Updated table nodes to support soft deletes using the new field

'deleted_at' as Datetime and give us free metadata.
Updated Sqlite builder to test different scenarios for users and roles.
Updated NODE_FORM_RESPONSE.edit_form feature to add a delete operation iff
there is a node ie node id >0 and the current user has delete permission on it.
Updated NODE_HANDLER.do_post to handle the operation "DELETE".
Updated queries to retrieve nodes filter by no logical deleted rows (ie. deleted_at is NULL).
Updated CMS_USER_API.has_permissions. (authenticated_user_role seems to generic).

examples/demo/site/scripts/node.sql

@@ -11,7 +11,8 @@ CREATE TABLE "nodes"(
   "author" INTEGER,
   "publish" DATETIME,
   "created" DATETIME NOT NULL,
-  "changed" DATETIME NOT NULL
+  "changed" DATETIME NOT NULL,
+  "deleted_at" DATETIME NULL
 );
 
 CREATE TABLE page_nodes(

library/persistence/sqlite/src/cms_storage_sqlite_builder.e

@@ -48,16 +48,11 @@ feature -- Factory
 		local
 			u: CMS_USER
 			r: CMS_USER_ROLE
+			l: LIST[CMS_USER_ROLE]
 		do
 				-- Schema
 			a_storage.sql_execute_file_script (a_setup.environment.path.extended ("scripts").extended ("core.sql"))
 
-				-- Data	
-				-- Users
-			create u.make ("admin")
-			u.set_password ("istrator#")
-			u.set_email (a_setup.site_email)
-			a_storage.new_user (u)
 
 				-- Roles
 			create r.make ("anonymous")
@@ -65,10 +60,40 @@ feature -- Factory
 			create r.make ("authenticated")
 			r.add_permission ("create page")
 			r.add_permission ("edit page")
+			r.add_permission ("delete page")
 			a_storage.save_user_role (r)
 
-				-- Test custom value
 
+			create {ARRAYED_LIST[CMS_USER_ROLE]} l.make (1)
+			l.force (r)
+
+				-- Users
+			create u.make ("admin")
+			u.set_password ("istrator#")
+			u.set_email (a_setup.site_email)
+			a_storage.new_user (u)
+
+			create u.make ("auth")
+			u.set_password ("enticated#")
+			u.set_email (a_setup.site_email)
+			u.set_roles (l)
+			a_storage.new_user (u)
+
+				-- Roles, view role for testing.
+			create r.make ("view")
+			r.add_permission ("view page")
+			a_storage.save_user_role (r)
+
+			create {ARRAYED_LIST[CMS_USER_ROLE]} l.make (1)
+			l.force (r)
+
+			create u.make ("view")
+			u.set_password ("only#")
+			u.set_email (a_setup.site_email)
+			u.set_roles (l)
+			a_storage.new_user (u)
+
+				-- Test custom value
 			a_storage.set_custom_value ("abc", "123", "test")
 			a_storage.set_custom_value ("abc", "OK", "test")
 		end

modules/node/handler/node_form_response.e

@@ -228,6 +228,12 @@ feature -- Form
 			ts.set_default_value ("Preview")
 			f.extend (ts)
 
+			if a_node /= Void and then a_node.id > 0 and then has_permission ("delete " + a_name) then
+				create ts.make ("op")
+				ts.set_default_value ("Delete")
+				f.extend (ts)
+			end
+
 			Result := f
 		end
 

modules/node/handler/node_handler.e

@@ -114,9 +114,17 @@ feature -- HTTP Methods
 		local
 			edit_response: NODE_FORM_RESPONSE
 		do
+			fixme ("Refactor code: extract methods: edit_node and add_node")
 			if req.path_info.ends_with_general ("/edit") then
-				create edit_response.make (req, res, api, node_api)
-				edit_response.execute
+				if
+					attached {WSF_STRING} req.form_parameter ("op") as l_op and then
+					l_op.value.same_string ("Delete")
+				then
+					do_delete (req, res)
+				else
+					create edit_response.make (req, res, api, node_api)
+					edit_response.execute
+				end
 			elseif req.path_info.starts_with_general ("/node/add/") then
 				create edit_response.make (req, res, api, node_api)
 				edit_response.execute
@@ -147,6 +155,7 @@ feature -- HTTP Methods
 							res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url ("")))
 						else
 							send_access_denied (req, res)
+								-- send_not_authorized ?
 						end
 					else
 						do_error (req, res, l_id)

modules/node/persistence/cms_node_storage_sql.e

@@ -144,12 +144,15 @@ feature -- Change: Node
 			-- Remove node by id `a_id'.
 		local
 			l_parameters: STRING_TABLE [ANY]
+			l_time: DATE_TIME
 		do
+			create l_time.make_now_utc
 			write_information_log (generator + ".delete_node")
 
 			error_handler.reset
 			create l_parameters.make (1)
 			l_parameters.put (a_id, "nid")
+			l_parameters.put (l_time, "deleted_at")
 			sql_change (sql_delete_node, l_parameters)
 		end
 
@@ -260,9 +263,9 @@ feature -- Helpers
 
 feature {NONE} -- Queries
 
-	sql_select_nodes_count: STRING = "SELECT count(*) from Nodes;"
+	sql_select_nodes_count: STRING = "SELECT count(*) from Nodes where deleted_at IS NULL;"
 
-	sql_select_nodes: STRING = "SELECT * from Nodes;"
+	sql_select_nodes: STRING = "SELECT * from Nodes where deleted_at IS NULL;"
 			-- SQL Query to retrieve all nodes.
 
 	sql_select_node_by_id: STRING = "SELECT nid, revision, type, title, summary, content, format, author, publish, created, changed FROM Nodes WHERE nid =:nid ORDER BY revision desc, publish desc LIMIT 1;"
@@ -277,7 +280,8 @@ feature {NONE} -- Queries
 --	sql_update_node : STRING = "UPDATE nodes SET revision = revision + 1, type=:type, title=:title, summary=:summary, content=:content, format=:format, publish=:publish, changed=:changed, revision = revision + 1, author=:author WHERE nid=:nid;"
 			-- SQL node.
 
-	sql_delete_node: STRING = "DELETE FROM nodes WHERE nid=:nid;"
+	sql_delete_node: STRING = "UPDATE nodes SET deleted_at = :deleted_at WHERE nid=:nid"
+			-- Soft deletion with free metadata.
 
 --	sql_update_node_author: STRING  = "UPDATE nodes SET author=:author WHERE nid=:nid;"
 

src/service/user/cms_user_api.e

@@ -49,7 +49,8 @@ feature -- Status report
 				if is_admin_user (a_user) then
 					Result := True
 				else
-					Result := user_role_has_permission (authenticated_user_role, a_permission)
+					fixme ("Check how to handle this predefined role")
+						-- Result := user_role_has_permission (authenticated_user_role, a_permission)
 					if not Result then
 						Result := across user_roles (a_user) as ic some user_role_has_permission (ic.item, a_permission) end
 					end