backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed and improved various issue in admin module (especially the Role editing which was not working as expected.)

Browse Source 
Added CMS_MODULE.permissions to allow module to declare the potential permissions.
Added support for CMS_LINK.is_forbidden, in relation with CMS_LOCAL_LINK.permission_arguments.
Split link "username (Logout)" into 2 links "username" and "logout".
Fixed/Changed the way auth modules alter the logout link based on "(Logout)" title, by safer solution based on `location' of the link.

Fixed usage of WSF_REQUEST.path_info by using percent_encoded_path_info which is not non unicode path info to be used most of the time.
Merged CMS_REPONSE.variables and CMS_REPONSE.values .
When possible, prefer usage of CMS_RESPONSE.user instead of CMS_REQUEST_UTIL.current_user (WSF_REQUEST) whenever it is possible.
When possible, prefer usage of CMS_RESPONSE.location, rather than usage of WSF_REQUEST.(percent_encoded_)path_info .
Code cleaning.
This commit is contained in:
Jocelyn FIAT
2015-08-04 12:48:14 +02:00
parent c271f839e2
commit bba1d57ce3
38 changed files with 497 additions and 594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/admin/handler/cms_admin_handler.e
View File

@@ -3,7 +3,7 @@ note
handler for CMS admin in the CMS interface.
TODO: implement REST API.
]" author: ""
]"
date: "$Date$"
revision: "$Revision$"
@@ -11,7 +11,6 @@ class
CMS_ADMIN_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
@@ -59,7 +58,6 @@ feature -- execute
execute (req, res)
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)

186
modules/admin/handler/cms_admin_response.e
View File

@@ -7,12 +7,10 @@ class
CMS_ADMIN_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
initialize
end
create
@@ -56,186 +54,4 @@ feature -- Process
set_main_content (b)
end
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
feature -- Admin: Add User Form
handle_admin_user_form
local
s: STRING
f: CMS_FORM
t: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
f_submit: WSF_FORM_SUBMIT_INPUT
do
create f.make (request.percent_encoded_path_info, {CMS_ADMIN_MODULE}.name )
create fs.make
fs.set_legend ("Create new user without password:")
create t.make_with_text ("username", "")
t.set_label ("User name")
t.enable_required
t.set_placeholder ("username")
fs.extend (t)
create fe.make_with_text ("email", "")
fe.set_label ("Email")
fe.set_placeholder ("valid email")
fs.extend (fe)
create f_submit.make_with_text ("op", "Create user")
fs.extend (f_submit)
create f_submit.make_with_text ("op", "Update user")
fs.extend (f_submit)
f.extend (fs)
if request.is_post_request_method then
create s.make_empty
f.validation_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API)
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if attached fd.string_item ("username") as l_username then
if attached ia_api.user_api.user_by_name (l_username) then
fd.report_invalid_field ("username", "Username already taken!")
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached ia_api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if ia_api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end(?, api)
)
f.submit_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API; a_output: STRING)
local
u: CMS_USER
l_roles: detachable LIST [CMS_USER_ROLE]
l_trusted_user_role: detachable CMS_USER_ROLE
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if
attached fd.string_item ("username") as l_username and then
attached fd.string_item ("email") as l_email and then
l_email.is_valid_as_string_8
then
create u.make (l_username)
u.set_email (l_email.as_string_8)
u.set_password (new_random_password (u))
ia_api.user_api.new_user (u)
if ia_api.user_api.has_error then
end
a_output.append ("<li>New user ["+ html_encoded (l_username) +"] created.</li>")
else
fd.report_invalid_field ("username", "Missing username!")
fd.report_invalid_field ("email", "Missing email address!")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if
attached fd.string_item ("username") as l_username and then
attached ia_api.user_api.user_by_name (l_username) as l_user
then
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role = Void then
create l_trusted_user_role.make ("trusted")
ia_api.user_api.save_user_role (l_trusted_user_role)
end
l_trusted_user_role.add_permission ("admin wdocs")
l_trusted_user_role.add_permission ("edit wdocs page")
l_trusted_user_role.add_permission ("create wdocs page")
l_trusted_user_role.add_permission ("delete wdocs page")
l_trusted_user_role.add_permission ("edit any wdocs page")
l_trusted_user_role.add_permission ("delete any wdocs page")
l_trusted_user_role.add_permission ("clear wdocs cache")
l_trusted_user_role.add_permission ("create page")
l_trusted_user_role.add_permission ("edit any page")
l_trusted_user_role.add_permission ("delete any page")
l_trusted_user_role.add_permission ("create blog")
l_trusted_user_role.add_permission ("edit any blog")
l_trusted_user_role.add_permission ("delete any blog")
l_trusted_user_role.add_permission ("edit any node")
l_trusted_user_role.add_permission ("delete any node")
ia_api.user_api.save_user_role (l_trusted_user_role)
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role /= Void then
u := l_user
ia_api.user_api.update_user (u)
l_roles := u.roles
if l_roles = Void then
create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1)
end
l_roles.force (l_trusted_user_role)
u.set_roles (l_roles)
ia_api.user_api.update_user (u)
a_output.append ("<li>User ["+ html_encoded (l_username) +"] updated.</li>")
else
a_output.append ("<li>User ["+ html_encoded (l_username) +"] NOT updated! [ERROR].</li>")
end
else
fd.report_invalid_field ("username", "User does not exist!")
end
end
end
end(?, api, s)
)
f.process (Current)
f.append_to_html (create {CMS_TO_WSF_THEME}.make (Current, Current.theme), s)
Current.set_main_content (s)
elseif request.is_get_head_request_method then
create s.make_empty
f.append_to_html (create {CMS_TO_WSF_THEME}.make (Current, Current.theme), s)
Current.set_main_content (s)
end
end
new_random_password (u: CMS_USER): STRING
-- Generate a new token activation token
local
l_token: STRING
l_security: SECURITY_PROVIDER
l_encode: URL_ENCODER
do
create l_security
l_token := l_security.token
create l_encode
from until l_token.same_string (l_encode.encoded_string (l_token)) loop
-- Loop ensure that we have a security token that does not contain characters that need encoding.
-- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
-- but the user will need to use an unencoded token if activation has to be done manually.
l_token := l_security.token
end
Result := l_token + url_encoded (u.name) + u.creation_date.out
end
end

3
modules/admin/handler/role/cms_admin_roles_handler.e
View File

@@ -83,7 +83,6 @@ feature -- HTTP Methods
l_response.set_title ("Listing " + l_count.out + " Role")
end
if attached user_api.roles as lst then
s.append ("<ul class=%"cms-roles%">%N")
across
@@ -92,7 +91,7 @@ feature -- HTTP Methods
u := ic.item
s.append ("<li class=%"cms_role%">")
s.append ("<a href=%"")
s.append (req.absolute_script_url ("/admin/role/"+u.id.out))
s.append (req.absolute_script_url ("/admin/role/" + u.id.out))
s.append ("%">")
s.append (u.name)
s.append ("</a>")

141
modules/admin/handler/role/cms_role_form_response.e
View File

@@ -7,12 +7,10 @@ class
CMS_ROLE_FORM_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
initialize
end
create
@@ -64,9 +62,9 @@ feature -- Process
if uid > 0 and then attached user_api.user_role_by_id (uid.to_integer) as l_role then
fixme ("Issues with WSD_FORM_DATA.apply_to_associated_form")
-- if we have a WSF_FORM_CHECKBOK_INPUT, cheked inputs, are not preserverd in case of error.
if request.path_info.ends_with_general ("/edit") then
if location.ends_with_general ("/edit") then
edit_form (l_role)
elseif request.path_info.ends_with_general ("/delete") then
elseif location.ends_with_general ("/delete") then
delete_form (l_role)
end
else
@@ -83,7 +81,7 @@ feature -- Process Edit
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_edit_form (a_role, url (request.path_info, Void), "edit-user")
f := new_edit_form (a_role, url (request.percent_encoded_path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent edit_form_validate(?,a_role, b))
@@ -116,7 +114,7 @@ feature -- Process Delete
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_delete_form (a_role, url (request.path_info, Void), "edit-user")
f := new_delete_form (a_role, url (request.percent_encoded_path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -148,7 +146,7 @@ feature -- Process New
l_role: detachable CMS_USER_ROLE
do
create b.make_empty
f := new_edit_form (l_role, url (request.path_info, Void), "create-role")
f := new_edit_form (l_role, url (request.percent_encoded_path_info, Void), "create-role")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent new_form_validate(?, b))
@@ -177,9 +175,6 @@ feature -- Form
local
l_save_role: BOOLEAN
l_update_role: BOOLEAN
l_role: detachable CMS_USER_ROLE
s: STRING
lnk: CMS_LINK
do
l_save_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Create role")
if l_save_role then
@@ -195,24 +190,25 @@ feature -- Form
end
end
create_role (fd)
end
l_update_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Update role")
if l_update_role then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
else
l_update_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Update role")
if l_update_role then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
end
b.append ("</li>")
end
b.append ("</li>")
end
end
if attached a_role as u_role then
update_role (fd, u_role)
else
fd.report_error ("Missing Role")
if a_role /= Void then
update_role (fd, a_role)
else
fd.report_error ("Missing Role")
end
end
end
end
@@ -233,19 +229,18 @@ feature -- Form
fd.report_invalid_field ("role", "missing role")
end
end
if attached {WSF_TABLE} fd.item ("cms_perm[]") as l_perm then
if attached {WSF_TABLE} fd.item ("new_cms_permissions[]") as l_perm then
a_role.permissions.compare_objects
from
l_perm.values.start
until
l_perm.values.after
across
l_perm.values as ic
loop
if attached {WSF_STRING} l_perm.value (l_perm.values.key_for_iteration) as l_value then
if a_role.permissions.has (l_value.value) then
fd.report_invalid_field ("cms_perm[]", "Permission " + l_value.value + " already taken!")
if attached {WSF_STRING} ic.item as p then
if not p.value.is_valid_as_string_8 then
fd.report_invalid_field ("new_cms_permissions[]", "Permission " + p.value + " should not have any unicode character!")
elseif across a_role.permissions as p_ic some p_ic.item.is_case_insensitive_equal_general (p.value) end then
fd.report_invalid_field ("new_cms_permissions[]", "Permission " + p.value + " already exists!")
end
end
l_perm.values.forth
end
end
end
@@ -286,7 +281,7 @@ feature -- Form
end
new_delete_form (a_role: detachable CMS_USER_ROLE; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for node `a_user' (if set), using form action url `a_url'.
-- Create a web form named `a_name' for role `a_role' (if set), using form action url `a_url'.
local
f: CMS_FORM
ts: WSF_FORM_SUBMIT_INPUT
@@ -317,11 +312,12 @@ feature -- Form
-- and apply this to content type `a_content_type'.
local
ti: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
-- fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
cb: WSF_FORM_CHECKBOX_INPUT
ts: WSF_FORM_SUBMIT_INPUT
tb: WSF_FORM_BUTTON_INPUT
-- tb: WSF_FORM_BUTTON_INPUT
l_role_permissions: detachable LIST [READABLE_STRING_8]
do
if attached a_role as l_role then
create fs.make
@@ -338,15 +334,19 @@ feature -- Form
create fs.make
fs.set_legend ("Permissions")
if not l_role.permissions.is_empty then
across l_role.permissions as ic loop
if
attached api.user_api.role_permissions as l_permissions
then
l_role_permissions := l_role.permissions
l_role_permissions.compare_objects
across l_permissions as ic loop
create cb.make_with_value ("cms_permissions", ic.item)
cb.set_checked (True)
cb.set_label (ic.item)
cb.set_checked (l_role_permissions.has (ic.item))
cb.set_title (ic.item)
fs.extend (cb)
end
end
create ti.make ("cms_perm[]")
create ti.make ("new_cms_permissions[]")
fs.extend (ti)
fs.extend_html_text ("<div class=%"input_fields_wrap%"></div>")
fs.extend_html_text ("<button class=%"add_field_button%">Add More Permissions</button>")
@@ -379,7 +379,7 @@ feature -- Form
update_role (a_form_data: WSF_FORM_DATA; a_role: CMS_USER_ROLE)
-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
local
l_permissions: LIST [READABLE_STRING_8]
l_perm: READABLE_STRING_8
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Update role") then
@@ -388,45 +388,47 @@ feature -- Form
attached a_form_data.string_item ("role-id") as l_role_id
and then attached {CMS_USER_ROLE} api.user_api.user_role_by_id (l_role_id.to_integer) as l_role
then
l_permissions := a_role.permissions
l_permissions.compare_objects
if attached {WSF_STRING} a_form_data.item ("cms_permissions") as u_role then
a_role.permissions.wipe_out
a_role.add_permission (u_role.value)
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_permissions") as u_permissions then
a_role.permissions.wipe_out
-- Enable checked permissions.
across
u_permissions as ic
loop
if not l_permissions.has (ic.item.value) then
a_role.remove_permission (ic.item.value)
l_perm := ic.item.value.as_string_8
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
end
end
else
a_role.permissions.wipe_out
end
if attached {WSF_TABLE} a_form_data.item ("cms_perm[]") as l_perm then
a_role.permissions.compare_objects
from
l_perm.values.start
until
l_perm.values.after
if attached {WSF_TABLE} a_form_data.item ("new_cms_permissions[]") as l_cms_perms then
-- Add new permissions as checked.
across
l_cms_perms.values as ic
loop
if
attached {WSF_STRING} l_perm.value (l_perm.values.key_for_iteration) as l_value and then
not l_value.value.is_whitespace
then
a_role.add_permission (l_value.value)
if attached {WSF_STRING} ic.item as p then
l_perm := p.value.as_string_8
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
end
end
l_perm.values.forth
end
end
if not a_form_data.has_error then
a_role.set_name (l_role_name)
api.user_api.save_user_role (a_role)
add_success_message ("Permissions updated")
if not api.user_api.has_error then
add_success_message ("Permissions updated")
set_redirection (absolute_url ("admin/role/" + a_role.id.out, Void))
else
add_error_message ("Error during permissions update operation.")
end
end
else
a_form_data.report_error ("Missing Role")
end
@@ -457,17 +459,6 @@ feature -- Form
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across
l_variables as c
loop
page.register_variable (c.item, c.key)
end
end
end
script_add_remove_items: STRING = "[
$(document).ready(function() {
var wrapper = $(".input_fields_wrap"); //Fields wrapper
@@ -475,7 +466,7 @@ feature -- Generation
$(add_button).click(function(e){ //on add input button click
e.preventDefault();
$(wrapper).append('<div><input type="text" name="cms_perm[]"/><a href="#" class="remove_field">Remove</a></div>'); //add input box
$(wrapper).append('<div><input type="text" name="new_cms_permissions[]"/><a href="#" class="remove_field">Remove</a></div>'); //add input box
});
$(wrapper).on("click",".remove_field", function(e){ //user click on remove text

22
modules/admin/handler/role/cms_role_handler.e
View File

@@ -85,12 +85,12 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/admin/role/") end
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/role/") end
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/admin/role/") end
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/role/") end
create edit_response.make (req, res, api)
edit_response.execute
else
@@ -123,17 +123,17 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/add/role") then
elseif req.percent_encoded_path_info.ends_with_general ("/add/role") then
create edit_response.make (req, res, api)
edit_response.execute
end
@@ -150,14 +150,14 @@ feature -- Error
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_value ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_value ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
@@ -192,7 +192,7 @@ feature {NONE} -- New User
local
edit_response: CMS_ROLE_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/admin/add/role") then
if req.percent_encoded_path_info.starts_with_general ("/admin/add/role") then
create edit_response.make (req, res, api)
edit_response.execute
else

2
modules/admin/handler/role/cms_role_view_response.e
View File

@@ -72,7 +72,7 @@ feature -- Execution
lnk: CMS_LOCAL_LINK
s: STRING
do
a_response.add_variable (a_role, "role")
a_response.set_value (a_role, "role")
create lnk.make (a_response.translation ("View", Void), "admin/role/" + a_role.id.out)
lnk.set_is_active (True)
lnk.set_weight (1)

101
modules/admin/handler/user/cms_user_form_response.e
View File

@@ -11,8 +11,7 @@ inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
initialize
end
create
@@ -66,10 +65,10 @@ feature -- Process
attached user_api.user_by_id (uid) as l_user
then
if
request.path_info.ends_with_general ("/edit")
location.ends_with_general ("/edit")
then
edit_form (l_user)
elseif request.path_info.ends_with_general ("/delete") then
elseif location.ends_with_general ("/delete") then
delete_form (l_user)
end
else
@@ -86,7 +85,7 @@ feature -- Process Edit
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_edit_form (a_user, url (request.path_info, Void), "edit-user")
f := new_edit_form (a_user, url (location, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.submit_actions.extend (agent edit_form_submit (?, a_user, b))
@@ -118,7 +117,7 @@ feature -- Process Delete
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_delete_form (a_user, url (request.path_info, Void), "edit-user")
f := new_delete_form (a_user, url (location, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -151,7 +150,7 @@ feature -- Process New
l_user: detachable CMS_USER
do
create b.make_empty
f := new_edit_form (l_user, url (request.path_info, Void), "create-user")
f := new_edit_form (l_user, url (location, Void), "create-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent new_form_validate (?, b))
@@ -202,7 +201,7 @@ feature -- Form
if a_user /= Void then
l_user := a_user
if l_user.has_id then
create {CMS_LOCAL_LINK}lnk.make (translation ("View", Void),"admin/user/" + l_user.id.out )
create {CMS_LOCAL_LINK} lnk.make (translation ("View", Void),"admin/user/" + l_user.id.out )
change_user (fd, a_user)
s := "modified"
set_redirection (lnk.location)
@@ -248,7 +247,7 @@ feature -- Form
end
new_edit_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
new_edit_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING): CMS_FORM
-- Create a web form named `a_name' for uSER `a_YSER' (if set), using form action url `a_url'.
local
f: CMS_FORM
@@ -279,25 +278,25 @@ feature -- Form
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end
if attached fd.string_item ("email") as l_email then
if attached api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end
new_delete_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for node `a_user' (if set), using form action url `a_url'.
@@ -342,13 +341,14 @@ feature -- Form
fs: WSF_FORM_FIELD_SET
cb: WSF_FORM_CHECKBOX_INPUT
ts: WSF_FORM_SUBMIT_INPUT
l_user_roles: detachable LIST [CMS_USER_ROLE]
do
if attached a_user as l_user then
if a_user /= Void then
create fs.make
fs.set_legend ("Basic User Account Information")
fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
fs.extend_html_text (l_user.name)
if attached l_user.email as l_email then
fs.extend_html_text (a_user.name)
if attached a_user.email as l_email then
create fe.make_with_text ("email", l_email)
else
create fe.make_with_text ("email", "")
@@ -367,30 +367,18 @@ feature -- Form
create fs.make
fs.set_legend ("User Roles")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (l_user) as u_roles and then
not u_roles.is_empty
then
u_roles.compare_objects
across api.user_api.roles as ic loop
if u_roles.has (ic.item) then
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_checked (True)
cb.set_label (ic.item.name)
fs.extend (cb)
else
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
end
else
across api.user_api.roles as ic loop
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
l_user_roles := api.user_api.user_roles (a_user)
if l_user_roles.is_empty then
l_user_roles := Void
end
across api.user_api.effective_roles as ic loop
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_checked (l_user_roles /= Void and then across l_user_roles as r_ic some r_ic.item.same_user_role (ic.item) end)
cb.set_title (ic.item.name)
fs.extend (cb)
end
a_form.extend (fs)
create ts.make ("op")
ts.set_default_value ("Update user role")
@@ -512,13 +500,6 @@ feature -- Form
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
new_random_password (u: CMS_USER): STRING
-- Generate a new token activation token
local

22
modules/admin/handler/user/cms_user_handler.e
View File

@@ -85,12 +85,12 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
else
@@ -123,17 +123,17 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/add/user") then
elseif req.percent_encoded_path_info.ends_with_general ("/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
end
@@ -150,14 +150,14 @@ feature -- Error
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_value ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_value ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
@@ -192,7 +192,7 @@ feature {NONE} -- New User
local
edit_response: CMS_USER_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/admin/add/user") then
if req.percent_encoded_path_info.starts_with ("/admin/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
else

35
modules/admin/handler/user/cms_user_view_response.e
View File

@@ -66,18 +66,19 @@ feature -- Execution
end
end
append_html_to_output (a_user: CMS_USER; a_response: CMS_RESPONSE )
append_html_to_output (a_user: CMS_USER; a_response: CMS_RESPONSE)
local
lnk: CMS_LOCAL_LINK
s: STRING
l_role: CMS_USER_ROLE
do
a_response.add_variable (a_user, "user")
a_response.set_value (a_user, "user")
create lnk.make (a_response.translation ("View", Void), "admin/user/" + a_user.id.out)
lnk.set_is_active (True)
lnk.set_weight (1)
a_response.add_to_primary_tabs (lnk)
create lnk.make (a_response.translation ("Edit", Void), "admin/user/" + a_user.id.out + "/edit")
lnk.set_permission_arguments (<<"manage admin", "manage users", "manage own user">>)
lnk.set_weight (2)
a_response.add_to_primary_tabs (lnk)
@@ -87,32 +88,38 @@ feature -- Execution
a_response.add_to_primary_tabs (lnk)
end
-- FIXME: [04/aug/2015] use a CMS_FORM rather than hardcoded html.
-- So that other module may easily integrate them-selves to add information.
create s.make_empty
s.append ("<div class=%"info%"> ")
s.append ("<h4>Account Information</h4>")
s.append ("<p>UserName:")
s.append ("<p>Username: ")
s.append (a_user.name)
s.append ("</p>")
if attached a_user.email as l_email then
s.append ("<p>Email:")
s.append ("<p>Email: ")
s.append (l_email)
s.append ("</p>")
end
s.append ("<h4>User Role:</h4>")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (a_user) as l_roles and then
not l_roles.is_empty
if
attached {LIST [CMS_USER_ROLE]} api.user_api.user_roles (a_user) as l_roles and then
not l_roles.is_empty
then
s.append ("<h4>Role(s):</h4>")
across l_roles as ic loop
l_role := ic.item
s.append ("<i>")
s.append (ic.item.name)
s.append (link (l_role.name, "admin/role/" + l_role.id.out, Void))
s.append ("</i>")
s.append ("<h5>Permissions:</h5>")
s.append ("<ul class=%"cms-permissions%">%N")
across ic.item.permissions as c loop
s.append ("<li class=%"cms-permission%">"+ c.item + "</li>%N")
debug
s.append ("<h5>Permissions:</h5>")
s.append ("<ul class=%"cms-permissions%">%N")
across l_role.permissions as perms_ic loop
s.append ("<li class=%"cms-permission%">" + perms_ic.item + "</li>%N")
end
s.append ("</ul>%N")
end
s.append ("</ul>%N")
end
end