16 @@ feature -- HTTP Methods
|
||||
end
|
||||
end
|
||||
else
|
||||
r.execute
|
||||
send_access_denied (req, res)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
edit_response: CMS_USER_FORM_RESPONSE
|
||||
r: CMS_RESPONSE
|
||||
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
|
||||
do
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
if r.has_permission ("admin users") then
|
||||
if api.has_permission ("admin users") then
|
||||
if req.percent_encoded_path_info.ends_with_general ("/edit") then
|
||||
create edit_response.make (req, res, api)
|
||||
edit_response.execute
|
||||
@@ -138,7 +134,7 @@ feature -- HTTP Methods
|
||||
edit_response.execute
|
||||
end
|
||||
else
|
||||
r.execute
|
||||
send_access_denied (req, res)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -190,7 +186,7 @@ feature {NONE} -- New User
|
||||
|
||||
create_new_user (req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
edit_response: CMS_USER_FORM_RESPONSE
|
||||
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
|
||||
do
|
||||
if req.percent_encoded_path_info.starts_with (api.administration_path ("/add/user")) then
|
||||
create edit_response.make (req, res, api)
|
||||
@@ -1,10 +1,10 @@
|
||||
note
|
||||
description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
|
||||
description: "Summary description for {CMS_ADMIN_USER_VIEW_RESPONSE}."
|
||||
date: "$Date$"
|
||||
revision: "$Revision$"
|
||||
|
||||
class
|
||||
CMS_USER_VIEW_RESPONSE
|
||||
CMS_ADMIN_USER_VIEW_RESPONSE
|
||||
|
||||
inherit
|
||||
CMS_RESPONSE
|
||||
@@ -27,7 +27,6 @@ feature -- Query
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
feature -- Execution
|
||||
|
||||
process
|
||||
@@ -73,8 +73,7 @@ feature -- HTTP Methods
|
||||
-- get them from the configuration file and load them into
|
||||
-- the setup class.
|
||||
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
|
||||
if l_response.has_permission ("admin users") then
|
||||
if api.has_permission ("admin users") then
|
||||
user_api := api.user_api
|
||||
|
||||
l_count := user_api.users_count
|
||||
@@ -157,7 +156,7 @@ feature -- HTTP Methods
|
||||
l_response.set_main_content (s)
|
||||
l_response.execute
|
||||
else
|
||||
l_response.execute
|
||||
send_access_denied (req, res)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user