Fixed and improved various issue in admin module (especially the Role editing which was not working as expected.)

Added CMS_MODULE.permissions to allow module to declare the potential permissions.
Added support for CMS_LINK.is_forbidden, in relation with CMS_LOCAL_LINK.permission_arguments.
Split link "username (Logout)" into 2 links "username" and "logout".
Fixed/Changed the way auth modules alter the logout link based on "(Logout)" title, by safer solution based on `location' of the link.

Fixed usage of WSF_REQUEST.path_info by using percent_encoded_path_info which is not non unicode path info to be used most of the time.
Merged CMS_REPONSE.variables and CMS_REPONSE.values .
When possible, prefer usage of CMS_RESPONSE.user instead of CMS_REQUEST_UTIL.current_user (WSF_REQUEST) whenever it is possible.
When possible, prefer usage of CMS_RESPONSE.location, rather than usage of WSF_REQUEST.(percent_encoded_)path_info .
Code cleaning.

modules/oauth20/cms_oauth_20_module.e

@@ -202,7 +202,7 @@ feature -- Hooks
 			-- <Precursor>
 		do
 			if
-				attached a_response.current_user (a_response.request) as u and then
+				attached a_response.user as u and then
 				attached {WSF_STRING} a_response.request.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session)
 			then
 				a_value.force ("account/roc-oauth-logout", "auth_login_strategy")
@@ -217,7 +217,7 @@ feature -- Hooks
 			lnk2: detachable CMS_LINK
 		do
 			if
-				attached a_response.current_user (a_response.request) as u and then
+				attached a_response.user as u and then
 				attached {WSF_STRING} a_response.request.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session) as l_roc_auth_session_token
 			then
 				across
@@ -225,14 +225,14 @@ feature -- Hooks
 				until
 					lnk2 /= Void
 				loop
-					if ic.item.title.has_substring ("(Logout)") then
+					if ic.item.location.same_string ("account/roc-logout") then
 						lnk2 := ic.item
 					end
 				end
 				if lnk2 /= Void then
 					a_menu_system.primary_menu.remove (lnk2)
 				end
-				create lnk.make (u.name +  " (Logout)", "account/roc-oauth-logout" )
+				create lnk.make ("Logout", "account/roc-oauth-logout" )
 				a_menu_system.primary_menu.extend (lnk)
 			else
 				if a_response.location.starts_with ("account/") then
@@ -307,10 +307,13 @@ feature -- Hooks
 				l_cookie.set_max_age (-1)
 				res.add_cookie (l_cookie)
 				unset_current_user (req)
+
 				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
 				r.set_status_code ({HTTP_CONSTANTS}.found)
 				r.set_redirection (req.absolute_script_url (""))
 				r.execute
+			else
+				fixme (generator + ": missing else implementation in handle_logout!")
 			end
 		end
 
@@ -322,8 +325,8 @@ feature {NONE} -- Associate
 			l_not_associated: LIST [STRING]
 		do
 			if attached user_oauth_api as l_oauth_api then
-				create {ARRAYED_LIST [STRING]}l_associated.make (1)
-				create {ARRAYED_LIST [STRING]}l_not_associated.make (1)
+				create {ARRAYED_LIST [STRING]} l_associated.make (1)
+				create {ARRAYED_LIST [STRING]} l_not_associated.make (1)
 				across l_oauth_api.oauth2_consumers as ic loop
 					if attached l_oauth_api.user_oauth2_by_id (a_user.id, ic.item) then
 						l_associated.force (ic.item)
@@ -506,7 +509,7 @@ feature -- OAuth2 Login with Provider
 				if
 					attached {WSF_STRING} req.form_parameter ("consumer") as l_consumer and then
 					attached {WSF_STRING} req.form_parameter ("email") as l_email and then
-					attached current_user (req) as l_user
+					attached r.user as l_user
 				then
 					l_user.set_email (l_email.value)
 					a_oauth_api.new_user_oauth2 ("none", "none", l_user, l_consumer.value )
@@ -526,7 +529,7 @@ feature -- OAuth2 Login with Provider
 			if req.is_post_request_method then
 				if
 					attached {WSF_STRING} req.form_parameter ("consumer") as l_consumer and then
-					attached current_user (req) as l_user
+					attached r.user as l_user
 				then
 					a_oauth_api.remove_user_oauth2 (l_user, l_consumer.value)
 					-- TODO send email?