diff --git a/library/persistence/sqlite/src/cms_storage_sqlite_builder.e b/library/persistence/sqlite/src/cms_storage_sqlite_builder.e index fa60c92..c5ead60 100644 --- a/library/persistence/sqlite/src/cms_storage_sqlite_builder.e +++ b/library/persistence/sqlite/src/cms_storage_sqlite_builder.e @@ -59,8 +59,8 @@ feature -- Factory a_storage.save_user_role (r) create r.make ("authenticated") r.add_permission ("create page") - r.add_permission ("edit page") - r.add_permission ("delete page") + r.add_permission ("edit own page") + r.add_permission ("delete own page") a_storage.save_user_role (r) @@ -77,6 +77,12 @@ feature -- Factory u.set_password ("enticated#") u.set_email (a_setup.site_email) u.set_roles (l) + a_storage.new_user (u) + + create u.make ("test") + u.set_password ("test#") + u.set_email (a_setup.site_email) + u.set_roles (l) a_storage.new_user (u) -- Roles, view role for testing. diff --git a/modules/node/cms_node_api.e b/modules/node/cms_node_api.e index 9fb2370..af5946c 100644 --- a/modules/node/cms_node_api.e +++ b/modules/node/cms_node_api.e @@ -249,6 +249,26 @@ feature -- Access: Node end end + user_is_node_owner (u: READABLE_STRING_32; nid: INTEGER_64): BOOLEAN + -- Is the user `u' owner of the node `n'. + do + if attached {CMS_USER} node_storage.node_author (nid) as l_user then + Result := l_user.name.is_case_insensitive_equal (u) + end + end + +feature -- Permission Scope: Node + + permission_scope (u: detachable READABLE_STRING_32; nid: INTEGER_64): STRING + -- Result 'own' if the user `u' is the owner of the node `nid', in other case + -- `any'. + do + Result := "any" + if attached u as l_u and then user_is_node_owner (l_u, nid) then + Result := "own" + end + end + feature -- Change: Node save_node (a_node: CMS_NODE) @@ -279,6 +299,18 @@ feature -- Change: Node node_storage.update_node (a_node) end + +feature -- Node status + + Not_published: INTEGER = 1 + -- The node is not published. + + Published: INTEGER = 2 + -- The node is published. + + Trashed: INTEGER = 3 + -- The node is trashed (soft delete), ready to be deleted (physical). + -- update_node_title (a_user_id: like {CMS_USER}.id; a_node_id: like {CMS_NODE}.id; a_title: READABLE_STRING_32) -- -- Update node title, with user identified by `a_id', with node id `a_node_id' and a new title `a_title'. -- do diff --git a/modules/node/content/cms_node.e b/modules/node/content/cms_node.e index 6be1f50..559c32f 100644 --- a/modules/node/content/cms_node.e +++ b/modules/node/content/cms_node.e @@ -81,8 +81,8 @@ feature -- Access end status: INTEGER - -- Associated status for the current node - -- [{1,Not_Published}, {2, Published}, {3, Trash}] + -- Associated status for the current node. + -- [{0,Not_Published}, {1, Published}, {2, Trash}] feature -- Access @@ -218,34 +218,34 @@ feature -- Element change end mark_not_published - -- Set status to not_published + -- Set status to not_published. do - set_status ({CMS_NODE_CONSTANTS}.not_published) + set_status ({CMS_NODE_API}.not_published) ensure - status_not_published: status = {CMS_NODE_CONSTANTS}.not_published + status_not_published: status = {CMS_NODE_API}.not_published end mark_published - -- Set status to published + -- Set status to published. do - set_status ({CMS_NODE_CONSTANTS}.published) + set_status ({CMS_NODE_API}.published) ensure - status_published: status = {CMS_NODE_CONSTANTS}.published + status_published: status = {CMS_NODE_API}.published end mark_trash -- Set status to published do - set_status ({CMS_NODE_CONSTANTS}.trash) + set_status ({CMS_NODE_API}.trashed) ensure - status_trash: status = {CMS_NODE_CONSTANTS}.trash + status_trash: status = {CMS_NODE_API}.trashed end -feature {NONE} -- Implementation +feature {CMS_NODE_STORAGE_I} -- Selective Export set_status (a_status: like status) - -- Assign `status' with `a_status' + -- Assign `status' with `a_status'. do status := a_status ensure diff --git a/modules/node/content/cms_node_constants.e b/modules/node/content/cms_node_constants.e deleted file mode 100644 index 3f2ba69..0000000 --- a/modules/node/content/cms_node_constants.e +++ /dev/null @@ -1,17 +0,0 @@ -note - description: "Node Status Not-Published, Published and Trash" - date: "$Date$" - revision: "$Revision$" - -class - CMS_NODE_CONSTANTS - -Feature - - Not_published: INTEGER = 1 - - Published: INTEGER = 2 - - Trash: INTEGER = 3 - -end diff --git a/modules/node/handler/node_form_response.e b/modules/node/handler/node_form_response.e index f1e2f72..7ce134b 100644 --- a/modules/node/handler/node_form_response.e +++ b/modules/node/handler/node_form_response.e @@ -48,7 +48,7 @@ feature -- Execution attached node_api.node (nid) as l_node then if attached node_api.node_type_for (l_node) as l_type then - if has_permission ("edit " + l_type.name) then + if has_permission ("edit " + node_api.permission_scope (current_user_name (request), nid) + " " + l_type.name) then f := edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type) if request.is_post_request_method then f.validation_actions.extend (agent edit_form_validate (?, b)) @@ -82,7 +82,7 @@ feature -- Execution attached {WSF_STRING} request.path_parameter ("type") as p_type and then attached node_api.node_type (p_type.value) as l_type then - if has_permission ("create " + l_type.name) then + if has_permission ("create " + l_type.name) then if attached l_type.new_node (Void) as l_node then f := edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type) if request.is_post_request_method then @@ -231,6 +231,9 @@ feature -- Form if a_node /= Void and then a_node.id > 0 and then has_permission ("delete " + a_name) then create ts.make ("op") ts.set_default_value ("Delete") + fixme ("[ + ts.set_default_value (i18n ("Delete"))i18n or other name such as "translated" or "translation + ]") f.extend (ts) end diff --git a/modules/node/handler/node_handler.e b/modules/node/handler/node_handler.e index 4f60c7a..2cb013a 100644 --- a/modules/node/handler/node_handler.e +++ b/modules/node/handler/node_handler.e @@ -150,7 +150,7 @@ feature -- HTTP Methods l_id.is_integer and then attached node_api.node (l_id.integer_value) as l_node then - if api.user_has_permission (l_user, "delete " + l_node.content_type) then + if api.user_has_permission (l_user, "delete " + node_api.permission_scope (current_user_name (req), l_id.integer_value) + " " + l_node.content_type) then node_api.delete_node (l_node) res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url (""))) else diff --git a/modules/node/persistence/cms_node_storage_sql.e b/modules/node/persistence/cms_node_storage_sql.e index fb2d114..1d30306 100644 --- a/modules/node/persistence/cms_node_storage_sql.e +++ b/modules/node/persistence/cms_node_storage_sql.e @@ -108,8 +108,8 @@ feature -- Access error_handler.reset write_information_log (generator + ".node_author") create l_parameters.make (1) - l_parameters.put (a_id, "node_id") - sql_query (select_node_author, l_parameters) + l_parameters.put (a_id, "nid") + sql_query (Select_user_author, l_parameters) if sql_rows_count >= 1 then Result := fetch_author end @@ -152,7 +152,7 @@ feature -- Change: Node error_handler.reset create l_parameters.make (1) l_parameters.put (l_time, "changed") - l_parameters.put ({CMS_NODE_CONSTANTS}.trash, "status") + l_parameters.put ({CMS_NODE_API}.trashed, "status") l_parameters.put (a_id, "nid") sql_change (sql_delete_node, l_parameters) end @@ -267,10 +267,13 @@ feature {NONE} -- Queries sql_select_nodes_count: STRING = "SELECT count(*) FROM Nodes WHERE status != 3;" -- Nodes count (Published and not Published) + -- {CMS_NODE_API}.not_published -- TODO: add queries to retrieve published_nodes_count, no_published_nodes_count. etc + sql_select_nodes: STRING = "SELECT * FROM Nodes WHERE status != 3;" -- SQL Query to retrieve all nodes. + -- {CMS_NODE_API}.not_published sql_select_node_by_id: STRING = "SELECT nid, revision, type, title, summary, content, format, author, publish, created, changed, status FROM Nodes WHERE nid =:nid ORDER BY revision desc, publish desc LIMIT 1;" @@ -302,7 +305,7 @@ feature {NONE} -- Queries feature {NONE} -- Sql Queries: USER_ROLES collaborators, author - Select_user_author: STRING = "SELECT uid, name, password, salt, email, status, created, signed FROM Nodes INNER JOIN users ON nodes.author=users.uid AND users.uid = :uid;" + Select_user_author: STRING = "SELECT uid, name, password, salt, email, users.status, users.created, signed FROM Nodes INNER JOIN users ON nodes.author=users.uid AND nodes.nid = :nid;" Select_node_author: STRING = "SELECT nid, revision, type, title, summary, content, format, author, publish, created, changed FROM users INNER JOIN nodes ON nodes.author=users.uid AND nodes.nid =:nid;" @@ -344,14 +347,7 @@ feature {NONE} -- Implementation Result.set_modification_date (l_modif_date) end if attached sql_read_integer_32 (12) as l_status then - inspect l_status - when {CMS_NODE_CONSTANTS}.not_published then - Result.mark_not_published - when {CMS_NODE_CONSTANTS}.published then - Result.mark_published - when {CMS_NODE_CONSTANTS}.trash then - Result.mark_trash - end + Result.set_status (l_status) end end end diff --git a/src/service/response/cms_response.e b/src/service/response/cms_response.e index 13db564..d710b0e 100644 --- a/src/service/response/cms_response.e +++ b/src/service/response/cms_response.e @@ -182,6 +182,7 @@ feature -- Permission has_permission (a_permission: READABLE_STRING_GENERAL): BOOLEAN -- Does current user has permission `a_permission' ? do + api.logger.put_information (generator + ".has_permission", a_permission) Result := user_has_permission (current_user (request), a_permission) end