Updated CMS_NODE_API, with status, not_published, published and trashed.
Removed class cms_node_constants. Updated Form response to use permission scopes. Updated sqlquery to retrieve user author. Added logger info in cms_response
This commit is contained in:
jvelilla
@@ -59,8 +59,8 @@ feature -- Factory
|
||||
a_storage.save_user_role (r)
|
||||
create r.make ("authenticated")
|
||||
r.add_permission ("create page")
|
||||
r.add_permission ("edit page")
|
||||
r.add_permission ("delete page")
|
||||
r.add_permission ("edit own page")
|
||||
r.add_permission ("delete own page")
|
||||
a_storage.save_user_role (r)
|
||||
|
||||
|
||||
@@ -77,6 +77,12 @@ feature -- Factory
|
||||
u.set_password ("enticated#")
|
||||
u.set_email (a_setup.site_email)
|
||||
u.set_roles (l)
|
||||
a_storage.new_user (u)
|
||||
|
||||
create u.make ("test")
|
||||
u.set_password ("test#")
|
||||
u.set_email (a_setup.site_email)
|
||||
u.set_roles (l)
|
||||
a_storage.new_user (u)
|
||||
|
||||
-- Roles, view role for testing.
|
||||
|
||||
@@ -249,6 +249,26 @@ feature -- Access: Node
|
||||
end
|
||||
end
|
||||
|
||||
user_is_node_owner (u: READABLE_STRING_32; nid: INTEGER_64): BOOLEAN
|
||||
-- Is the user `u' owner of the node `n'.
|
||||
do
|
||||
if attached {CMS_USER} node_storage.node_author (nid) as l_user then
|
||||
Result := l_user.name.is_case_insensitive_equal (u)
|
||||
end
|
||||
end
|
||||
|
||||
feature -- Permission Scope: Node
|
||||
|
||||
permission_scope (u: detachable READABLE_STRING_32; nid: INTEGER_64): STRING
|
||||
-- Result 'own' if the user `u' is the owner of the node `nid', in other case
|
||||
-- `any'.
|
||||
do
|
||||
Result := "any"
|
||||
if attached u as l_u and then user_is_node_owner (l_u, nid) then
|
||||
Result := "own"
|
||||
end
|
||||
end
|
||||
|
||||
feature -- Change: Node
|
||||
|
||||
save_node (a_node: CMS_NODE)
|
||||
@@ -279,6 +299,18 @@ feature -- Change: Node
|
||||
node_storage.update_node (a_node)
|
||||
end
|
||||
|
||||
|
||||
feature -- Node status
|
||||
|
||||
Not_published: INTEGER = 1
|
||||
-- The node is not published.
|
||||
|
||||
Published: INTEGER = 2
|
||||
-- The node is published.
|
||||
|
||||
Trashed: INTEGER = 3
|
||||
-- The node is trashed (soft delete), ready to be deleted (physical).
|
||||
|
||||
-- update_node_title (a_user_id: like {CMS_USER}.id; a_node_id: like {CMS_NODE}.id; a_title: READABLE_STRING_32)
|
||||
-- -- Update node title, with user identified by `a_id', with node id `a_node_id' and a new title `a_title'.
|
||||
-- do
|
||||
|
||||
@@ -81,8 +81,8 @@ feature -- Access
|
||||
end
|
||||
|
||||
status: INTEGER
|
||||
-- Associated status for the current node
|
||||
-- [{1,Not_Published}, {2, Published}, {3, Trash}]
|
||||
-- Associated status for the current node.
|
||||
-- [{0,Not_Published}, {1, Published}, {2, Trash}]
|
||||
|
||||
feature -- Access
|
||||
|
||||
@@ -218,34 +218,34 @@ feature -- Element change
|
||||
end
|
||||
|
||||
mark_not_published
|
||||
-- Set status to not_published
|
||||
-- Set status to not_published.
|
||||
do
|
||||
set_status ({CMS_NODE_CONSTANTS}.not_published)
|
||||
set_status ({CMS_NODE_API}.not_published)
|
||||
ensure
|
||||
status_not_published: status = {CMS_NODE_CONSTANTS}.not_published
|
||||
status_not_published: status = {CMS_NODE_API}.not_published
|
||||
end
|
||||
|
||||
mark_published
|
||||
-- Set status to published
|
||||
-- Set status to published.
|
||||
do
|
||||
set_status ({CMS_NODE_CONSTANTS}.published)
|
||||
set_status ({CMS_NODE_API}.published)
|
||||
ensure
|
||||
status_published: status = {CMS_NODE_CONSTANTS}.published
|
||||
status_published: status = {CMS_NODE_API}.published
|
||||
end
|
||||
|
||||
mark_trash
|
||||
-- Set status to published
|
||||
do
|
||||
set_status ({CMS_NODE_CONSTANTS}.trash)
|
||||
set_status ({CMS_NODE_API}.trashed)
|
||||
ensure
|
||||
status_trash: status = {CMS_NODE_CONSTANTS}.trash
|
||||
status_trash: status = {CMS_NODE_API}.trashed
|
||||
end
|
||||
|
||||
|
||||
feature {NONE} -- Implementation
|
||||
feature {CMS_NODE_STORAGE_I} -- Selective Export
|
||||
|
||||
set_status (a_status: like status)
|
||||
-- Assign `status' with `a_status'
|
||||
-- Assign `status' with `a_status'.
|
||||
do
|
||||
status := a_status
|
||||
ensure
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
note
|
||||
description: "Node Status Not-Published, Published and Trash"
|
||||
date: "$Date$"
|
||||
revision: "$Revision$"
|
||||
|
||||
class
|
||||
CMS_NODE_CONSTANTS
|
||||
|
||||
Feature
|
||||
|
||||
Not_published: INTEGER = 1
|
||||
|
||||
Published: INTEGER = 2
|
||||
|
||||
Trash: INTEGER = 3
|
||||
|
||||
end
|
||||
@@ -48,7 +48,7 @@ feature -- Execution
|
||||
attached node_api.node (nid) as l_node
|
||||
then
|
||||
if attached node_api.node_type_for (l_node) as l_type then
|
||||
if has_permission ("edit " + l_type.name) then
|
||||
if has_permission ("edit " + node_api.permission_scope (current_user_name (request), nid) + " " + l_type.name) then
|
||||
f := edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
|
||||
if request.is_post_request_method then
|
||||
f.validation_actions.extend (agent edit_form_validate (?, b))
|
||||
@@ -82,7 +82,7 @@ feature -- Execution
|
||||
attached {WSF_STRING} request.path_parameter ("type") as p_type and then
|
||||
attached node_api.node_type (p_type.value) as l_type
|
||||
then
|
||||
if has_permission ("create " + l_type.name) then
|
||||
if has_permission ("create " + l_type.name) then
|
||||
if attached l_type.new_node (Void) as l_node then
|
||||
f := edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
|
||||
if request.is_post_request_method then
|
||||
@@ -231,6 +231,9 @@ feature -- Form
|
||||
if a_node /= Void and then a_node.id > 0 and then has_permission ("delete " + a_name) then
|
||||
create ts.make ("op")
|
||||
ts.set_default_value ("Delete")
|
||||
fixme ("[
|
||||
ts.set_default_value (i18n ("Delete"))i18n or other name such as "translated" or "translation
|
||||
]")
|
||||
f.extend (ts)
|
||||
end
|
||||
|
||||
|
||||
@@ -150,7 +150,7 @@ feature -- HTTP Methods
|
||||
l_id.is_integer and then
|
||||
attached node_api.node (l_id.integer_value) as l_node
|
||||
then
|
||||
if api.user_has_permission (l_user, "delete " + l_node.content_type) then
|
||||
if api.user_has_permission (l_user, "delete " + node_api.permission_scope (current_user_name (req), l_id.integer_value) + " " + l_node.content_type) then
|
||||
node_api.delete_node (l_node)
|
||||
res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url ("")))
|
||||
else
|
||||
|
||||
@@ -108,8 +108,8 @@ feature -- Access
|
||||
error_handler.reset
|
||||
write_information_log (generator + ".node_author")
|
||||
create l_parameters.make (1)
|
||||
l_parameters.put (a_id, "node_id")
|
||||
sql_query (select_node_author, l_parameters)
|
||||
l_parameters.put (a_id, "nid")
|
||||
sql_query (Select_user_author, l_parameters)
|
||||
if sql_rows_count >= 1 then
|
||||
Result := fetch_author
|
||||
end
|
||||
@@ -152,7 +152,7 @@ feature -- Change: Node
|
||||
error_handler.reset
|
||||
create l_parameters.make (1)
|
||||
l_parameters.put (l_time, "changed")
|
||||
l_parameters.put ({CMS_NODE_CONSTANTS}.trash, "status")
|
||||
l_parameters.put ({CMS_NODE_API}.trashed, "status")
|
||||
l_parameters.put (a_id, "nid")
|
||||
sql_change (sql_delete_node, l_parameters)
|
||||
end
|
||||
@@ -267,10 +267,13 @@ feature {NONE} -- Queries
|
||||
|
||||
sql_select_nodes_count: STRING = "SELECT count(*) FROM Nodes WHERE status != 3;"
|
||||
-- Nodes count (Published and not Published)
|
||||
-- {CMS_NODE_API}.not_published
|
||||
-- TODO: add queries to retrieve published_nodes_count, no_published_nodes_count. etc
|
||||
|
||||
|
||||
sql_select_nodes: STRING = "SELECT * FROM Nodes WHERE status != 3;"
|
||||
-- SQL Query to retrieve all nodes.
|
||||
-- {CMS_NODE_API}.not_published
|
||||
|
||||
sql_select_node_by_id: STRING = "SELECT nid, revision, type, title, summary, content, format, author, publish, created, changed, status FROM Nodes WHERE nid =:nid ORDER BY revision desc, publish desc LIMIT 1;"
|
||||
|
||||
@@ -302,7 +305,7 @@ feature {NONE} -- Queries
|
||||
|
||||
feature {NONE} -- Sql Queries: USER_ROLES collaborators, author
|
||||
|
||||
Select_user_author: STRING = "SELECT uid, name, password, salt, email, status, created, signed FROM Nodes INNER JOIN users ON nodes.author=users.uid AND users.uid = :uid;"
|
||||
Select_user_author: STRING = "SELECT uid, name, password, salt, email, users.status, users.created, signed FROM Nodes INNER JOIN users ON nodes.author=users.uid AND nodes.nid = :nid;"
|
||||
|
||||
Select_node_author: STRING = "SELECT nid, revision, type, title, summary, content, format, author, publish, created, changed FROM users INNER JOIN nodes ON nodes.author=users.uid AND nodes.nid =:nid;"
|
||||
|
||||
@@ -344,14 +347,7 @@ feature {NONE} -- Implementation
|
||||
Result.set_modification_date (l_modif_date)
|
||||
end
|
||||
if attached sql_read_integer_32 (12) as l_status then
|
||||
inspect l_status
|
||||
when {CMS_NODE_CONSTANTS}.not_published then
|
||||
Result.mark_not_published
|
||||
when {CMS_NODE_CONSTANTS}.published then
|
||||
Result.mark_published
|
||||
when {CMS_NODE_CONSTANTS}.trash then
|
||||
Result.mark_trash
|
||||
end
|
||||
Result.set_status (l_status)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -182,6 +182,7 @@ feature -- Permission
|
||||
has_permission (a_permission: READABLE_STRING_GENERAL): BOOLEAN
|
||||
-- Does current user has permission `a_permission' ?
|
||||
do
|
||||
api.logger.put_information (generator + ".has_permission", a_permission)
|
||||
Result := user_has_permission (current_user (request), a_permission)
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user