backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed and improved various issue in admin module (especially the Role editing which was not working as expected.)

Browse Source 
Added CMS_MODULE.permissions to allow module to declare the potential permissions.
Added support for CMS_LINK.is_forbidden, in relation with CMS_LOCAL_LINK.permission_arguments.
Split link "username (Logout)" into 2 links "username" and "logout".
Fixed/Changed the way auth modules alter the logout link based on "(Logout)" title, by safer solution based on `location' of the link.

Fixed usage of WSF_REQUEST.path_info by using percent_encoded_path_info which is not non unicode path info to be used most of the time.
Merged CMS_REPONSE.variables and CMS_REPONSE.values .
When possible, prefer usage of CMS_RESPONSE.user instead of CMS_REQUEST_UTIL.current_user (WSF_REQUEST) whenever it is possible.
When possible, prefer usage of CMS_RESPONSE.location, rather than usage of WSF_REQUEST.(percent_encoded_)path_info .
Code cleaning.
This commit is contained in:
Jocelyn FIAT
2015-08-04 12:48:14 +02:00
parent c271f839e2
commit bba1d57ce3
38 changed files with 497 additions and 594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/node/handler/cms_node_type_webform_manager.e
View File

@@ -264,7 +264,7 @@ feature -- Output
do
node_api := a_response.node_api
a_response.add_variable (a_node, "node")
a_response.set_value (a_node, "node")
-- Show tabs only if a user is authenticated.
if attached a_response.user as l_user then

22
modules/node/handler/node_form_response.e
View File

@@ -50,10 +50,10 @@ feature -- Execution
if attached node_api.node_type_for (l_node) as l_type then
fixme ("refactor: process_edit, process_create process edit")
if
request.path_info.ends_with_general ("/edit") and then
node_api.has_permission_for_action_on_node ("edit", l_node, current_user (request))
location.ends_with_general ("/edit") and then
node_api.has_permission_for_action_on_node ("edit", l_node, user)
then
f := new_edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
f := new_edit_form (l_node, url (location, Void), "edit-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent edit_form_validate (?, b))
@@ -76,10 +76,10 @@ feature -- Execution
f.append_to_html (wsf_theme, b)
end
elseif
request.path_info.ends_with_general ("/delete") and then
node_api.has_permission_for_action_on_node ("delete", l_node, current_user (request))
location.ends_with_general ("/delete") and then
node_api.has_permission_for_action_on_node ("delete", l_node, user)
then
f := new_delete_form (l_node, url (request.path_info, Void), "delete-" + l_type.name, l_type)
f := new_delete_form (l_node, url (location, Void), "delete-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -100,10 +100,10 @@ feature -- Execution
f.append_to_html (wsf_theme, b)
end
elseif
request.path_info.ends_with_general ("/trash") and then
node_api.has_permission_for_action_on_node ("trash", l_node, current_user (request))
location.ends_with_general ("/trash") and then
node_api.has_permission_for_action_on_node ("trash", l_node, user)
then
f := new_trash_form (l_node, url (request.path_info, Void), "trash-" + l_type.name, l_type)
f := new_trash_form (l_node, url (location, Void), "trash-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -136,7 +136,7 @@ feature -- Execution
then
if has_permissions (<<"create any", "create " + l_type.name>>) then
if attached l_type.new_node (Void) as l_node then
f := new_edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
f := new_edit_form (l_node, url (location, Void), "edit-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent edit_form_validate (?, b))
@@ -253,7 +253,7 @@ feature -- Form
fixme ("for now, publishing is not implemented, so let's assume any node saved is published.") -- FIXME
l_node.mark_published
node_api.save_node (l_node)
if attached current_user (request) as u then
if attached user as u then
api.log ("node",
"User %"" + user_html_link (u) + "%" " + s + " node " + node_html_link (l_node, a_type.name + " #" + l_node.id.out),
0, node_local_link (l_node, Void)

28
modules/node/handler/node_handler.e
View File

@@ -85,16 +85,16 @@ feature -- HTTP Methods
edit_response: NODE_FORM_RESPONSE
view_response: NODE_VIEW_RESPONSE
do
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/node/") end
if req.percent_encoded_path_info.ends_with ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with ("/node/") end
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/node/") end
elseif req.percent_encoded_path_info.ends_with ("/delete") then
check valid_url: req.percent_encoded_path_info.starts_with ("/node/") end
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.path_info.ends_with_general ("/trash") then
check valid_url: req.path_info.starts_with_general ("/node/") end
elseif req.percent_encoded_path_info.ends_with ("/trash") then
check valid_url: req.percent_encoded_path_info.starts_with ("/node/") end
create edit_response.make (req, res, api, node_api)
edit_response.execute
else
@@ -125,17 +125,17 @@ feature -- HTTP Methods
edit_response: NODE_FORM_RESPONSE
do
fixme ("Refactor code: extract methods: edit_node and add_node")
if req.path_info.ends_with_general ("/edit") then
if req.percent_encoded_path_info.ends_with ("/edit") then
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
elseif req.percent_encoded_path_info.ends_with ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/trash") then
elseif req.percent_encoded_path_info.ends_with ("/trash") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Trash")
@@ -147,7 +147,7 @@ feature -- HTTP Methods
then
do_restore (req, res)
end
elseif req.path_info.starts_with_general ("/node/add/") then
elseif req.percent_encoded_path_info.starts_with ("/node/add/") then
create edit_response.make (req, res, api, node_api)
edit_response.execute
else
@@ -260,14 +260,14 @@ feature -- Error
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_value ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_value ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
@@ -279,7 +279,7 @@ feature {NONE} -- Node
local
edit_response: NODE_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/node/") then
if req.percent_encoded_path_info.starts_with_general ("/node/") then
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.is_get_request_method then

11
modules/node/handler/node_response.e
View File

@@ -10,8 +10,6 @@ inherit
CMS_RESPONSE
rename
make as make_response
redefine
custom_prepare
end
feature {NONE} -- Initialization
@@ -27,15 +25,6 @@ feature -- Access
node_api: CMS_NODE_API
-- Associated node API.
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
feature -- Helpers
node_id_path_parameter (req: WSF_REQUEST): INTEGER_64