Removed obsolete calls, harmonized predefine response, added non admin user pages.
When access is denied, also provide when possible and wanted, the needed
permissions so that in the future, user will be able to ask for
permission easily.
Renamed previous user handlers as admin user handlers.
Added non admin user handler /user/{uid} .
Add new `send_...` response to `CMS_API.response_api`, and use them
instead of `create {...RESPONSE}.... ; execute`.
Fixed potential issue with storage mailer initialization if folder does
not exist.
Added utf_8_encoded helpers function on CMS_API interface.
Fixed a few unicode potential issues.
Removed a few obsolete calls.
This commit is contained in:
Jocelyn Fiat
@@ -140,8 +140,8 @@ feature -- Handler
|
||||
do
|
||||
check req.is_get_request_method end
|
||||
if not api.has_permission (browse_files_permission) then
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
r.add_error_message ("You are not allowed to browse CMS files!")
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<browse_files_permission>>)
|
||||
r.add_error_message ("You are not allowed to browse files!")
|
||||
elseif attached {WSF_STRING} req.path_parameter ("filename") as p_filename then
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
|
||||
@@ -276,7 +276,7 @@ feature -- Handler
|
||||
body.append ("<form action=%"" + r.url (uploads_location, Void) + "%" class=%"dropzone%">")
|
||||
body.append ("</form>%N")
|
||||
|
||||
body.append ("<a href=%""+ r.url (uploads_location, Void) +"?basic_upload=yes%">Use basic file uploading.</a>%N")
|
||||
body.append ("<a href=%""+ r.url (uploads_location, Void) + "?basic_upload=yes%">Use basic file uploading.</a>%N")
|
||||
end
|
||||
body.append ("</div>")
|
||||
end
|
||||
@@ -284,15 +284,15 @@ feature -- Handler
|
||||
if req.is_get_head_request_method then
|
||||
-- Build the response.
|
||||
if r.has_permission (browse_files_permission) then
|
||||
body.append ("<br/><div class=%"center%"><a class=%"button%" href=%""+ r.url (uploads_location, Void) +"%">Refresh uploaded</a></div>")
|
||||
body.append ("<br/><div class=%"center%"><a class=%"button%" href=%"" + r.url (uploads_location, Void) + "%">Refresh uploaded</a></div>")
|
||||
|
||||
append_uploaded_file_album_to (req, api, body)
|
||||
else
|
||||
r.add_warning_message ("You are not allowed to browse files!")
|
||||
end
|
||||
end
|
||||
|
||||
r.set_main_content (body)
|
||||
r.execute
|
||||
elseif req.is_post_request_method then
|
||||
if api.has_permission (upload_files_permission) then
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
@@ -305,14 +305,13 @@ feature -- Handler
|
||||
r.set_redirection (r.url (uploads_location, Void))
|
||||
end
|
||||
r.set_main_content (body)
|
||||
r.execute
|
||||
else
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
r.set_main_content ("You are not allowed to upload file!")
|
||||
api.response_api.send_permissions_access_denied ("You are not allowed to upload file!", <<upload_files_permission>>, req, res)
|
||||
end
|
||||
else
|
||||
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
api.response_api.send_bad_request (Void, req, res)
|
||||
end
|
||||
r.execute
|
||||
end
|
||||
|
||||
process_uploaded_files (req: WSF_REQUEST; api: CMS_API; a_output: STRING)
|
||||
@@ -472,7 +471,7 @@ feature -- Handler
|
||||
do
|
||||
if attached files_api as l_files_api then
|
||||
if not api.has_permission (admin_files_permission) then
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<admin_files_permission>>)
|
||||
r.add_error_message ("You are not allowed to remove file!")
|
||||
elseif attached {WSF_STRING} req.path_parameter ("filename") as p_filename then
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
|
||||
@@ -83,14 +83,16 @@ feature -- Element change
|
||||
-- sets `a_number' after the name. This is done when the file was already uploaded
|
||||
local
|
||||
position: INTEGER_32
|
||||
new_name: STRING_8
|
||||
new_name: STRING_32
|
||||
l_uploaded_file_string_representation: READABLE_STRING_32
|
||||
do
|
||||
position := uploaded_file.string_representation.index_of ('.', 1)
|
||||
l_uploaded_file_string_representation := uploaded_file.string_representation
|
||||
position := l_uploaded_file_string_representation.index_of ('.', 1)
|
||||
create new_name.make_empty
|
||||
|
||||
new_name := uploaded_file.string_representation.head (position-1)
|
||||
new_name.append ("_(" + a_number.out + ")")
|
||||
new_name.append (uploaded_file.string_representation.substring (position, uploaded_file.string_representation.count))
|
||||
new_name := l_uploaded_file_string_representation.head (position-1)
|
||||
new_name.append_string_general ("_(" + a_number.out + ")")
|
||||
new_name.append (l_uploaded_file_string_representation.substring (position, l_uploaded_file_string_representation.count))
|
||||
|
||||
location := uploads_directory.extended (new_name)
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user