backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed and improved various issue in admin module (especially the Role editing which was not working as expected.)

Browse Source 
Added CMS_MODULE.permissions to allow module to declare the potential permissions.
Added support for CMS_LINK.is_forbidden, in relation with CMS_LOCAL_LINK.permission_arguments.
Split link "username (Logout)" into 2 links "username" and "logout".
Fixed/Changed the way auth modules alter the logout link based on "(Logout)" title, by safer solution based on `location' of the link.

Fixed usage of WSF_REQUEST.path_info by using percent_encoded_path_info which is not non unicode path info to be used most of the time.
Merged CMS_REPONSE.variables and CMS_REPONSE.values .
When possible, prefer usage of CMS_RESPONSE.user instead of CMS_REQUEST_UTIL.current_user (WSF_REQUEST) whenever it is possible.
When possible, prefer usage of CMS_RESPONSE.location, rather than usage of WSF_REQUEST.(percent_encoded_)path_info .
Code cleaning.
This commit is contained in:
Jocelyn FIAT
2015-08-04 12:48:14 +02:00
parent c271f839e2
commit bba1d57ce3
38 changed files with 497 additions and 594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/demo/modules/demo/cms_demo_module.e
View File

@@ -140,7 +140,7 @@ feature -- Handler
r: NOT_IMPLEMENTED_ERROR_CMS_RESPONSE
do
create r.make (req, res, a_api)
r.set_main_content ("DEMO module does not yet implement %"" + req.path_info + "%" ...")
r.set_main_content ("DEMO module does not yet implement %"" + req.percent_encoded_path_info + "%" ...")
r.add_error_message ("DEMO Module: not yet implemented")
r.execute
end

1
examples/demo/site/config/cms.ini
View File

@@ -21,6 +21,7 @@ smtp=localhost:25
# for each module, this can be overwritten with
# module_name= on or off
*=off
admin=on
auth=on
basic_auth=on
blog=on

10
library/model/src/link/cms_link.e
View File

@@ -49,7 +49,7 @@ feature -- Comparison
end
end
feature -- status report
feature -- Status report
is_active: BOOLEAN
-- Is current link active?
@@ -79,6 +79,14 @@ feature -- status report
deferred
end
feature -- Security
is_forbidden: BOOLEAN
-- Is Current link forbidden?
-- Current link could be disabled for current CMS user.
deferred
end
feature -- Element change
set_weight (a_weight: INTEGER)

16
library/model/src/link/cms_local_link.e
View File

@@ -71,6 +71,12 @@ feature -- Status report
Result := attached children as l_children and then not l_children.is_empty
end
feature -- Security
is_forbidden: BOOLEAN
-- <Precursor>
-- Related to `permission_arguments' values.
feature -- Element change
set_title (a_title: detachable READABLE_STRING_GENERAL)
@@ -167,6 +173,16 @@ feature -- Status change
is_expandable: is_expandable = b
end
feature -- Security change
set_is_forbidden (b: BOOLEAN)
-- Set `is_forbidden' to `b'.
do
is_forbidden := b
ensure
is_forbidden: is_forbidden = b
end
feature {NONE} -- Implementation
internal_is_expandable: BOOLEAN

27
modules/admin/cms_admin_module.e
View File

@@ -1,5 +1,5 @@
note
description: "Summary description for {CMS_ADMIN_MODULE}."
description: "CMS module providing Administration support (back-end)."
date: "$Date$"
revision: "$Revision$"
@@ -7,7 +7,6 @@ class
CMS_ADMIN_MODULE
inherit
CMS_MODULE
redefine
register_hooks
@@ -17,9 +16,7 @@ inherit
CMS_HOOK_RESPONSE_ALTER
CMS_HOOK_BLOCK
CMS_REQUEST_UTIL
-- CMS_REQUEST_UTIL
create
make
@@ -94,7 +91,6 @@ feature -- Hooks
-- <Precursor>
do
a_response.subscribe_to_menu_system_alter_hook (Current)
a_response.subscribe_to_block_hook (Current)
a_response.subscribe_to_response_alter_hook (Current)
end
@@ -104,29 +100,16 @@ feature -- Hooks
a_response.add_style (a_response.url ("/module/" + name + "/files/css/admin.css", Void), Void)
end
block_list: ITERABLE [like {CMS_BLOCK}.name]
-- <Precursor>
do
Result := <<"admin-info">>
end
get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
local
-- b: CMS_CONTENT_BLOCK
do
-- create b.make (a_block_id, "Block::node", "This is a block test", Void)
-- a_response.add_block (b, "sidebar_second")
end
menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
local
lnk: CMS_LOCAL_LINK
do
if
attached current_user (a_response.request) as l_user and then
a_response.api.user_api.is_admin_user (l_user)
a_response.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) -- Note: admin user has all permissions enabled by default.
then
-- TODO: we should probably use more side menu and less primary_menu.
create lnk.make ("Admin", "admin")
lnk.set_permission_arguments (<<"manage " + {CMS_ADMIN_MODULE}.name>>)
a_menu_system.primary_menu.extend (lnk)
end
end

4
modules/admin/handler/cms_admin_handler.e
View File

@@ -3,7 +3,7 @@ note
handler for CMS admin in the CMS interface.
TODO: implement REST API.
]" author: ""
]"
date: "$Date$"
revision: "$Revision$"
@@ -11,7 +11,6 @@ class
CMS_ADMIN_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
@@ -59,7 +58,6 @@ feature -- execute
execute (req, res)
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)

186
modules/admin/handler/cms_admin_response.e
View File

@@ -7,12 +7,10 @@ class
CMS_ADMIN_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
initialize
end
create
@@ -56,186 +54,4 @@ feature -- Process
set_main_content (b)
end
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
feature -- Admin: Add User Form
handle_admin_user_form
local
s: STRING
f: CMS_FORM
t: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
f_submit: WSF_FORM_SUBMIT_INPUT
do
create f.make (request.percent_encoded_path_info, {CMS_ADMIN_MODULE}.name )
create fs.make
fs.set_legend ("Create new user without password:")
create t.make_with_text ("username", "")
t.set_label ("User name")
t.enable_required
t.set_placeholder ("username")
fs.extend (t)
create fe.make_with_text ("email", "")
fe.set_label ("Email")
fe.set_placeholder ("valid email")
fs.extend (fe)
create f_submit.make_with_text ("op", "Create user")
fs.extend (f_submit)
create f_submit.make_with_text ("op", "Update user")
fs.extend (f_submit)
f.extend (fs)
if request.is_post_request_method then
create s.make_empty
f.validation_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API)
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if attached fd.string_item ("username") as l_username then
if attached ia_api.user_api.user_by_name (l_username) then
fd.report_invalid_field ("username", "Username already taken!")
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached ia_api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if ia_api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end(?, api)
)
f.submit_actions.extend (agent (fd: WSF_FORM_DATA; ia_api: CMS_API; a_output: STRING)
local
u: CMS_USER
l_roles: detachable LIST [CMS_USER_ROLE]
l_trusted_user_role: detachable CMS_USER_ROLE
do
if attached fd.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Create user") then
if
attached fd.string_item ("username") as l_username and then
attached fd.string_item ("email") as l_email and then
l_email.is_valid_as_string_8
then
create u.make (l_username)
u.set_email (l_email.as_string_8)
u.set_password (new_random_password (u))
ia_api.user_api.new_user (u)
if ia_api.user_api.has_error then
end
a_output.append ("<li>New user ["+ html_encoded (l_username) +"] created.</li>")
else
fd.report_invalid_field ("username", "Missing username!")
fd.report_invalid_field ("email", "Missing email address!")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if
attached fd.string_item ("username") as l_username and then
attached ia_api.user_api.user_by_name (l_username) as l_user
then
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role = Void then
create l_trusted_user_role.make ("trusted")
ia_api.user_api.save_user_role (l_trusted_user_role)
end
l_trusted_user_role.add_permission ("admin wdocs")
l_trusted_user_role.add_permission ("edit wdocs page")
l_trusted_user_role.add_permission ("create wdocs page")
l_trusted_user_role.add_permission ("delete wdocs page")
l_trusted_user_role.add_permission ("edit any wdocs page")
l_trusted_user_role.add_permission ("delete any wdocs page")
l_trusted_user_role.add_permission ("clear wdocs cache")
l_trusted_user_role.add_permission ("create page")
l_trusted_user_role.add_permission ("edit any page")
l_trusted_user_role.add_permission ("delete any page")
l_trusted_user_role.add_permission ("create blog")
l_trusted_user_role.add_permission ("edit any blog")
l_trusted_user_role.add_permission ("delete any blog")
l_trusted_user_role.add_permission ("edit any node")
l_trusted_user_role.add_permission ("delete any node")
ia_api.user_api.save_user_role (l_trusted_user_role)
l_trusted_user_role := ia_api.user_api.user_role_by_name ("trusted")
if l_trusted_user_role /= Void then
u := l_user
ia_api.user_api.update_user (u)
l_roles := u.roles
if l_roles = Void then
create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1)
end
l_roles.force (l_trusted_user_role)
u.set_roles (l_roles)
ia_api.user_api.update_user (u)
a_output.append ("<li>User ["+ html_encoded (l_username) +"] updated.</li>")
else
a_output.append ("<li>User ["+ html_encoded (l_username) +"] NOT updated! [ERROR].</li>")
end
else
fd.report_invalid_field ("username", "User does not exist!")
end
end
end
end(?, api, s)
)
f.process (Current)
f.append_to_html (create {CMS_TO_WSF_THEME}.make (Current, Current.theme), s)
Current.set_main_content (s)
elseif request.is_get_head_request_method then
create s.make_empty
f.append_to_html (create {CMS_TO_WSF_THEME}.make (Current, Current.theme), s)
Current.set_main_content (s)
end
end
new_random_password (u: CMS_USER): STRING
-- Generate a new token activation token
local
l_token: STRING
l_security: SECURITY_PROVIDER
l_encode: URL_ENCODER
do
create l_security
l_token := l_security.token
create l_encode
from until l_token.same_string (l_encode.encoded_string (l_token)) loop
-- Loop ensure that we have a security token that does not contain characters that need encoding.
-- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
-- but the user will need to use an unencoded token if activation has to be done manually.
l_token := l_security.token
end
Result := l_token + url_encoded (u.name) + u.creation_date.out
end
end

3
modules/admin/handler/role/cms_admin_roles_handler.e
View File

@@ -83,7 +83,6 @@ feature -- HTTP Methods
l_response.set_title ("Listing " + l_count.out + " Role")
end
if attached user_api.roles as lst then
s.append ("<ul class=%"cms-roles%">%N")
across
@@ -92,7 +91,7 @@ feature -- HTTP Methods
u := ic.item
s.append ("<li class=%"cms_role%">")
s.append ("<a href=%"")
s.append (req.absolute_script_url ("/admin/role/"+u.id.out))
s.append (req.absolute_script_url ("/admin/role/" + u.id.out))
s.append ("%">")
s.append (u.name)
s.append ("</a>")

141
modules/admin/handler/role/cms_role_form_response.e
View File

@@ -7,12 +7,10 @@ class
CMS_ROLE_FORM_RESPONSE
inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
initialize
end
create
@@ -64,9 +62,9 @@ feature -- Process
if uid > 0 and then attached user_api.user_role_by_id (uid.to_integer) as l_role then
fixme ("Issues with WSD_FORM_DATA.apply_to_associated_form")
-- if we have a WSF_FORM_CHECKBOK_INPUT, cheked inputs, are not preserverd in case of error.
if request.path_info.ends_with_general ("/edit") then
if location.ends_with_general ("/edit") then
edit_form (l_role)
elseif request.path_info.ends_with_general ("/delete") then
elseif location.ends_with_general ("/delete") then
delete_form (l_role)
end
else
@@ -83,7 +81,7 @@ feature -- Process Edit
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_edit_form (a_role, url (request.path_info, Void), "edit-user")
f := new_edit_form (a_role, url (request.percent_encoded_path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent edit_form_validate(?,a_role, b))
@@ -116,7 +114,7 @@ feature -- Process Delete
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_delete_form (a_role, url (request.path_info, Void), "edit-user")
f := new_delete_form (a_role, url (request.percent_encoded_path_info, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -148,7 +146,7 @@ feature -- Process New
l_role: detachable CMS_USER_ROLE
do
create b.make_empty
f := new_edit_form (l_role, url (request.path_info, Void), "create-role")
f := new_edit_form (l_role, url (request.percent_encoded_path_info, Void), "create-role")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent new_form_validate(?, b))
@@ -177,9 +175,6 @@ feature -- Form
local
l_save_role: BOOLEAN
l_update_role: BOOLEAN
l_role: detachable CMS_USER_ROLE
s: STRING
lnk: CMS_LINK
do
l_save_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Create role")
if l_save_role then
@@ -195,24 +190,25 @@ feature -- Form
end
end
create_role (fd)
end
l_update_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Update role")
if l_update_role then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
else
l_update_role := attached {WSF_STRING} fd.item ("op") as l_op and then l_op.same_string ("Update role")
if l_update_role then
debug ("cms")
across
fd as c
loop
b.append ("<li>" + html_encoded (c.key) + "=")
if attached c.item as v then
b.append (html_encoded (v.string_representation))
end
b.append ("</li>")
end
b.append ("</li>")
end
end
if attached a_role as u_role then
update_role (fd, u_role)
else
fd.report_error ("Missing Role")
if a_role /= Void then
update_role (fd, a_role)
else
fd.report_error ("Missing Role")
end
end
end
end
@@ -233,19 +229,18 @@ feature -- Form
fd.report_invalid_field ("role", "missing role")
end
end
if attached {WSF_TABLE} fd.item ("cms_perm[]") as l_perm then
if attached {WSF_TABLE} fd.item ("new_cms_permissions[]") as l_perm then
a_role.permissions.compare_objects
from
l_perm.values.start
until
l_perm.values.after
across
l_perm.values as ic
loop
if attached {WSF_STRING} l_perm.value (l_perm.values.key_for_iteration) as l_value then
if a_role.permissions.has (l_value.value) then
fd.report_invalid_field ("cms_perm[]", "Permission " + l_value.value + " already taken!")
if attached {WSF_STRING} ic.item as p then
if not p.value.is_valid_as_string_8 then
fd.report_invalid_field ("new_cms_permissions[]", "Permission " + p.value + " should not have any unicode character!")
elseif across a_role.permissions as p_ic some p_ic.item.is_case_insensitive_equal_general (p.value) end then
fd.report_invalid_field ("new_cms_permissions[]", "Permission " + p.value + " already exists!")
end
end
l_perm.values.forth
end
end
end
@@ -286,7 +281,7 @@ feature -- Form
end
new_delete_form (a_role: detachable CMS_USER_ROLE; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for node `a_user' (if set), using form action url `a_url'.
-- Create a web form named `a_name' for role `a_role' (if set), using form action url `a_url'.
local
f: CMS_FORM
ts: WSF_FORM_SUBMIT_INPUT
@@ -317,11 +312,12 @@ feature -- Form
-- and apply this to content type `a_content_type'.
local
ti: WSF_FORM_TEXT_INPUT
fe: WSF_FORM_EMAIL_INPUT
-- fe: WSF_FORM_EMAIL_INPUT
fs: WSF_FORM_FIELD_SET
cb: WSF_FORM_CHECKBOX_INPUT
ts: WSF_FORM_SUBMIT_INPUT
tb: WSF_FORM_BUTTON_INPUT
-- tb: WSF_FORM_BUTTON_INPUT
l_role_permissions: detachable LIST [READABLE_STRING_8]
do
if attached a_role as l_role then
create fs.make
@@ -338,15 +334,19 @@ feature -- Form
create fs.make
fs.set_legend ("Permissions")
if not l_role.permissions.is_empty then
across l_role.permissions as ic loop
if
attached api.user_api.role_permissions as l_permissions
then
l_role_permissions := l_role.permissions
l_role_permissions.compare_objects
across l_permissions as ic loop
create cb.make_with_value ("cms_permissions", ic.item)
cb.set_checked (True)
cb.set_label (ic.item)
cb.set_checked (l_role_permissions.has (ic.item))
cb.set_title (ic.item)
fs.extend (cb)
end
end
create ti.make ("cms_perm[]")
create ti.make ("new_cms_permissions[]")
fs.extend (ti)
fs.extend_html_text ("<div class=%"input_fields_wrap%"></div>")
fs.extend_html_text ("<button class=%"add_field_button%">Add More Permissions</button>")
@@ -379,7 +379,7 @@ feature -- Form
update_role (a_form_data: WSF_FORM_DATA; a_role: CMS_USER_ROLE)
-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
local
l_permissions: LIST [READABLE_STRING_8]
l_perm: READABLE_STRING_8
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Update role") then
@@ -388,45 +388,47 @@ feature -- Form
attached a_form_data.string_item ("role-id") as l_role_id
and then attached {CMS_USER_ROLE} api.user_api.user_role_by_id (l_role_id.to_integer) as l_role
then
l_permissions := a_role.permissions
l_permissions.compare_objects
if attached {WSF_STRING} a_form_data.item ("cms_permissions") as u_role then
a_role.permissions.wipe_out
a_role.add_permission (u_role.value)
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_permissions") as u_permissions then
a_role.permissions.wipe_out
-- Enable checked permissions.
across
u_permissions as ic
loop
if not l_permissions.has (ic.item.value) then
a_role.remove_permission (ic.item.value)
l_perm := ic.item.value.as_string_8
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
end
end
else
a_role.permissions.wipe_out
end
if attached {WSF_TABLE} a_form_data.item ("cms_perm[]") as l_perm then
a_role.permissions.compare_objects
from
l_perm.values.start
until
l_perm.values.after
if attached {WSF_TABLE} a_form_data.item ("new_cms_permissions[]") as l_cms_perms then
-- Add new permissions as checked.
across
l_cms_perms.values as ic
loop
if
attached {WSF_STRING} l_perm.value (l_perm.values.key_for_iteration) as l_value and then
not l_value.value.is_whitespace
then
a_role.add_permission (l_value.value)
if attached {WSF_STRING} ic.item as p then
l_perm := p.value.as_string_8
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
end
end
l_perm.values.forth
end
end
if not a_form_data.has_error then
a_role.set_name (l_role_name)
api.user_api.save_user_role (a_role)
add_success_message ("Permissions updated")
if not api.user_api.has_error then
add_success_message ("Permissions updated")
set_redirection (absolute_url ("admin/role/" + a_role.id.out, Void))
else
add_error_message ("Error during permissions update operation.")
end
end
else
a_form_data.report_error ("Missing Role")
end
@@ -457,17 +459,6 @@ feature -- Form
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across
l_variables as c
loop
page.register_variable (c.item, c.key)
end
end
end
script_add_remove_items: STRING = "[
$(document).ready(function() {
var wrapper = $(".input_fields_wrap"); //Fields wrapper
@@ -475,7 +466,7 @@ feature -- Generation
$(add_button).click(function(e){ //on add input button click
e.preventDefault();
$(wrapper).append('<div><input type="text" name="cms_perm[]"/><a href="#" class="remove_field">Remove</a></div>'); //add input box
$(wrapper).append('<div><input type="text" name="new_cms_permissions[]"/><a href="#" class="remove_field">Remove</a></div>'); //add input box
});
$(wrapper).on("click",".remove_field", function(e){ //user click on remove text

22
modules/admin/handler/role/cms_role_handler.e
View File

@@ -85,12 +85,12 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/admin/role/") end
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/role/") end
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/admin/role/") end
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/role/") end
create edit_response.make (req, res, api)
edit_response.execute
else
@@ -123,17 +123,17 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/add/role") then
elseif req.percent_encoded_path_info.ends_with_general ("/add/role") then
create edit_response.make (req, res, api)
edit_response.execute
end
@@ -150,14 +150,14 @@ feature -- Error
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_value ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_value ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
@@ -192,7 +192,7 @@ feature {NONE} -- New User
local
edit_response: CMS_ROLE_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/admin/add/role") then
if req.percent_encoded_path_info.starts_with_general ("/admin/add/role") then
create edit_response.make (req, res, api)
edit_response.execute
else

2
modules/admin/handler/role/cms_role_view_response.e
View File

@@ -72,7 +72,7 @@ feature -- Execution
lnk: CMS_LOCAL_LINK
s: STRING
do
a_response.add_variable (a_role, "role")
a_response.set_value (a_role, "role")
create lnk.make (a_response.translation ("View", Void), "admin/role/" + a_role.id.out)
lnk.set_is_active (True)
lnk.set_weight (1)

101
modules/admin/handler/user/cms_user_form_response.e
View File

@@ -11,8 +11,7 @@ inherit
CMS_RESPONSE
redefine
make,
initialize,
custom_prepare
initialize
end
create
@@ -66,10 +65,10 @@ feature -- Process
attached user_api.user_by_id (uid) as l_user
then
if
request.path_info.ends_with_general ("/edit")
location.ends_with_general ("/edit")
then
edit_form (l_user)
elseif request.path_info.ends_with_general ("/delete") then
elseif location.ends_with_general ("/delete") then
delete_form (l_user)
end
else
@@ -86,7 +85,7 @@ feature -- Process Edit
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_edit_form (a_user, url (request.path_info, Void), "edit-user")
f := new_edit_form (a_user, url (location, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.submit_actions.extend (agent edit_form_submit (?, a_user, b))
@@ -118,7 +117,7 @@ feature -- Process Delete
fd: detachable WSF_FORM_DATA
do
create b.make_empty
f := new_delete_form (a_user, url (request.path_info, Void), "edit-user")
f := new_delete_form (a_user, url (location, Void), "edit-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -151,7 +150,7 @@ feature -- Process New
l_user: detachable CMS_USER
do
create b.make_empty
f := new_edit_form (l_user, url (request.path_info, Void), "create-user")
f := new_edit_form (l_user, url (location, Void), "create-user")
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent new_form_validate (?, b))
@@ -202,7 +201,7 @@ feature -- Form
if a_user /= Void then
l_user := a_user
if l_user.has_id then
create {CMS_LOCAL_LINK}lnk.make (translation ("View", Void),"admin/user/" + l_user.id.out )
create {CMS_LOCAL_LINK} lnk.make (translation ("View", Void),"admin/user/" + l_user.id.out )
change_user (fd, a_user)
s := "modified"
set_redirection (lnk.location)
@@ -248,7 +247,7 @@ feature -- Form
end
new_edit_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
new_edit_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING): CMS_FORM
-- Create a web form named `a_name' for uSER `a_YSER' (if set), using form action url `a_url'.
local
f: CMS_FORM
@@ -279,25 +278,25 @@ feature -- Form
end
else
fd.report_invalid_field ("username", "missing username")
end
if attached fd.string_item ("email") as l_email then
if attached api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end
if attached fd.string_item ("email") as l_email then
if attached api.user_api.user_by_email (l_email) then
fd.report_invalid_field ("email", "Email address already associated with an existing account!")
end
else
fd.report_invalid_field ("email", "missing email address")
end
elseif f_op.is_case_insensitive_equal_general ("Update user") then
if attached fd.string_item ("username") as l_username then
if api.user_api.user_by_name (l_username) = Void then
fd.report_invalid_field ("username", "Username does not exist!")
end
else
fd.report_invalid_field ("username", "missing username")
end
end
end
end
new_delete_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING;): CMS_FORM
-- Create a web form named `a_name' for node `a_user' (if set), using form action url `a_url'.
@@ -342,13 +341,14 @@ feature -- Form
fs: WSF_FORM_FIELD_SET
cb: WSF_FORM_CHECKBOX_INPUT
ts: WSF_FORM_SUBMIT_INPUT
l_user_roles: detachable LIST [CMS_USER_ROLE]
do
if attached a_user as l_user then
if a_user /= Void then
create fs.make
fs.set_legend ("Basic User Account Information")
fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
fs.extend_html_text (l_user.name)
if attached l_user.email as l_email then
fs.extend_html_text (a_user.name)
if attached a_user.email as l_email then
create fe.make_with_text ("email", l_email)
else
create fe.make_with_text ("email", "")
@@ -367,30 +367,18 @@ feature -- Form
create fs.make
fs.set_legend ("User Roles")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (l_user) as u_roles and then
not u_roles.is_empty
then
u_roles.compare_objects
across api.user_api.roles as ic loop
if u_roles.has (ic.item) then
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_checked (True)
cb.set_label (ic.item.name)
fs.extend (cb)
else
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
end
else
across api.user_api.roles as ic loop
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_label (ic.item.name)
fs.extend (cb)
end
l_user_roles := api.user_api.user_roles (a_user)
if l_user_roles.is_empty then
l_user_roles := Void
end
across api.user_api.effective_roles as ic loop
create cb.make_with_value ("cms_roles", ic.item.id.out)
cb.set_checked (l_user_roles /= Void and then across l_user_roles as r_ic some r_ic.item.same_user_role (ic.item) end)
cb.set_title (ic.item.name)
fs.extend (cb)
end
a_form.extend (fs)
create ts.make ("op")
ts.set_default_value ("Update user role")
@@ -512,13 +500,6 @@ feature -- Form
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
new_random_password (u: CMS_USER): STRING
-- Generate a new token activation token
local

22
modules/admin/handler/user/cms_user_handler.e
View File

@@ -85,12 +85,12 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/admin/user/") end
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
create edit_response.make (req, res, api)
edit_response.execute
else
@@ -123,17 +123,17 @@ feature -- HTTP Methods
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if req.path_info.ends_with_general ("/edit") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/add/user") then
elseif req.percent_encoded_path_info.ends_with_general ("/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
end
@@ -150,14 +150,14 @@ feature -- Error
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_value ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_value ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
@@ -192,7 +192,7 @@ feature {NONE} -- New User
local
edit_response: CMS_USER_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/admin/add/user") then
if req.percent_encoded_path_info.starts_with ("/admin/add/user") then
create edit_response.make (req, res, api)
edit_response.execute
else

35
modules/admin/handler/user/cms_user_view_response.e
View File

@@ -66,18 +66,19 @@ feature -- Execution
end
end
append_html_to_output (a_user: CMS_USER; a_response: CMS_RESPONSE )
append_html_to_output (a_user: CMS_USER; a_response: CMS_RESPONSE)
local
lnk: CMS_LOCAL_LINK
s: STRING
l_role: CMS_USER_ROLE
do
a_response.add_variable (a_user, "user")
a_response.set_value (a_user, "user")
create lnk.make (a_response.translation ("View", Void), "admin/user/" + a_user.id.out)
lnk.set_is_active (True)
lnk.set_weight (1)
a_response.add_to_primary_tabs (lnk)
create lnk.make (a_response.translation ("Edit", Void), "admin/user/" + a_user.id.out + "/edit")
lnk.set_permission_arguments (<<"manage admin", "manage users", "manage own user">>)
lnk.set_weight (2)
a_response.add_to_primary_tabs (lnk)
@@ -87,32 +88,38 @@ feature -- Execution
a_response.add_to_primary_tabs (lnk)
end
-- FIXME: [04/aug/2015] use a CMS_FORM rather than hardcoded html.
-- So that other module may easily integrate them-selves to add information.
create s.make_empty
s.append ("<div class=%"info%"> ")
s.append ("<h4>Account Information</h4>")
s.append ("<p>UserName:")
s.append ("<p>Username: ")
s.append (a_user.name)
s.append ("</p>")
if attached a_user.email as l_email then
s.append ("<p>Email:")
s.append ("<p>Email: ")
s.append (l_email)
s.append ("</p>")
end
s.append ("<h4>User Role:</h4>")
if attached {LIST[CMS_USER_ROLE]} api.user_api.user_roles (a_user) as l_roles and then
not l_roles.is_empty
if
attached {LIST [CMS_USER_ROLE]} api.user_api.user_roles (a_user) as l_roles and then
not l_roles.is_empty
then
s.append ("<h4>Role(s):</h4>")
across l_roles as ic loop
l_role := ic.item
s.append ("<i>")
s.append (ic.item.name)
s.append (link (l_role.name, "admin/role/" + l_role.id.out, Void))
s.append ("</i>")
s.append ("<h5>Permissions:</h5>")
s.append ("<ul class=%"cms-permissions%">%N")
across ic.item.permissions as c loop
s.append ("<li class=%"cms-permission%">"+ c.item + "</li>%N")
debug
s.append ("<h5>Permissions:</h5>")
s.append ("<ul class=%"cms-permissions%">%N")
across l_role.permissions as perms_ic loop
s.append ("<li class=%"cms-permission%">" + perms_ic.item + "</li>%N")
end
s.append ("</ul>%N")
end
s.append ("</ul>%N")
end
end

9
modules/auth/cms_authentication_module.e
View File

@@ -111,8 +111,11 @@ feature -- Hooks configuration
local
lnk: CMS_LOCAL_LINK
do
if attached a_response.current_user (a_response.request) as u then
create lnk.make (u.name + " (Logout)", "account/roc-logout" )
if attached a_response.user as u then
create lnk.make (u.name, "account" )
lnk.set_weight (97)
a_menu_system.primary_menu.extend (lnk)
create lnk.make ("Logout", "account/roc-logout")
lnk.set_weight (98)
a_menu_system.primary_menu.extend (lnk)
else
@@ -398,7 +401,7 @@ feature -- Handler
l_user_api := api.user_api
if req.is_post_request_method then
if attached current_user (req) as l_user then
if attached r.user as l_user then
r.set_value (api.user_api.user_roles (l_user), "roles")
if
attached {WSF_STRING} req.form_parameter ("password") as l_password and then

8
modules/basic_auth/cms_basic_auth_module.e
View File

@@ -114,7 +114,7 @@ feature -- Hooks
value_table_alter (a_value: CMS_VALUE_TABLE; a_response: CMS_RESPONSE)
-- <Precursor>
do
if attached current_user (a_response.request) as l_user then
if a_response.is_authenticated then
a_value.force ("basic_auth_logoff", "auth_login_strategy")
end
end
@@ -126,13 +126,13 @@ feature -- Hooks
lnk: CMS_LOCAL_LINK
lnk2: detachable CMS_LINK
do
if attached a_response.current_user (a_response.request) as u then
if attached a_response.user as u then
across
a_menu_system.primary_menu.items as ic
until
lnk2 /= Void
loop
if ic.item.title.has_substring ("(Logout)") then
if ic.item.location.same_string ("account/roc-logout") then
lnk2 := ic.item
end
end
@@ -141,7 +141,7 @@ feature -- Hooks
a_menu_system.primary_menu.remove (lnk2)
end
create lnk.make (u.name + " (Logout)", "basic_auth_logoff" )
create lnk.make ("Logout", "basic_auth_logoff")
lnk.set_weight (98)
a_menu_system.primary_menu.extend (lnk)
else

34
modules/node/cms_node_module.e
View File

@@ -1,5 +1,5 @@
note
description: "CMS module that bring support for NODE management."
description: "CMS module bringing support for NODE management."
date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
revision: "$Revision: 96616 $"
@@ -7,14 +7,14 @@ class
CMS_NODE_MODULE
inherit
CMS_MODULE
redefine
register_hooks,
initialize,
is_installed,
install,
module_api
module_api,
permissions
end
CMS_HOOK_MENU_SYSTEM_ALTER
@@ -136,6 +136,34 @@ feature {CMS_API} -- Access: API
node_api: detachable CMS_NODE_API
-- <Precursor>
feature -- Access
permissions: LIST [READABLE_STRING_8]
-- <Precursor>.
do
Result := Precursor
Result.force ("create any")
Result.force ("view any")
Result.force ("edit any")
Result.force ("delete any")
Result.force ("view own")
Result.force ("edit own")
Result.force ("delete own")
if attached node_api as l_node_api then
across
l_node_api.content_types as ic
loop
Result.force ("create " + ic.item.name)
Result.force ("view " + ic.item.name)
Result.force ("edit " + ic.item.name)
Result.force ("delete " + ic.item.name)
Result.force ("view own " + ic.item.name)
Result.force ("edit own " + ic.item.name)
Result.force ("delete own " + ic.item.name)
end
end
end
feature -- Access: router
setup_router (a_router: WSF_ROUTER; a_api: CMS_API)

2
modules/node/handler/cms_node_type_webform_manager.e
View File

@@ -264,7 +264,7 @@ feature -- Output
do
node_api := a_response.node_api
a_response.add_variable (a_node, "node")
a_response.set_value (a_node, "node")
-- Show tabs only if a user is authenticated.
if attached a_response.user as l_user then

22
modules/node/handler/node_form_response.e
View File

@@ -50,10 +50,10 @@ feature -- Execution
if attached node_api.node_type_for (l_node) as l_type then
fixme ("refactor: process_edit, process_create process edit")
if
request.path_info.ends_with_general ("/edit") and then
node_api.has_permission_for_action_on_node ("edit", l_node, current_user (request))
location.ends_with_general ("/edit") and then
node_api.has_permission_for_action_on_node ("edit", l_node, user)
then
f := new_edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
f := new_edit_form (l_node, url (location, Void), "edit-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent edit_form_validate (?, b))
@@ -76,10 +76,10 @@ feature -- Execution
f.append_to_html (wsf_theme, b)
end
elseif
request.path_info.ends_with_general ("/delete") and then
node_api.has_permission_for_action_on_node ("delete", l_node, current_user (request))
location.ends_with_general ("/delete") and then
node_api.has_permission_for_action_on_node ("delete", l_node, user)
then
f := new_delete_form (l_node, url (request.path_info, Void), "delete-" + l_type.name, l_type)
f := new_delete_form (l_node, url (location, Void), "delete-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -100,10 +100,10 @@ feature -- Execution
f.append_to_html (wsf_theme, b)
end
elseif
request.path_info.ends_with_general ("/trash") and then
node_api.has_permission_for_action_on_node ("trash", l_node, current_user (request))
location.ends_with_general ("/trash") and then
node_api.has_permission_for_action_on_node ("trash", l_node, user)
then
f := new_trash_form (l_node, url (request.path_info, Void), "trash-" + l_type.name, l_type)
f := new_trash_form (l_node, url (location, Void), "trash-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.process (Current)
@@ -136,7 +136,7 @@ feature -- Execution
then
if has_permissions (<<"create any", "create " + l_type.name>>) then
if attached l_type.new_node (Void) as l_node then
f := new_edit_form (l_node, url (request.path_info, Void), "edit-" + l_type.name, l_type)
f := new_edit_form (l_node, url (location, Void), "edit-" + l_type.name, l_type)
invoke_form_alter (f, fd)
if request.is_post_request_method then
f.validation_actions.extend (agent edit_form_validate (?, b))
@@ -253,7 +253,7 @@ feature -- Form
fixme ("for now, publishing is not implemented, so let's assume any node saved is published.") -- FIXME
l_node.mark_published
node_api.save_node (l_node)
if attached current_user (request) as u then
if attached user as u then
api.log ("node",
"User %"" + user_html_link (u) + "%" " + s + " node " + node_html_link (l_node, a_type.name + " #" + l_node.id.out),
0, node_local_link (l_node, Void)

28
modules/node/handler/node_handler.e
View File

@@ -85,16 +85,16 @@ feature -- HTTP Methods
edit_response: NODE_FORM_RESPONSE
view_response: NODE_VIEW_RESPONSE
do
if req.path_info.ends_with_general ("/edit") then
check valid_url: req.path_info.starts_with_general ("/node/") end
if req.percent_encoded_path_info.ends_with ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with ("/node/") end
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
check valid_url: req.path_info.starts_with_general ("/node/") end
elseif req.percent_encoded_path_info.ends_with ("/delete") then
check valid_url: req.percent_encoded_path_info.starts_with ("/node/") end
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.path_info.ends_with_general ("/trash") then
check valid_url: req.path_info.starts_with_general ("/node/") end
elseif req.percent_encoded_path_info.ends_with ("/trash") then
check valid_url: req.percent_encoded_path_info.starts_with ("/node/") end
create edit_response.make (req, res, api, node_api)
edit_response.execute
else
@@ -125,17 +125,17 @@ feature -- HTTP Methods
edit_response: NODE_FORM_RESPONSE
do
fixme ("Refactor code: extract methods: edit_node and add_node")
if req.path_info.ends_with_general ("/edit") then
if req.percent_encoded_path_info.ends_with ("/edit") then
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.path_info.ends_with_general ("/delete") then
elseif req.percent_encoded_path_info.ends_with ("/delete") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Delete")
then
do_delete (req, res)
end
elseif req.path_info.ends_with_general ("/trash") then
elseif req.percent_encoded_path_info.ends_with ("/trash") then
if
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
l_op.value.same_string ("Trash")
@@ -147,7 +147,7 @@ feature -- HTTP Methods
then
do_restore (req, res)
end
elseif req.path_info.starts_with_general ("/node/add/") then
elseif req.percent_encoded_path_info.starts_with ("/node/add/") then
create edit_response.make (req, res, api, node_api)
edit_response.execute
else
@@ -260,14 +260,14 @@ feature -- Error
l_page: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
l_page.add_variable (req.absolute_script_url (req.path_info), "request")
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
if a_id /= Void and then a_id.is_integer then
-- resource not found
l_page.add_variable ("404", "code")
l_page.set_value ("404", "code")
l_page.set_status_code (404)
else
-- bad request
l_page.add_variable ("400", "code")
l_page.set_value ("400", "code")
l_page.set_status_code (400)
end
l_page.execute
@@ -279,7 +279,7 @@ feature {NONE} -- Node
local
edit_response: NODE_FORM_RESPONSE
do
if req.path_info.starts_with_general ("/node/") then
if req.percent_encoded_path_info.starts_with_general ("/node/") then
create edit_response.make (req, res, api, node_api)
edit_response.execute
elseif req.is_get_request_method then

11
modules/node/handler/node_response.e
View File

@@ -10,8 +10,6 @@ inherit
CMS_RESPONSE
rename
make as make_response
redefine
custom_prepare
end
feature {NONE} -- Initialization
@@ -27,15 +25,6 @@ feature -- Access
node_api: CMS_NODE_API
-- Associated node API.
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
feature -- Helpers
node_id_path_parameter (req: WSF_REQUEST): INTEGER_64

19
modules/oauth20/cms_oauth_20_module.e
View File

@@ -202,7 +202,7 @@ feature -- Hooks
-- <Precursor>
do
if
attached a_response.current_user (a_response.request) as u and then
attached a_response.user as u and then
attached {WSF_STRING} a_response.request.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session)
then
a_value.force ("account/roc-oauth-logout", "auth_login_strategy")
@@ -217,7 +217,7 @@ feature -- Hooks
lnk2: detachable CMS_LINK
do
if
attached a_response.current_user (a_response.request) as u and then
attached a_response.user as u and then
attached {WSF_STRING} a_response.request.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session) as l_roc_auth_session_token
then
across
@@ -225,14 +225,14 @@ feature -- Hooks
until
lnk2 /= Void
loop
if ic.item.title.has_substring ("(Logout)") then
if ic.item.location.same_string ("account/roc-logout") then
lnk2 := ic.item
end
end
if lnk2 /= Void then
a_menu_system.primary_menu.remove (lnk2)
end
create lnk.make (u.name + " (Logout)", "account/roc-oauth-logout" )
create lnk.make ("Logout", "account/roc-oauth-logout" )
a_menu_system.primary_menu.extend (lnk)
else
if a_response.location.starts_with ("account/") then
@@ -307,10 +307,13 @@ feature -- Hooks
l_cookie.set_max_age (-1)
res.add_cookie (l_cookie)
unset_current_user (req)
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_status_code ({HTTP_CONSTANTS}.found)
r.set_redirection (req.absolute_script_url (""))
r.execute
else
fixme (generator + ": missing else implementation in handle_logout!")
end
end
@@ -322,8 +325,8 @@ feature {NONE} -- Associate
l_not_associated: LIST [STRING]
do
if attached user_oauth_api as l_oauth_api then
create {ARRAYED_LIST [STRING]}l_associated.make (1)
create {ARRAYED_LIST [STRING]}l_not_associated.make (1)
create {ARRAYED_LIST [STRING]} l_associated.make (1)
create {ARRAYED_LIST [STRING]} l_not_associated.make (1)
across l_oauth_api.oauth2_consumers as ic loop
if attached l_oauth_api.user_oauth2_by_id (a_user.id, ic.item) then
l_associated.force (ic.item)
@@ -506,7 +509,7 @@ feature -- OAuth2 Login with Provider
if
attached {WSF_STRING} req.form_parameter ("consumer") as l_consumer and then
attached {WSF_STRING} req.form_parameter ("email") as l_email and then
attached current_user (req) as l_user
attached r.user as l_user
then
l_user.set_email (l_email.value)
a_oauth_api.new_user_oauth2 ("none", "none", l_user, l_consumer.value )
@@ -526,7 +529,7 @@ feature -- OAuth2 Login with Provider
if req.is_post_request_method then
if
attached {WSF_STRING} req.form_parameter ("consumer") as l_consumer and then
attached current_user (req) as l_user
attached r.user as l_user
then
a_oauth_api.remove_user_oauth2 (l_user, l_consumer.value)
-- TODO send email?

10
modules/openid/cms_openid_module.e
View File

@@ -180,7 +180,7 @@ feature -- Hooks
-- <Precursor>
do
if
attached a_response.current_user (a_response.request) as u and then
attached a_response.user as u and then
attached {WSF_STRING} a_response.request.cookie ({CMS_OPENID_CONSTANTS}.openid_session)
then
a_value.force ("account/roc-openid-logout", "auth_login_strategy")
@@ -195,7 +195,7 @@ feature -- Hooks
lnk2: detachable CMS_LINK
do
if
attached a_response.current_user (a_response.request) as u and then
attached a_response.user as u and then
attached {WSF_STRING} a_response.request.cookie ({CMS_OPENID_CONSTANTS}.openid_session) as l_roc_auth_session_token
then
across
@@ -203,14 +203,14 @@ feature -- Hooks
until
lnk2 /= Void
loop
if ic.item.title.has_substring ("(Logout)") then
if ic.item.location.same_string ("account/roc-logout") then
lnk2 := ic.item
end
end
if lnk2 /= Void then
a_menu_system.primary_menu.remove (lnk2)
end
create lnk.make (u.name + " (Logout)", "account/roc-openid-logout" )
create lnk.make ("Logout", "account/roc-openid-logout" )
a_menu_system.primary_menu.extend (lnk)
else
if a_response.location.starts_with ("account/") then
@@ -296,6 +296,8 @@ feature -- Hooks
r.set_status_code ({HTTP_CONSTANTS}.found)
r.set_redirection (req.absolute_script_url (""))
r.execute
else
-- FIXME: missing implementation!
end
end

7
src/persistence/user/cms_user_storage_i.e
View File

@@ -171,6 +171,13 @@ feature -- Access: roles and permissions
deferred
end
role_permissions: LIST [READABLE_STRING_8]
-- Possible known role permissions.
deferred
ensure
object_comparison: Result.object_comparison
end
feature -- Change: roles and permissions
save_user_role (a_user_role: CMS_USER_ROLE)

6
src/persistence/user/cms_user_storage_null.e
View File

@@ -99,6 +99,12 @@ feature -- Access: roles and permissions
create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (0)
end
role_permissions: LIST [READABLE_STRING_8]
-- Possible known permissions.
do
create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0)
end
feature -- Change: roles and permissions
save_user_role (a_user_role: CMS_USER_ROLE)

37
src/persistence/user/cms_user_storage_sql_i.e
View File

@@ -503,6 +503,27 @@ feature -- Access: roles and permissions
end
end
role_permissions: LIST [READABLE_STRING_8]
-- Possible known permissions.
do
error_handler.reset
write_information_log (generator + ".role_permissions")
create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0)
Result.compare_objects
from
sql_query (select_role_permissions, Void)
sql_start
until
sql_after
loop
if attached sql_read_string (1) as l_permission then
Result.force (l_permission)
end
sql_forth
end
end
feature -- Change: roles and permissions
save_user_role (a_user_role: CMS_USER_ROLE)
@@ -553,18 +574,7 @@ feature -- Change: roles and permissions
a_user_role.permissions as ic
loop
p := ic.item
from
l_found := False
l_permissions.start
until
l_found or l_permissions.after
loop
if p.is_case_insensitive_equal (l_permissions.item) then
l_found := True
else
l_permissions.forth
end
end
l_found := across l_permissions as p_ic some p.is_case_insensitive_equal_general (p_ic.item) end
if l_found then
-- Already there, skip
else
@@ -915,6 +925,9 @@ feature {NONE} -- Sql Queries: USER ROLE
select_role_permissions_by_role_id: STRING = "SELECT permission, module FROM role_permissions WHERE rid=:rid;"
-- User role permissions for role id :rid;
select_role_permissions: STRING = "SELECT DISTINCT permission FROM role_permissions;"
-- Used user role permissions
sql_delete_role_permissions_by_role_id: STRING = "DELETE FROM role_permissions WHERE rid=:rid;"
sql_delete_role_by_id: STRING = "DELETE FROM roles WHERE rid=:rid;"

8
src/service/cms_module.e
View File

@@ -32,6 +32,14 @@ feature -- Access
dependencies: detachable LIST [TYPE [CMS_MODULE]]
-- Optional dependencies.
permissions: LIST [READABLE_STRING_8]
-- List of permission ids, used by this module, and declared.
require
is_initialized: is_initialized
do
create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0)
end
feature {CMS_API} -- Module Initialization
initialize (api: CMS_API)

4
src/service/misc/cms_request_util.e
View File

@@ -25,6 +25,7 @@ feature -- User
current_user (req: WSF_REQUEST): detachable CMS_USER
-- Current user or Void in case of Guest user.
-- note: if a CMS_RESPONSE is available, always prefer {CMS_RESPONSE}.user if relevant.
note
EIS: "eiffel:?class=AUTHENTICATION_FILTER&feature=execute"
do
@@ -70,4 +71,7 @@ feature -- Media Type
end
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

135
src/service/response/cms_response.e
View File

@@ -194,9 +194,14 @@ feature -- Access: CMS
values: CMS_VALUE_TABLE
-- Associated values indexed by string name.
feature -- User access
is_authenticated: BOOLEAN
-- Is user authenticated?
do
Result := user /= Void
end
user: detachable CMS_USER
do
Result := current_user (request)
@@ -204,16 +209,28 @@ feature -- User access
feature -- Permission
has_permission_on_link (a_link: CMS_LINK): BOOLEAN
-- Does current user has permission to access link `a_link'?
do
Result := True
if
attached {CMS_LOCAL_LINK} a_link as lnk and then
attached lnk.permission_arguments as l_perms
then
Result := has_permissions (l_perms)
end
end
has_permission (a_permission: READABLE_STRING_GENERAL): BOOLEAN
-- Does current user has permission `a_permission' ?
do
Result := user_has_permission (current_user (request), a_permission)
Result := user_has_permission (user, a_permission)
end
has_permissions (a_permission_list: ITERABLE [READABLE_STRING_GENERAL]): BOOLEAN
-- Does current user has any of the permissions `a_permission_list' ?
do
Result := user_has_permissions (current_user (request), a_permission_list)
Result := user_has_permissions (user, a_permission_list)
end
user_has_permission (a_user: detachable CMS_USER; a_permission: READABLE_STRING_GENERAL): BOOLEAN
@@ -296,6 +313,12 @@ feature -- Element change
main_content := s
end
add_variable (a_element: ANY; a_key:READABLE_STRING_32)
obsolete "Use `set_value' [Aug/2015]"
do
set_value (a_element, a_key)
end
set_value (v: detachable ANY; k: READABLE_STRING_GENERAL)
-- Set value `v' associated with name `k'.
do
@@ -859,15 +882,16 @@ feature -- Generation
prepare (page: CMS_HTML_PAGE)
local
lnk: CMS_LINK
l_menu_list_prepared: ARRAYED_LIST [CMS_LINK_COMPOSITE]
do
-- Menu
create {CMS_LOCAL_LINK} lnk.make ("Home", "")
lnk.set_weight (-10)
add_to_primary_menu (lnk)
invoke_menu_system_alter (menu_system)
prepare_menu_system (menu_system)
-- Blocks
create l_menu_list_prepared.make (0)
get_blocks
across
regions as reg_ic
@@ -876,11 +900,23 @@ feature -- Generation
reg_ic.item.blocks as ic
loop
if attached {CMS_MENU_BLOCK} ic.item as l_menu_block then
recursive_get_active (l_menu_block.menu, request)
l_menu_list_prepared.force (l_menu_block.menu)
prepare_links (l_menu_block.menu)
end
end
end
-- Prepare menu not in a block.
across
menu_system as ic
loop
if not l_menu_list_prepared.has (ic.item) then
l_menu_list_prepared.force (ic.item)
prepare_links (ic.item)
end
end
l_menu_list_prepared.wipe_out -- Clear for memory purpose.
-- Sort items
across menu_system as ic loop
ic.item.sort
@@ -951,7 +987,7 @@ feature -- Generation
page.set_title (title)
debug ("cms")
if title = Void then
page.set_title ("CMS::" + request.path_info) --| FIXME: probably, should be removed and handled by theme.
page.set_title ({STRING_32} "CMS::" + request.path_info) --| FIXME: probably, should be removed and handled by theme.
end
end
@@ -988,54 +1024,19 @@ feature -- Generation
do
end
prepare_menu_system (a_menu_system: CMS_MENU_SYSTEM)
do
across
a_menu_system as c
loop
prepare_links (c.item)
end
end
prepare_links (a_menu: CMS_LINK_COMPOSITE)
local
to_remove: ARRAYED_LIST [CMS_LINK]
do
create to_remove.make (0)
across
a_menu as c
loop
if attached {CMS_LOCAL_LINK} c.item as lm then
-- if attached lm.permission_arguments as perms and then not has_permissions (perms) then
-- to_remove.force (lm)
-- else
-- if lm.permission_arguments is Void , this is permitted
get_local_link_active_status (lm)
if attached {CMS_LINK_COMPOSITE} lm as comp then
prepare_links (comp)
end
-- end
elseif attached {CMS_LINK_COMPOSITE} c.item as comp then
prepare_links (comp)
end
end
across
to_remove as c
loop
a_menu.remove (c.item)
end
end
recursive_get_active (a_comp: CMS_LINK_COMPOSITE; req: WSF_REQUEST)
prepare_links (a_comp: CMS_LINK_COMPOSITE)
-- Update the active status recursively on `a_comp'.
local
to_remove: ARRAYED_LIST [CMS_LINK]
ln: CMS_LINK
l_comp_link: detachable CMS_LOCAL_LINK
do
if attached {CMS_LOCAL_LINK} a_comp as lnk then
l_comp_link := lnk
get_local_link_active_status (lnk)
end
if attached a_comp.items as l_items then
create to_remove.make (0)
across
l_items as ic
loop
@@ -1043,15 +1044,27 @@ feature -- Generation
if attached {CMS_LOCAL_LINK} ln as l_local then
get_local_link_active_status (l_local)
end
if (ln.is_expanded or ln.is_collapsed) and then attached {CMS_LINK_COMPOSITE} ln as l_comp then
recursive_get_active (l_comp, req)
end
if l_comp_link /= Void then
if ln.is_expanded or (not ln.is_expandable and ln.is_active) then
l_comp_link.set_expanded (True)
if ln.is_forbidden then
to_remove.force (ln)
else
if
(ln.is_expanded or ln.is_collapsed) and then
attached {CMS_LINK_COMPOSITE} ln as l_comp
then
prepare_links (l_comp)
end
if l_comp_link /= Void then
if ln.is_expanded or (not ln.is_expandable and ln.is_active) then
l_comp_link.set_expanded (True)
end
end
end
end
across
to_remove as ic
loop
a_comp.remove (ic.item)
end
end
if l_comp_link /= Void and then l_comp_link.is_active then
l_comp_link.set_expanded (True)
@@ -1077,25 +1090,7 @@ feature -- Generation
l_is_active := qs.same_string (a_lnk.location)
end
a_lnk.set_is_active (l_is_active)
end
feature -- Custom Variables
variables: detachable STRING_TABLE[ANY]
-- Custom variables to feed the templates.
feature -- Element change: Add custom variables.
add_variable (a_element: ANY; a_key:READABLE_STRING_32)
local
l_variables: like variables
do
l_variables := variables
if l_variables = Void then
create l_variables.make (5)
variables := l_variables
end
l_variables.force (a_element, a_key)
a_lnk.set_is_forbidden (not has_permission_on_link (a_lnk))
end
feature -- Execution

5
src/service/response/error/bad_request_error_cms_response.e
View File

@@ -20,7 +20,7 @@ feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
page.register_variable (absolute_url (request.path_info, Void), "request")
page.register_variable (absolute_url (request.percent_encoded_path_info, Void), "request")
page.set_status_code ({HTTP_STATUS_CODE}.bad_request)
page.register_variable (page.status_code.out, "code")
end
@@ -35,4 +35,7 @@ feature -- Execution
set_main_content ("<em>Bad request.</em>")
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

5
src/service/response/error/forbidden_error_cms_response.e
View File

@@ -20,7 +20,7 @@ feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
page.register_variable (absolute_url (request.path_info, Void), "request")
page.register_variable (absolute_url (request.percent_encoded_path_info, Void), "request")
page.set_status_code ({HTTP_STATUS_CODE}.forbidden)
page.register_variable (page.status_code.out, "code")
end
@@ -34,5 +34,8 @@ feature -- Execution
set_page_title ("Forbidden")
set_main_content ("<em>Access denied for resource <strong>" + request.request_uri + "</strong>.</em>")
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

5
src/service/response/error/internal_server_error_cms_response.e
View File

@@ -20,7 +20,7 @@ feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
page.register_variable (absolute_url (request.path_info, Void), "request")
page.register_variable (absolute_url (location, Void), "request")
page.set_status_code ({HTTP_STATUS_CODE}.internal_server_error)
page.register_variable (page.status_code.out, "code")
end
@@ -34,5 +34,8 @@ feature -- Execution
set_page_title (Void)
set_main_content ("<em>Internal Server Error</em>")
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

5
src/service/response/error/not_found_error_cms_response.e
View File

@@ -20,7 +20,7 @@ feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
page.register_variable (absolute_url (request.path_info, Void), "request")
page.register_variable (absolute_url (request.percent_encoded_path_info, Void), "request")
page.set_status_code ({HTTP_STATUS_CODE}.not_found)
page.register_variable (page.status_code.out, "code")
end
@@ -34,5 +34,8 @@ feature -- Execution
set_page_title ("Not Found")
set_main_content ("<em>The requested page could not be found.</em>")
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

5
src/service/response/error/not_implemented_error_cms_response.e
View File

@@ -20,7 +20,7 @@ feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
page.register_variable (absolute_url (request.path_info, Void), "request")
page.register_variable (absolute_url (request.percent_encoded_path_info, Void), "request")
page.set_status_code ({HTTP_STATUS_CODE}.not_implemented)
page.register_variable (page.status_code.out, "code")
end
@@ -36,5 +36,8 @@ feature -- Execution
set_main_content (request.percent_encoded_path_info + " is not implemented!")
end
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

13
src/service/response/generic_view_cms_response.e
View File

@@ -7,24 +7,11 @@ class
GENERIC_VIEW_CMS_RESPONSE
inherit
CMS_RESPONSE
redefine
custom_prepare
end
create
make
feature -- Generation
custom_prepare (page: CMS_HTML_PAGE)
do
if attached variables as l_variables then
across l_variables as c loop page.register_variable (c.item, c.key) end
end
end
feature -- Execution
process

43
src/service/user/cms_user_api.e
View File

@@ -1,6 +1,5 @@
note
description: "Summary description for {CMS_USER_API}."
author: ""
description: "API providing user related features."
date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
revision: "$Revision: 96616 $"
@@ -143,12 +142,52 @@ feature -- User roles.
Result := storage.user_role_by_name (a_name)
end
role_permissions: LIST [READABLE_STRING_8]
-- Possible known permissions.
local
perm: READABLE_STRING_8
do
Result := storage.role_permissions
across
cms_api.enabled_modules as ic
loop
across
ic.item.permissions as perms_ic
loop
perm := perms_ic.item
if not Result.has (perm) then
Result.force (perm)
end
end
end
end
roles: LIST [CMS_USER_ROLE]
-- List of possible roles.
do
Result := storage.user_roles
end
effective_roles: LIST [CMS_USER_ROLE]
-- List of possible roles, apart from anonymous and authenticated roles that are special.
local
l_roles: like roles
r: CMS_USER_ROLE
do
l_roles := storage.user_roles
create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (l_roles.count)
across
l_roles as ic
loop
r := ic.item
if r.same_user_role (anonymous_user_role) or r.same_user_role (authenticated_user_role) then
-- Ignore
else
Result.force (r)
end
end
end
roles_count: INTEGER
-- Number of roles
do

25
src/support/cms_pagination_generator.e
View File

@@ -266,19 +266,24 @@ feature -- Convertion
pagination_links as ic
loop
lnk := ic.item
if lnk.is_active then
a_output.append ("<li class=%"active%">")
elseif lnk.title.same_string (label_previous) then
a_output.append ("<li class=%"previous%">")
elseif lnk.title.same_string (label_next) then
a_output.append ("<li class=%"next%">")
else
a_output.append ("<li>")
if not lnk.is_forbidden then
if lnk.is_active then
a_output.append ("<li class=%"active%">")
elseif lnk.title.same_string (label_previous) then
a_output.append ("<li class=%"previous%">")
elseif lnk.title.same_string (label_next) then
a_output.append ("<li class=%"next%">")
else
a_output.append ("<li>")
end
a_output.append (a_response.link (lnk.title, lnk.location, Void))
a_output.append ("</li>")
end
a_output.append (a_response.link (lnk.title, lnk.location, Void))
a_output.append ("</li>")
end
a_output.append ("</ul>")
end
note
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

69
src/theme/cms_theme.e
View File

@@ -148,46 +148,45 @@ feature {NONE} -- Implementation
local
cl: STRING
do
debug ("refactor_fixme")
fixme ("Remove HTML from Eiffel")
end
create cl.make_empty
if lnk.is_active then
cl.append ("active ")
end
if lnk.is_expandable then
cl.append ("expandable ")
end
if lnk.is_expanded then
cl.append ("expanded ")
end
if cl.is_empty then
s.append ("<li>")
else
s.append ("<li class=%""+ cl + "%">")
end
s.append ("<a href=%"")
s.append (url (lnk.location, Void))
s.append ("%">")
s.append (html_encoded (lnk.title))
s.append ("</a>")
if
(lnk.is_expanded or lnk.is_collapsed) and then
attached lnk.children as l_children
then
s.append ("<ul>%N")
across
l_children as c
loop
append_cms_link_to (c.item, s)
if not lnk.is_forbidden then
create cl.make_empty
if lnk.is_active then
cl.append ("active ")
end
s.append ("</ul>")
if lnk.is_expandable then
cl.append ("expandable ")
end
if lnk.is_expanded then
cl.append ("expanded ")
end
if cl.is_empty then
s.append ("<li>")
else
s.append ("<li class=%""+ cl + "%">")
end
s.append ("<a href=%"")
s.append (url (lnk.location, Void))
s.append ("%">")
s.append (html_encoded (lnk.title))
s.append ("</a>")
if
(lnk.is_expanded or lnk.is_collapsed) and then
attached lnk.children as l_children
then
s.append ("<ul>%N")
across
l_children as c
loop
append_cms_link_to (c.item, s)
end
s.append ("</ul>")
end
s.append ("</li>")
end
s.append ("</li>")
end
note
copyright: "2011-2014, Jocelyn Fiat, Eiffel Software and others"
copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
source: "[
Eiffel Software