Updated table nodes to support soft deletes using the new field

'deleted_at' as Datetime and give us free metadata. Updated Sqlite builder to test different scenarios for users and roles. Updated NODE_FORM_RESPONSE.edit_form feature to add a delete operation iff there is a node ie node id >0 and the current user has delete permission on it. Updated NODE_HANDLER.do_post to handle the operation "DELETE". Updated queries to retrieve nodes filter by no logical deleted rows (ie. deleted_at is NULL). Updated CMS_USER_API.has_permissions. (authenticated_user_role seems to generic).
2015-05-08 18:40:46 -03:00
parent fdff2bef36
commit c2d0fbf445
6 changed files with 60 additions and 14 deletions
--- a/modules/node/handler/node_form_response.e
+++ b/modules/node/handler/node_form_response.e
@@ -228,6 +228,12 @@ feature -- Form
 			ts.set_default_value ("Preview")
 			f.extend (ts)

+			if a_node /= Void and then a_node.id > 0 and then has_permission ("delete " + a_name) then
+				create ts.make ("op")
+				ts.set_default_value ("Delete")
+				f.extend (ts)
+			end
+
 			Result := f
 		end

--- a/modules/node/handler/node_handler.e
+++ b/modules/node/handler/node_handler.e
@@ -114,9 +114,17 @@ feature -- HTTP Methods
 		local
 			edit_response: NODE_FORM_RESPONSE
 		do
+			fixme ("Refactor code: extract methods: edit_node and add_node")
 			if req.path_info.ends_with_general ("/edit") then
-				create edit_response.make (req, res, api, node_api)
-				edit_response.execute
+				if
+					attached {WSF_STRING} req.form_parameter ("op") as l_op and then
+					l_op.value.same_string ("Delete")
+				then
+					do_delete (req, res)
+				else
+					create edit_response.make (req, res, api, node_api)
+					edit_response.execute
+				end
 			elseif req.path_info.starts_with_general ("/node/add/") then
 				create edit_response.make (req, res, api, node_api)
 				edit_response.execute
@@ -147,6 +155,7 @@ feature -- HTTP Methods
 							res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url ("")))
 						else
 							send_access_denied (req, res)
+								-- send_not_authorized ?
 						end
 					else
 						do_error (req, res, l_id)