backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed and improved various issue in admin module (especially the Role editing which was not working as expected.)

Browse Source 
Added CMS_MODULE.permissions to allow module to declare the potential permissions.
Added support for CMS_LINK.is_forbidden, in relation with CMS_LOCAL_LINK.permission_arguments.
Split link "username (Logout)" into 2 links "username" and "logout".
Fixed/Changed the way auth modules alter the logout link based on "(Logout)" title, by safer solution based on `location' of the link.

Fixed usage of WSF_REQUEST.path_info by using percent_encoded_path_info which is not non unicode path info to be used most of the time.
Merged CMS_REPONSE.variables and CMS_REPONSE.values .
When possible, prefer usage of CMS_RESPONSE.user instead of CMS_REQUEST_UTIL.current_user (WSF_REQUEST) whenever it is possible.
When possible, prefer usage of CMS_RESPONSE.location, rather than usage of WSF_REQUEST.(percent_encoded_)path_info .
Code cleaning.
This commit is contained in:
Jocelyn FIAT
2015-08-04 12:48:14 +02:00
parent c271f839e2
commit bba1d57ce3
38 changed files with 497 additions and 594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
modules/admin/handler/user/cms_user_form_response.e
View File

@@ -11,8 +11,7 @@ inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
initialize
end
create
@@ -66,10 +65,10 @@ feature -- Process
attached user_api.user_by_id (uid) as l_user
then
if
request.path_info.ends_with_general ("/edit")
location.ends_with_general ("/edit")
then
edit_form (l_user)
elseif request.path_info.ends_with_general ("/delete") then
elseif location.ends_with_general ("/delete") then
delete_form (l_user)
end
else
@@ -86,7 +85,7 @@ feature -- Process Edit
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_edit_form (a_user, url (request.path_info, Void), "edit-user")
f := new_edit_form (a_user, url (location, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.submit_actions.extend (agent edit_form_submit (?, a_user, b))
@@ -118,7 +117,7 @@ feature -- Process Delete
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_delete_form (a_user, url (request.path_info, Void), "edit-user")
f := new_delete_form (a_user, url (location, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -151,7 +150,7 @@ feature -- Process New
l_user: detachable CMS_USER
do
create b.make_empty
f := new_edit_form (l_user, url (request.path_info, Void), "create-user")
f := new_edit_form (l_user, url (location, Void), "create-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent new_form_validate (?, b))
@@ -202,7 +201,7 @@ feature -- Form
if a_user /= Void then
l_user := a_user
if l_user.has_id then
create {CMS_LOCAL_LINK}lnk.make (translation ("View", Void),"admin/user/" + l_user.id.out )
create {CMS_LOCAL_LINK} lnk.make (translation ("View", Void),"admin/user/" + l_user.id.out )
change_user (fd, a_user)
s := "modified"
set_redirection (lnk.location)
@@ -248,7 +247,7 @@ feature -- Form
end
new_edit_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
new_edit_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING): CMS_FORM
-- Create a web form named `a_name' for uSER `a_YSER' (if set), using form action url `a_url'.
local
f: CMS_FORM
@@ -279,25 +278,25 @@ feature -- Form
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end
if attached fd.string_item ("email") as l_email then
if attached api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end
new_delete_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for node `a_user' (if set), using form action url `a_url'.
@@ -342,13 +341,14 @@ feature -- Form
fs: WSF_FORM_FIELD_SET
cb: WSF_FORM_CHECKBOX_INPUT
ts: WSF_FORM_SUBMIT_INPUT
l_user_roles: detachable LIST [CMS_USER_ROLE]
do
if attached a_user as l_user then
if a_user /= Void then
create fs.make
fs.set_legend ("Basic User Account Information")
fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
fs.extend_html_text (l_user.name)
if attached l_user.email as l_email then
fs.extend_html_text (a_user.name)
if attached a_user.email as l_email then
create fe.make_with_text ("email", l_email)
else
create fe.make_with_text ("email", "")
@@ -367,30 +367,18 @@ feature -- Form
create fs.make
fs.set_legend ("User Roles")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (l_user) as u_roles and then
not u_roles.is_empty
then
u_roles.compare_objects
across api.user_api.roles as ic loop
if u_roles.has (ic.item) then
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_checked (True)
cb.set_label (ic.item.name)
fs.extend (cb)
else
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
end
else
across api.user_api.roles as ic loop
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
l_user_roles := api.user_api.user_roles (a_user)
if l_user_roles.is_empty then
l_user_roles := Void
end
across api.user_api.effective_roles as ic loop
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_checked (l_user_roles /= Void and then across l_user_roles as r_ic some r_ic.item.same_user_role (ic.item) end)
cb.set_title (ic.item.name)
fs.extend (cb)
end
a_form.extend (fs)
create ts.make ("op")
ts.set_default_value ("Update user role")
@@ -512,13 +500,6 @@ feature -- Form
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
new_random_password (u: CMS_USER): STRING
-- Generate a new token activation token
local

22
modules/admin/handler/user/cms_user_handler.e
View File

@@ -85,12 +85,12 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
else
@@ -123,17 +123,17 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/add/user") then
elseif req.percent_encoded_path_info.ends_with_general ("/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
end
@@ -150,14 +150,14 @@ feature -- Error
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_value ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_value ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
@@ -192,7 +192,7 @@ feature {NONE} -- New User
local
edit_response: CMS_USER_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/admin/add/user") then
if req.percent_encoded_path_info.starts_with ("/admin/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
else

35
modules/admin/handler/user/cms_user_view_response.e
View File

@@ -66,18 +66,19 @@ feature -- Execution
end
end
append_html_to_output (a_user: CMS_USER; a_response: CMS_RESPONSE )
append_html_to_output (a_user: CMS_USER; a_response: CMS_RESPONSE)
local
lnk: CMS_LOCAL_LINK
s: STRING
l_role: CMS_USER_ROLE
do
a_response.add_variable (a_user, "user")
a_response.set_value (a_user, "user")
create lnk.make (a_response.translation ("View", Void), "admin/user/" + a_user.id.out)
lnk.set_is_active (True)
lnk.set_weight (1)
a_response.add_to_primary_tabs (lnk)
create lnk.make (a_response.translation ("Edit", Void), "admin/user/" + a_user.id.out + "/edit")
lnk.set_permission_arguments (<<"manage admin", "manage users", "manage own user">>)
lnk.set_weight (2)
a_response.add_to_primary_tabs (lnk)
@@ -87,32 +88,38 @@ feature -- Execution
a_response.add_to_primary_tabs (lnk)
end
-- FIXME: [04/aug/2015] use a CMS_FORM rather than hardcoded html.
-- So that other module may easily integrate them-selves to add information.
create s.make_empty
s.append ("<div class=%"info%"> ")
s.append ("<h4>Account Information</h4>")
s.append ("<p>UserName:")
s.append ("<p>Username: ")
s.append (a_user.name)
s.append ("</p>")
if attached a_user.email as l_email then
s.append ("<p>Email:")
s.append ("<p>Email: ")
s.append (l_email)
s.append ("</p>")
end
s.append ("<h4>User Role:</h4>")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (a_user) as l_roles and then
not l_roles.is_empty
if
attached {LIST [CMS_USER_ROLE]} api.user_api.user_roles (a_user) as l_roles and then
not l_roles.is_empty
then
s.append ("<h4>Role(s):</h4>")
across l_roles as ic loop
l_role := ic.item
s.append ("<i>")
s.append (ic.item.name)
s.append (link (l_role.name, "admin/role/" + l_role.id.out, Void))
s.append ("</i>")
s.append ("<h5>Permissions:</h5>")
s.append ("<ul class=%"cms-permissions%">%N")
across ic.item.permissions as c loop
s.append ("<li class=%"cms-permission%">"+ c.item + "</li>%N")
debug
s.append ("<h5>Permissions:</h5>")
s.append ("<ul class=%"cms-permissions%">%N")
across l_role.permissions as perms_ic loop
s.append ("<li class=%"cms-permission%">" + perms_ic.item + "</li>%N")
end
s.append ("</ul>%N")
end
s.append ("</ul>%N")
end
end