Updated CMS_NODE_API, with status, not_published, published and trashed.

Removed class cms_node_constants. Updated Form response to use permission scopes. Updated sqlquery to retrieve user author. Added logger info in cms_response
2015-05-11 23:51:25 -03:00
parent e767e1bc47
commit b1988d5fe7
8 changed files with 67 additions and 46 deletions
--- a/modules/node/handler/node_form_response.e
+++ b/modules/node/handler/node_form_response.e
@@ -48,7 +48,7 @@ feature -- Execution
 				attached node_api.node (nid) as l_node
 			then
 				if attached node_api.node_type_for (l_node) as l_type then
-					if has_permission ("edit " + l_type.name) then
+					if has_permission ("edit " + node_api.permission_scope (current_user_name (request), nid) + " " +  l_type.name) then
 						f := edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
 						if request.is_post_request_method then
 							f.validation_actions.extend (agent edit_form_validate (?, b))
@@ -82,7 +82,7 @@ feature -- Execution
 				attached {WSF_STRING} request.path_parameter ("type") as p_type and then
 				attached node_api.node_type (p_type.value) as l_type
 			then
-				if has_permission ("create " + l_type.name) then
+				if has_permission ("create " +  l_type.name) then
 					if attached l_type.new_node (Void) as l_node then
 						f := edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
 						if request.is_post_request_method then
@@ -231,6 +231,9 @@ feature -- Form
 			if a_node /= Void and then a_node.id > 0 and then has_permission ("delete " + a_name) then
 				create ts.make ("op")
 				ts.set_default_value ("Delete")
+				fixme ("[
+					ts.set_default_value (i18n ("Delete"))i18n or other name such as "translated" or "translation
+					]")
 				f.extend (ts)
 			end

--- a/modules/node/handler/node_handler.e
+++ b/modules/node/handler/node_handler.e
@@ -150,7 +150,7 @@ feature -- HTTP Methods
 						l_id.is_integer and then
 						attached node_api.node (l_id.integer_value) as l_node
 					then
-						if api.user_has_permission (l_user, "delete " + l_node.content_type) then
+						if api.user_has_permission (l_user, "delete " + node_api.permission_scope (current_user_name (req), l_id.integer_value) + " " +  l_node.content_type) then
 							node_api.delete_node (l_node)
 							res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url ("")))
 						else