Removed obsolete calls, harmonized predefine response, added non admin user pages.

When access is denied, also provide when possible and wanted, the needed
permissions so that in the future, user will be able to ask for
permission easily.
Renamed previous user handlers as admin user handlers.
Added non admin user handler /user/{uid} .
Add new `send_...` response to `CMS_API.response_api`, and use them
instead of `create {...RESPONSE}.... ; execute`.
Fixed potential issue with storage mailer initialization if folder does
not exist.
Added utf_8_encoded helpers function on CMS_API interface.
Fixed a few unicode potential issues.
Removed a few obsolete calls.

modules/auth/cms_authentication_email_service.e

@@ -81,7 +81,7 @@ feature -- Basic Operations / Internal
 
 feature -- Basic Operations / Contact
 
-	send_account_evaluation (a_user: CMS_USER; a_application, a_url_activate, a_url_reject, a_host: READABLE_STRING_8)
+	send_account_evaluation (a_user: CMS_USER; a_application: READABLE_STRING_GENERAL; a_url_activate, a_url_reject, a_host: READABLE_STRING_8)
 			-- Send new user register to webmaster to confirm or reject itt.
 		local
 			l_message: STRING
@@ -95,7 +95,7 @@ feature -- Basic Operations / Contact
 			else
 				l_message.replace_substring_all ("$email", "unknown email")
 			end
-			l_message.replace_substring_all ("$application", a_application)
+			l_message.replace_substring_all ("$application", cms_api.utf_8_encoded (a_application))
 			l_message.replace_substring_all ("$activation_url", a_url_activate)
 			l_message.replace_substring_all ("$rejection_url", a_url_reject)
 			send_message (contact_email_address, contact_email_address, parameters.contact_subject_account_evaluation, l_message)

modules/auth/cms_authentication_email_service_parameters.e

@@ -13,7 +13,6 @@ feature {NONE} -- Initialization
 
 	make (a_cms_api: CMS_API)
 		local
-			utf: UTF_CONVERTER
 			s: detachable READABLE_STRING_32
 			l_utf8_site_name: IMMUTABLE_STRING_8
 			l_contact_email, l_subject_register, l_subject_activate, l_subject_password, l_subject_oauth: detachable READABLE_STRING_8
@@ -31,23 +30,23 @@ feature {NONE} -- Initialization
 			if attached a_cms_api.module_configuration_by_name ({CMS_AUTHENTICATION_MODULE}.name, Void) as cfg then
 				s := cfg.text_item ("email")
 				if s /= Void then
-					l_contact_email := utf.utf_32_string_to_utf_8_string_8 (s)
+					l_contact_email := cms_api.utf_8_encoded (s)
 				end
 				s := cfg.text_item ("subject_register")
 				if s /= Void then
-					l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
+					l_subject_register := cms_api.utf_8_encoded (s)
 				end
 				s := cfg.text_item ("subject_activate")
 				if s /= Void then
-					l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
+					l_subject_register := cms_api.utf_8_encoded (s)
 				end
 				s := cfg.text_item ("subject_password")
 				if s /= Void then
-					l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
+					l_subject_register := cms_api.utf_8_encoded (s)
 				end
 				s := cfg.text_item ("subject_oauth")
 				if s /= Void then
-					l_subject_oauth := utf.utf_32_string_to_utf_8_string_8 (s)
+					l_subject_oauth := cms_api.utf_8_encoded (s)
 				end
 			end
 			if l_contact_email = Void then

modules/auth/cms_authentication_module.e

@@ -65,6 +65,7 @@ feature -- Access
 			Result.force ("account reject")
 			Result.force ("account reactivate")
 			Result.force ("change own username")
+			Result.force ("view user")
 		end
 
 feature {CMS_EXECUTION} -- Administration
@@ -123,6 +124,8 @@ feature -- Router
 			a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password(a_api, ?, ?)), a_router.methods_get_post)
 			a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password(a_api, ?, ?)), a_router.methods_get_post)
 			a_router.handle ("/account/change/{field}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_change_field (a_api, ?, ?)), a_router.methods_get_post)
+
+			a_router.handle ("/user/{uid}", create {CMS_USER_HANDLER}.make (a_api), a_router.methods_get)
 		end
 
 feature -- Hooks configuration
@@ -382,7 +385,7 @@ feature -- Handler
 								l_exist := True
 							end
 							if attached recaptcha_secret_key (api) as l_recaptcha_key then
-								if attached {WSF_STRING} req.form_parameter ("g-recaptcha-response") as l_recaptcha_response and then is_captcha_verified (l_recaptcha_key, l_recaptcha_response.value) then
+								if attached {WSF_STRING} req.form_parameter ("g-recaptcha-response") as l_recaptcha_response and then is_captcha_verified (l_recaptcha_key, l_recaptcha_response.url_encoded_value) then
 									l_captcha_passed := True
 								else
 										--| Bad or missing captcha
@@ -428,15 +431,13 @@ feature -- Handler
 							r.set_status_code ({HTTP_CONSTANTS}.bad_request)
 						end
 					else
-						create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
-						r.set_main_content ("There were issue with your application, invalid or missing values.")
+						api.response_api.send_bad_request ("There were issue with your application, invalid or missing values.", req, res)
 					end
 				end
+				r.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-				r.set_main_content ("You can also contact the webmaster to ask for an account.")
+				api.response_api.send_permissions_access_denied ("You can also contact the webmaster to ask for an account.", Void, req, res)
 			end
-			r.execute
 		end
 
 	handle_activation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -500,8 +501,7 @@ feature -- Handler
 					l_ir.execute
 				end
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-				r.execute
+				api.response_api.send_access_denied (Void, req, res)
 			end
 		end
 
@@ -536,8 +536,7 @@ feature -- Handler
 					l_ir.execute
 				end
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-				r.execute
+				api.response_api.send_access_denied (Void, req, res)
 			end
 		end
 
@@ -551,8 +550,8 @@ feature -- Handler
 			l_url_reject: STRING
 			l_email: READABLE_STRING_8
 		do
-			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			if r.has_permission ("account reactivate") then
+			if api.has_permission ("account reactivate") then
+				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
 				if req.is_post_request_method then
 					if attached {WSF_STRING} req.form_parameter ("email") as p_email then
 						if p_email.value.is_valid_as_string_8 then
@@ -587,11 +586,10 @@ feature -- Handler
 						end
 					end
 				end
-			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
 				r.execute
+			else
+				api.response_api.send_access_denied (Void, req, res)
 			end
-			r.execute
 		end
 
 	handle_new_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -700,7 +698,7 @@ feature -- Handler
 				l_fieldname := p_field.url_encoded_value
 			end
 			if l_fieldname = Void then
-				create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
+				api.response_api.send_bad_request (Void, req, res)
 			else
 				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
 
@@ -814,8 +812,8 @@ feature -- Handler
 					end
 					r.set_main_content (b)
 				end
+				r.execute
 			end
-			r.execute
 		end
 
 	block_list: ITERABLE [like {CMS_BLOCK}.name]
@@ -1118,36 +1116,30 @@ feature -- Access: configuration
 
 	form_registration_application_description (api: CMS_API): detachable READABLE_STRING_8
 			-- Get recaptcha security key.
-		local
-			utf: UTF_CONVERTER
 		do
 			if attached api.module_configuration (Current, Void) as cfg then
 				if attached cfg.text_item ("forms.registration.application_description") as l_desc and then not l_desc.is_whitespace then
-					Result := utf.utf_32_string_to_utf_8_string_8 (l_desc)
+					Result := api.utf_8_encoded (l_desc)
 				end
 			end
 		end
 
 	recaptcha_secret_key (api: CMS_API): detachable READABLE_STRING_8
 			-- Get recaptcha security key.
-		local
-			utf: UTF_CONVERTER
 		do
 			if attached api.module_configuration (Current, Void) as cfg then
 				if attached cfg.text_item ("recaptcha.secret_key") as l_recaptcha_key and then not l_recaptcha_key.is_empty then
-					Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
+					Result := api.utf_8_encoded (l_recaptcha_key)
 				end
 			end
 		end
 
 	recaptcha_site_key (api: CMS_API): detachable READABLE_STRING_8
 			-- Get recaptcha security key.
-		local
-			utf: UTF_CONVERTER
 		do
 			if attached api.module_configuration (Current, Void) as cfg then
 				if attached cfg.text_item ("recaptcha.site_key") as l_recaptcha_key and then not l_recaptcha_key.is_empty then
-					Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
+					Result := api.utf_8_encoded (l_recaptcha_key)
 				end
 			end
 		end

modules/auth/cms_authentication_module_administration.e

@@ -54,9 +54,8 @@ feature -- Request handling
 				-- get them from the configuration file and load them into
 				-- the setup class.
 
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
 			if
-				l_response.has_permission ("admin registration")
+				api.has_permission ("admin registration")
 			then
 				l_user_api := api.user_api
 
@@ -127,7 +126,7 @@ feature -- Request handling
 				l_response.set_main_content (s)
 				l_response.execute
 			else
-				l_response.execute
+				api.response_api.send_access_denied (Void, req, res)
 			end
 		end
 

modules/auth/cms_user_handler.e

@@ -0,0 +1,103 @@
+note
+	description: "[
+		Handler for a CMS user in the CMS interface
+	]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_USER_HANDLER
+
+inherit
+	CMS_HANDLER
+
+	WSF_URI_HANDLER
+		rename
+			execute as uri_execute,
+			new_mapping as new_uri_mapping
+		end
+
+	WSF_URI_TEMPLATE_HANDLER
+		rename
+			execute as uri_template_execute,
+			new_mapping as new_uri_template_mapping
+		select
+			new_uri_template_mapping
+		end
+
+	WSF_RESOURCE_HANDLER_HELPER
+		redefine
+			do_get
+		end
+
+	REFACTORING_HELPER
+
+create
+	make
+
+feature -- execute
+
+	execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute request handler
+		do
+			execute_methods (req, res)
+		end
+
+	uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute request handler
+		do
+			execute (req, res)
+		end
+
+	uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute request handler
+		do
+			execute (req, res)
+		end
+
+feature -- Query
+
+	user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
+			-- User id passed as path parameter for request `req'.
+		local
+			s: STRING
+		do
+			if attached {WSF_STRING} req.path_parameter ("uid") as p_nid then
+				s := p_nid.value
+				if s.is_integer_64 then
+					Result := s.to_integer_64
+				end
+			end
+		end
+
+feature -- HTTP Methods
+
+	do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- <Precursor>
+		local
+			l_user: detachable CMS_USER
+			l_uid: INTEGER_64
+			view_response: CMS_USER_VIEW_RESPONSE
+		do
+			if api.has_permission ("view user") then
+					-- Display existing node
+				l_uid := user_id_path_parameter (req)
+				if l_uid > 0 then
+					l_user := api.user_api.user_by_id (l_uid)
+					if
+						l_user /= Void
+					then
+						create view_response.make (req, res, api)
+						view_response.execute
+					else
+						send_not_found (req, res)
+					end
+				else
+					send_bad_request (req, res)
+				end
+			else
+				send_access_denied (req, res)
+			end
+		end
+
+end

modules/auth/cms_user_view_response.e

@@ -0,0 +1,103 @@
+note
+	description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_USER_VIEW_RESPONSE
+
+inherit
+	CMS_RESPONSE
+
+create
+	make
+
+feature -- Query
+
+	user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
+			-- User id passed as path parameter for request `req'.
+		local
+			s: STRING
+		do
+			if attached {WSF_STRING} req.path_parameter ("uid") as p_nid then
+				s := p_nid.value
+				if s.is_integer_64 then
+					Result := s.to_integer_64
+				end
+			end
+		end
+
+feature -- Process
+
+	process
+			-- Computed response message.
+		local
+			b: STRING_8
+			uid: INTEGER_64
+			user_api: CMS_USER_API
+			f: CMS_FORM
+		do
+			user_api := api.user_api
+			create b.make_empty
+			uid := user_id_path_parameter (request)
+			if
+				uid > 0 and then
+				attached user_api.user_by_id (uid) as l_user
+			then
+				if
+					api.has_permission ("view user")
+					or l_user.same_as (user) -- Same user
+				then
+					f := new_view_form (l_user, request.request_uri, "view-user")
+					f.append_to_html (wsf_theme, b)
+				else
+					b.append ("You don't have the permission to view this user!")
+				end
+			else
+				b.append ("User not found!")
+			end
+			set_main_content (b)
+		end
+
+feature -- Process Edit
+
+	new_view_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING): CMS_FORM
+			-- Create a web form named `a_name' for user `a_user' (if set), using form action url `a_url'.
+		local
+			th: WSF_FORM_HIDDEN_INPUT
+		do
+			create Result.make (a_url, a_name)
+
+			create th.make ("user-id")
+			if a_user /= Void then
+				th.set_text_value (a_user.id.out)
+			else
+				th.set_text_value ("0")
+			end
+			Result.extend (th)
+
+			populate_form (Result, a_user)
+		end
+
+	populate_form (a_form: WSF_FORM; a_user: detachable CMS_USER)
+			-- Fill the web form `a_form' with data from `a_node' if set,
+			-- and apply this to content type `a_content_type'.
+		local
+			ti: WSF_FORM_TEXT_INPUT
+			fs: WSF_FORM_FIELD_SET
+		do
+			if a_user /= Void then
+				create fs.make
+				fs.set_legend ("User Information")
+				create ti.make_with_text ("profile_name", a_user.name)
+				if attached a_user.profile_name as l_profile_name then
+					ti.set_text_value (l_profile_name)
+				end
+				ti.set_label ("Profile name")
+				ti.set_is_readonly (True)
+				fs.extend (ti)
+				a_form.extend (fs)
+			end
+		end
+
+end