From c2d0fbf445b96f9824c8f64745966df8c3387e79 Mon Sep 17 00:00:00 2001 From: jvelilla Date: Fri, 8 May 2015 18:40:46 -0300 Subject: [PATCH] Updated table nodes to support soft deletes using the new field 'deleted_at' as Datetime and give us free metadata. Updated Sqlite builder to test different scenarios for users and roles. Updated NODE_FORM_RESPONSE.edit_form feature to add a delete operation iff there is a node ie node id >0 and the current user has delete permission on it. Updated NODE_HANDLER.do_post to handle the operation "DELETE". Updated queries to retrieve nodes filter by no logical deleted rows (ie. deleted_at is NULL). Updated CMS_USER_API.has_permissions. (authenticated_user_role seems to generic). --- examples/demo/site/scripts/node.sql | 3 +- .../sqlite/src/cms_storage_sqlite_builder.e | 39 +++++++++++++++---- modules/node/handler/node_form_response.e | 6 +++ modules/node/handler/node_handler.e | 13 ++++++- .../node/persistence/cms_node_storage_sql.e | 10 +++-- src/service/user/cms_user_api.e | 3 +- 6 files changed, 60 insertions(+), 14 deletions(-) diff --git a/examples/demo/site/scripts/node.sql b/examples/demo/site/scripts/node.sql index 85aa51b..330882e 100644 --- a/examples/demo/site/scripts/node.sql +++ b/examples/demo/site/scripts/node.sql @@ -11,7 +11,8 @@ CREATE TABLE "nodes"( "author" INTEGER, "publish" DATETIME, "created" DATETIME NOT NULL, - "changed" DATETIME NOT NULL + "changed" DATETIME NOT NULL, + "deleted_at" DATETIME NULL ); CREATE TABLE page_nodes( diff --git a/library/persistence/sqlite/src/cms_storage_sqlite_builder.e b/library/persistence/sqlite/src/cms_storage_sqlite_builder.e index 0e94aaa..fa60c92 100644 --- a/library/persistence/sqlite/src/cms_storage_sqlite_builder.e +++ b/library/persistence/sqlite/src/cms_storage_sqlite_builder.e @@ -48,16 +48,11 @@ feature -- Factory local u: CMS_USER r: CMS_USER_ROLE + l: LIST[CMS_USER_ROLE] do -- Schema a_storage.sql_execute_file_script (a_setup.environment.path.extended ("scripts").extended ("core.sql")) - -- Data - -- Users - create u.make ("admin") - u.set_password ("istrator#") - u.set_email (a_setup.site_email) - a_storage.new_user (u) -- Roles create r.make ("anonymous") @@ -65,10 +60,40 @@ feature -- Factory create r.make ("authenticated") r.add_permission ("create page") r.add_permission ("edit page") + r.add_permission ("delete page") a_storage.save_user_role (r) - -- Test custom value + create {ARRAYED_LIST[CMS_USER_ROLE]} l.make (1) + l.force (r) + + -- Users + create u.make ("admin") + u.set_password ("istrator#") + u.set_email (a_setup.site_email) + a_storage.new_user (u) + + create u.make ("auth") + u.set_password ("enticated#") + u.set_email (a_setup.site_email) + u.set_roles (l) + a_storage.new_user (u) + + -- Roles, view role for testing. + create r.make ("view") + r.add_permission ("view page") + a_storage.save_user_role (r) + + create {ARRAYED_LIST[CMS_USER_ROLE]} l.make (1) + l.force (r) + + create u.make ("view") + u.set_password ("only#") + u.set_email (a_setup.site_email) + u.set_roles (l) + a_storage.new_user (u) + + -- Test custom value a_storage.set_custom_value ("abc", "123", "test") a_storage.set_custom_value ("abc", "OK", "test") end diff --git a/modules/node/handler/node_form_response.e b/modules/node/handler/node_form_response.e index 169205b..f1e2f72 100644 --- a/modules/node/handler/node_form_response.e +++ b/modules/node/handler/node_form_response.e @@ -228,6 +228,12 @@ feature -- Form ts.set_default_value ("Preview") f.extend (ts) + if a_node /= Void and then a_node.id > 0 and then has_permission ("delete " + a_name) then + create ts.make ("op") + ts.set_default_value ("Delete") + f.extend (ts) + end + Result := f end diff --git a/modules/node/handler/node_handler.e b/modules/node/handler/node_handler.e index 8894a02..4f60c7a 100644 --- a/modules/node/handler/node_handler.e +++ b/modules/node/handler/node_handler.e @@ -114,9 +114,17 @@ feature -- HTTP Methods local edit_response: NODE_FORM_RESPONSE do + fixme ("Refactor code: extract methods: edit_node and add_node") if req.path_info.ends_with_general ("/edit") then - create edit_response.make (req, res, api, node_api) - edit_response.execute + if + attached {WSF_STRING} req.form_parameter ("op") as l_op and then + l_op.value.same_string ("Delete") + then + do_delete (req, res) + else + create edit_response.make (req, res, api, node_api) + edit_response.execute + end elseif req.path_info.starts_with_general ("/node/add/") then create edit_response.make (req, res, api, node_api) edit_response.execute @@ -147,6 +155,7 @@ feature -- HTTP Methods res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url (""))) else send_access_denied (req, res) + -- send_not_authorized ? end else do_error (req, res, l_id) diff --git a/modules/node/persistence/cms_node_storage_sql.e b/modules/node/persistence/cms_node_storage_sql.e index 9d569be..6f3d549 100644 --- a/modules/node/persistence/cms_node_storage_sql.e +++ b/modules/node/persistence/cms_node_storage_sql.e @@ -144,12 +144,15 @@ feature -- Change: Node -- Remove node by id `a_id'. local l_parameters: STRING_TABLE [ANY] + l_time: DATE_TIME do + create l_time.make_now_utc write_information_log (generator + ".delete_node") error_handler.reset create l_parameters.make (1) l_parameters.put (a_id, "nid") + l_parameters.put (l_time, "deleted_at") sql_change (sql_delete_node, l_parameters) end @@ -260,9 +263,9 @@ feature -- Helpers feature {NONE} -- Queries - sql_select_nodes_count: STRING = "SELECT count(*) from Nodes;" + sql_select_nodes_count: STRING = "SELECT count(*) from Nodes where deleted_at IS NULL;" - sql_select_nodes: STRING = "SELECT * from Nodes;" + sql_select_nodes: STRING = "SELECT * from Nodes where deleted_at IS NULL;" -- SQL Query to retrieve all nodes. sql_select_node_by_id: STRING = "SELECT nid, revision, type, title, summary, content, format, author, publish, created, changed FROM Nodes WHERE nid =:nid ORDER BY revision desc, publish desc LIMIT 1;" @@ -277,7 +280,8 @@ feature {NONE} -- Queries -- sql_update_node : STRING = "UPDATE nodes SET revision = revision + 1, type=:type, title=:title, summary=:summary, content=:content, format=:format, publish=:publish, changed=:changed, revision = revision + 1, author=:author WHERE nid=:nid;" -- SQL node. - sql_delete_node: STRING = "DELETE FROM nodes WHERE nid=:nid;" + sql_delete_node: STRING = "UPDATE nodes SET deleted_at = :deleted_at WHERE nid=:nid" + -- Soft deletion with free metadata. -- sql_update_node_author: STRING = "UPDATE nodes SET author=:author WHERE nid=:nid;" diff --git a/src/service/user/cms_user_api.e b/src/service/user/cms_user_api.e index 5f374df..5498b35 100644 --- a/src/service/user/cms_user_api.e +++ b/src/service/user/cms_user_api.e @@ -49,7 +49,8 @@ feature -- Status report if is_admin_user (a_user) then Result := True else - Result := user_role_has_permission (authenticated_user_role, a_permission) + fixme ("Check how to handle this predefined role") + -- Result := user_role_has_permission (authenticated_user_role, a_permission) if not Result then Result := across user_roles (a_user) as ic some user_role_has_permission (ic.item, a_permission) end end