Added CMS_USER.utf_8_name: STRING_8 for convenience.

Added a permission check for registering (TODO: by default allow visitor to register). Cosmetic.
2015-07-07 17:25:56 +02:00
parent 4c8af3ef66
commit cc94c59eed
3 changed files with 58 additions and 41 deletions
--- a/library/model/src/user/cms_user.e
+++ b/library/model/src/user/cms_user.e
@@ -81,6 +81,16 @@ feature -- Access
 			--			trashed


+feature -- Access: helper
+
+	utf_8_name: STRING_8
+			-- UTF-8 version of `name'.
+		local
+			utf: UTF_CONVERTER
+		do
+			Result := utf.utf_32_string_to_utf_8_string_8 (name)
+		end
+
 feature -- Roles

 	roles: detachable LIST [CMS_USER_ROLE]
--- a/modules/auth/cms_authentication_module.e
+++ b/modules/auth/cms_authentication_module.e
@@ -164,53 +164,57 @@ feature -- Handler
 			l_token: STRING
 		do
 			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			r.set_value ("Register", "optional_content_type")
-			if req.is_post_request_method then
-				if
-					attached {WSF_STRING} req.form_parameter ("name") as l_name and then
-					attached {WSF_STRING} req.form_parameter ("password") as l_password and then
-					attached {WSF_STRING} req.form_parameter ("email") as l_email
-				then
-					l_user_api := api.user_api
+			if r.has_permission ("account register") then
+				r.set_value ("Register", "optional_content_type")
+				if req.is_post_request_method then
+					if
+						attached {WSF_STRING} req.form_parameter ("name") as l_name and then
+						attached {WSF_STRING} req.form_parameter ("password") as l_password and then
+						attached {WSF_STRING} req.form_parameter ("email") as l_email
+					then
+						l_user_api := api.user_api

-					if attached l_user_api.user_by_name (l_name.value) then
-							-- Username already exist.
-						r.values.force ("The user name exist!", "error_name")
-						l_exist := True
-					end
-					if attached l_user_api.user_by_email (l_email.value) then
-							-- Emails already exist.
-						r.values.force ("The email exist!", "error_email")
-						l_exist := True
-					end
+						if attached l_user_api.user_by_name (l_name.value) then
+								-- Username already exist.
+							r.values.force ("User name already exists!", "error_name")
+							l_exist := True
+						end
+						if attached l_user_api.user_by_email (l_email.value) then
+								-- Emails already exist.
+							r.values.force ("An account is already associated with that email address!", "error_email")
+							l_exist := True
+						end

-					if not l_exist then
-							-- New user
-						create {ARRAYED_LIST [CMS_USER_ROLE]}l_roles.make (1)
-						l_roles.force (l_user_api.authenticated_user_role)
+						if not l_exist then
+								-- New user
+							create {ARRAYED_LIST [CMS_USER_ROLE]}l_roles.make (1)
+							l_roles.force (l_user_api.authenticated_user_role)

-						create u.make (l_name.value)
-						u.set_email (l_email.value)
-						u.set_password (l_password.value)
-						u.set_roles (l_roles)
-						l_user_api.new_user (u)
+							create u.make (l_name.value)
+							u.set_email (l_email.value)
+							u.set_password (l_password.value)
+							u.set_roles (l_roles)
+							l_user_api.new_user (u)

-							-- Create activation token
-						l_token := new_token
-						l_user_api.new_activation (l_token, u.id)
-						l_url := req.absolute_script_url ("/account/activate/" + l_token)
+								-- Create activation token
+							l_token := new_token
+							l_user_api.new_activation (l_token, u.id)
+							l_url := req.absolute_script_url ("/account/activate/" + l_token)

-							-- Send Email
-						create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
-						write_debug_log (generator + ".handle register: send_contact_email")
-						es.send_contact_email (l_email.value, l_url)
+								-- Send Email
+							create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
+							write_debug_log (generator + ".handle register: send_contact_email")
+							es.send_contact_email (l_email.value, l_url)

-					else
-						r.values.force (l_name.value, "name")
-						r.values.force (l_email.value, "email")
-						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+						else
+							r.values.force (l_name.value, "name")
+							r.values.force (l_email.value, "email")
+							r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+						end
 					end
 				end
+			else
+				create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
 			end

 			r.execute
--- a/src/service/cms_module_api.e
+++ b/src/service/cms_module_api.e
@@ -1,12 +1,12 @@
 note
-	description: "Summary description for {CMS_MODULE_API}."
+	description: "Common ancestor for all module apis."
 	date: "$Date: 2015-02-13 14:54:27 +0100 (ven., 13 févr. 2015) $"
 	revision: "$Revision: 96620 $"

 deferred class
 	CMS_MODULE_API

-feature {NONE} -- Implementation
+feature {NONE} -- Initialization

 	make (a_api: CMS_API)
 		do
@@ -28,4 +28,7 @@ feature {CMS_API_ACCESS, CMS_MODULE, CMS_API} -- Restricted access
 			Result := cms_api.storage
 		end

+note
+	copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
+	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
 end