Merged branch 'master' into es17.05

modules/admin/cms_admin_module_administration.e

@@ -51,7 +51,7 @@ feature {NONE} -- Router/administration
 			l_roles_handler: CMS_ADMIN_ROLES_HANDLER
 			l_formats_handler: CMS_ADMIN_FORMATS_HANDLER
 
-			l_user_handler: CMS_USER_HANDLER
+			l_user_handler: CMS_ADMIN_USER_HANDLER
 			l_role_handler:	CMS_ROLE_HANDLER
 			l_admin_logs_handler: CMS_LOGS_HANDLER
 

modules/admin/handler/cms_admin_cache_handler.e

@@ -47,10 +47,10 @@ feature -- Execution
 				create s.make_empty
 				f.append_to_html (l_response.wsf_theme, s)
 				l_response.set_main_content (s)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
+				send_custom_access_denied (Void, <<"admin cache">>, req, res)
 			end
-			l_response.execute
 		end
 
 	do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -77,10 +77,10 @@ feature -- Execution
 				create s.make_empty
 				f.append_to_html (l_response.wsf_theme, s)
 				l_response.set_main_content (s)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
+				send_custom_access_denied (Void, <<"admin cache">>, req, res)
 			end
-			l_response.execute
 		end
 
 feature -- Widget

modules/admin/handler/cms_admin_export_handler.e

@@ -47,10 +47,10 @@ feature -- Execution
 				create s.make_empty
 				f.append_to_html (l_response.wsf_theme, s)
 				l_response.set_main_content (s)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
+				send_access_denied (req, res)
 			end
-			l_response.execute
 		end
 
 	do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -92,10 +92,10 @@ feature -- Execution
 				create s.make_empty
 				f.append_to_html (l_response.wsf_theme, s)
 				l_response.set_main_content (s)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
+				send_access_denied (req, res)
 			end
-			l_response.execute
 		end
 
 feature -- Widget

modules/admin/handler/cms_admin_handler.e

@@ -3,7 +3,7 @@ note
 			handler for CMS admin in the CMS interface.
 
 			TODO: implement REST API.
-		]"	
+		]"
 	date: "$Date$"
 	revision: "$Revision$"
 
@@ -64,12 +64,11 @@ feature -- HTTP Methods
 		local
 			r: CMS_RESPONSE
 		do
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-			if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
+			if api.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
 				create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
 				r.execute
 			else
-				r.execute
+				send_access_denied (req, res)
 			end
 		end
 
@@ -77,12 +76,11 @@ feature -- HTTP Methods
 		local
 			r: CMS_RESPONSE
 		do
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-			if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
+			if api.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
 				create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
 				r.execute
 			else
-				r.execute
+				send_access_denied (req, res)
 			end
 		end
 

modules/admin/handler/cms_admin_import_handler.e

@@ -47,10 +47,10 @@ feature -- Execution
 				create s.make_empty
 				f.append_to_html (l_response.wsf_theme, s)
 				l_response.set_main_content (s)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
+				send_access_denied (req, res)
 			end
-			l_response.execute
 		end
 
 	do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -99,11 +99,10 @@ feature -- Execution
 				create s.make_empty
 				f.append_to_html (l_response.wsf_theme, s)
 				l_response.set_main_content (s)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
+				send_access_denied (req, res)
 			end
-
-			l_response.execute
 		end
 
 feature -- Widget

modules/admin/handler/cms_admin_modules_handler.e

@@ -60,8 +60,7 @@ feature -- Execution
 					l_denied := True
 				end
 				if l_denied then
-					create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-					r.set_main_content ("You do not have permission to access CMS module uninstallation procedure!")
+					send_custom_access_denied ("You do not have permission to access CMS module uninstallation procedure!", Void, req, res)
 				else
 					create s.make_empty
 					across
@@ -82,8 +81,8 @@ feature -- Execution
 					end
 					s.append (r.link ("Back to modules management", r.location, Void))
 					r.set_main_content (s)
+					r.execute
 				end
-				r.execute
 			else
 				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
 				create s.make_empty
@@ -119,8 +118,7 @@ feature -- Execution
 						l_denied := True
 					end
 					if l_denied then
-						create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-						r.set_main_content ("You do not have permission to access CMS module installation procedure!")
+						send_custom_access_denied ("You do not have permission to access CMS module installation procedure!", Void, req, res)
 					else
 						f := modules_to_install_collection_web_form (r)
 						f.submit_actions.extend (agent on_installation_submit)
@@ -138,8 +136,8 @@ feature -- Execution
 							r.add_notice_message ("Operation on module(s) succeeded.")
 							r.set_redirection (r.location)
 						end
+						r.execute
 					end
-					r.execute
 				elseif l_op.same_string ("Update status") then
 					create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
 					if api.has_permission ("admin module") then
@@ -159,15 +157,12 @@ feature -- Execution
 							r.add_notice_message ("Operation on module(s) succeeded.")
 							r.set_redirection (r.location)
 						end
-
+						r.execute
 					else
-						create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-						r.set_main_content ("You do not have permission to administrate CMS modules!")
+						send_custom_access_denied ("You do not have permission to administrate CMS modules!", Void, req, res)
 					end
-					r.execute
 				else
-					create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
-					r.execute
+					send_bad_request (req, res)
 				end
 			else
 				do_get (req, res)

modules/admin/handler/cms_admin_path_alias_handler.e

@@ -81,10 +81,10 @@ feature -- Execution
 					s.append ("</ul>")
 				end
 				l_response.set_main_content (s)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
+				send_access_denied (req, res)
 			end
-			l_response.execute
 		end
 
 	do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -114,11 +114,11 @@ feature -- Execution
 
 				l_response.set_redirection (l_response.location)
 				l_response.set_redirection_delay (3)
+				l_response.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
-				l_response.set_redirection (l_response.location)
+				send_access_denied (req, res)
+					-- CHECK: set redirection?
 			end
-			l_response.execute
 		end
 
 end

modules/admin/handler/format/cms_admin_formats_handler.e

@@ -152,8 +152,8 @@ feature -- View/edit Format
 					i := i + 1
 					l_name := f_ic.item.name
 					l_all_filters.force (f_ic.item, l_name)
-					create cb.make_with_value ("filters[" + l_name + "]", l_name)
-					cb.set_title (f_ic.item.title)
+					create cb.make_with_value ("filters[" + l_name + "]", l_name.to_string_32)
+					cb.set_title (f_ic.item.title.to_string_32)
 					cb.set_checked (True)
 
 					create hf.make_with_text ("filter_weight[" + l_name + "]", i.out)
@@ -178,8 +178,8 @@ feature -- View/edit Format
 				l_name := f_ic.item.name
 				if l_all_filters.has (l_name) then
 				else
-					create cb.make_with_value ("filters[" + l_name + "]", l_name)
-					cb.set_title (f_ic.item.title)
+					create cb.make_with_value ("filters[" + l_name + "]", l_name.to_string_32)
+					cb.set_title (f_ic.item.title.to_string_32)
 					create ftb_row.make (2)
 					ftb.add_row (ftb_row)
 					ftb_row.add_widget (cb)
@@ -195,8 +195,8 @@ feature -- View/edit Format
 				api.content_types as ct_ic
 			loop
 				l_name := ct_ic.item.name
-				create cb.make_with_value ("content_types[]", l_name)
-				cb.set_title (l_name)
+				create cb.make_with_value ("content_types[]", l_name.to_string_32)
+				cb.set_title (l_name.to_string_32)
 				if f /= Void and then ct_ic.item.has_format (f.name) then
 					cb.set_checked (True)
 				end

modules/admin/handler/logs/cms_logs_handler.e

@@ -63,7 +63,7 @@ feature -- HTTP Methods
 			l_logs: LIST [CMS_LOG]
 			l_log: CMS_LOG
 			r: CMS_RESPONSE
-			l_cat: detachable READABLE_STRING_8
+			l_cat: detachable READABLE_STRING_32
 			l_lower: INTEGER
 			l_count: INTEGER
 			b: STRING
@@ -104,11 +104,10 @@ feature -- HTTP Methods
 				r.set_main_content (b)
 				r.set_page_title ("Logs ...")
 				r.set_title ("Logs")
+				r.execute
 			else
-				create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
+				send_access_denied (req, res)
 			end
-			r.execute
-
 		end
 
 end

modules/admin/handler/role/cms_role_form_response.e

@@ -348,9 +348,9 @@ feature -- Form
 							fs.extend (lab)
 							string_sorter.sort (l_permissions)
 							across l_permissions as ic loop
-								create cb.make_with_value ("cms_permissions", ic.item)
+								create cb.make_with_value ("cms_permissions", ic.item.to_string_32)
 								cb.set_checked (across l_role_permissions as rp_ic some rp_ic.item.is_case_insensitive_equal (ic.item) end)
-								cb.set_title (ic.item)
+								cb.set_title (ic.item.to_string_32)
 								fs.extend (cb)
 							end
 						end
@@ -389,7 +389,7 @@ feature -- Form
 	update_role (a_form_data: WSF_FORM_DATA; a_role: CMS_USER_ROLE)
 			-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
 		local
-			l_perm: READABLE_STRING_8
+			l_perm: READABLE_STRING_GENERAL
 		do
 			if attached a_form_data.string_item ("op") as f_op then
 				if f_op.is_case_insensitive_equal_general ("Update role") then
@@ -400,16 +400,16 @@ feature -- Form
 					then
 						if attached {WSF_STRING} a_form_data.item ("cms_permissions") as u_role then
 							a_role.permissions.wipe_out
-							a_role.add_permission (u_role.value)
+							a_role.add_permission (api.utf_8_encoded (u_role.value)) -- TODO: utf-8 or require valid string 8?
 						elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_permissions") as u_permissions then
 							a_role.permissions.wipe_out
 								-- Enable checked permissions.
 							across
 								u_permissions as ic
 							loop
-								l_perm := ic.item.value.as_string_8
+								l_perm := ic.item.value
 								if not l_perm.is_whitespace then
-									a_role.add_permission (l_perm)
+									a_role.add_permission (api.utf_8_encoded (l_perm)) -- TODO: utf-8 or require valid string 8?
 								end
 							end
 						else
@@ -421,9 +421,9 @@ feature -- Form
 								l_cms_perms.values as ic
 							loop
 								if attached {WSF_STRING} ic.item as p then
-									l_perm := p.value.as_string_8
+									l_perm := p.value
 									if not l_perm.is_whitespace then
-										a_role.add_permission (l_perm)
+										a_role.add_permission (api.utf_8_encoded (l_perm))
 									end
 								end
 							end

modules/admin/handler/role/cms_role_handler.e

@@ -81,10 +81,8 @@ feature -- HTTP Methods
 			l_uid: INTEGER_64
 			edit_response: CMS_ROLE_FORM_RESPONSE
 			view_response: CMS_ROLE_VIEW_RESPONSE
-			r: CMS_RESPONSE
 		do
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-			if r.has_permission ("admin roles") then
+			if api.has_permission ("admin roles") then
 				if req.percent_encoded_path_info.ends_with_general ("/edit") then
 					check valid_url: req.percent_encoded_path_info.starts_with_general (api.administration_path ("/role/")) end
 					create edit_response.make (req, res, api)
@@ -111,18 +109,15 @@ feature -- HTTP Methods
 					end
 				end
 			else
-				r.execute
+				send_access_denied (req, res)
 			end
 		end
 
-
 	do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
 		local
 			edit_response: CMS_ROLE_FORM_RESPONSE
-			r: CMS_RESPONSE
 		do
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-			if r.has_permission ("admin roles") then
+			if api.has_permission ("admin roles") then
 				if req.percent_encoded_path_info.ends_with_general ("/edit") then
 					create edit_response.make (req, res, api)
 					edit_response.execute
@@ -138,7 +133,7 @@ feature -- HTTP Methods
 					edit_response.execute
 				end
 			else
-				r.execute
+				send_access_denied (req, res)
 			end
 		end
 

modules/admin/handler/role/cms_role_view_response.e

@@ -71,7 +71,7 @@ feature -- Execution
 			s.append ("<div class=%"info%"> ")
 			s.append ("<h4>Role Information</h4>")
 			s.append ("<p>Role:")
-			s.append (a_role.name)
+			s.append (html_encoded (a_role.name))
 			s.append ("</p>")
 
 			s.append ("<h4>Permissions:</h4>")

modules/admin/handler/user/cms_admin_user_form_response.e

@@ -1,10 +1,10 @@
 note
-	description: "Summary description for {CMS_USER_FORM_RESPONSE}."
+	description: "Summary description for {CMS_ADMIN_USER_FORM_RESPONSE}."
 	date: "$Date$"
 	revision: "$Revision$"
 
 class
-	CMS_USER_FORM_RESPONSE
+	CMS_ADMIN_USER_FORM_RESPONSE
 
 inherit
 	CMS_RESPONSE
@@ -324,10 +324,10 @@ feature -- Form
 				create fs.make
 				fs.set_legend ("Basic User Account Information")
 				fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
-				fs.extend_html_text (a_user.name)
+				fs.extend_raw_text (a_user.name)
 
 				if attached a_user.email as l_email then
-					create fe.make_with_text ("email", l_email)
+					create fe.make_with_text ("email", l_email.to_string_32)
 				else
 					create fe.make_with_text ("email", "")
 				end
@@ -477,7 +477,7 @@ feature -- Form
 								api.user_api.user_by_email (l_email) = Void
 							then
 									-- Valid email
-								a_user.set_email (l_email)
+								a_user.set_email (api.utf_8_encoded (l_email))
 							else
 								if attached l_user.email as u_email and then not u_email.is_case_insensitive_equal_general (l_email) then
 									a_form_data.report_invalid_field ("email", "Email already exist!")

modules/admin/handler/user/cms_admin_user_handler.e

@@ -1,12 +1,12 @@
 note
 	description: "[
-		Handler for a CMS user in the CMS interface
+		Administration handler for a CMS user in the CMS interface
 	]"
 	date: "$Date$"
 	revision: "$Revision$"
 
 class
-	CMS_USER_HANDLER
+	CMS_ADMIN_USER_HANDLER
 
 inherit
 	CMS_HANDLER
@@ -79,12 +79,10 @@ feature -- HTTP Methods
 		local
 			l_user: detachable CMS_USER
 			l_uid: INTEGER_64
-			edit_response: CMS_USER_FORM_RESPONSE
-			view_response: CMS_USER_VIEW_RESPONSE
-			r: CMS_RESPONSE
+			edit_response: CMS_ADMIN_USER_FORM_RESPONSE
+			view_response: CMS_ADMIN_USER_VIEW_RESPONSE
 		do
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-			if r.has_permission ("admin users") then
+			if api.has_permission ("admin users") then
 				if req.percent_encoded_path_info.ends_with_general ("/edit") then
 					check valid_url: req.percent_encoded_path_info.starts_with_general (api.administration_path ("/user/")) end
 					create edit_response.make (req, res, api)
@@ -111,18 +109,16 @@ feature -- HTTP Methods
 					end
 				end
 			else
-				r.execute
+				send_access_denied (req, res)
 			end
 		end
 
 
 	do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
 		local
-			edit_response: CMS_USER_FORM_RESPONSE
-			r: CMS_RESPONSE
+			edit_response: CMS_ADMIN_USER_FORM_RESPONSE
 		do
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
-			if r.has_permission ("admin users") then
+			if api.has_permission ("admin users") then
 				if req.percent_encoded_path_info.ends_with_general ("/edit") then
 					create edit_response.make (req, res, api)
 					edit_response.execute
@@ -138,7 +134,7 @@ feature -- HTTP Methods
 					edit_response.execute
 				end
 			else
-				r.execute
+				send_access_denied (req, res)
 			end
 		end
 
@@ -190,7 +186,7 @@ feature {NONE} -- New User
 
 	create_new_user (req: WSF_REQUEST; res: WSF_RESPONSE)
 		local
-			edit_response: CMS_USER_FORM_RESPONSE
+			edit_response: CMS_ADMIN_USER_FORM_RESPONSE
 		do
 			if req.percent_encoded_path_info.starts_with (api.administration_path ("/add/user")) then
 				create edit_response.make (req, res, api)

modules/admin/handler/user/cms_admin_user_view_response.e

@@ -1,10 +1,10 @@
 note
-	description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
+	description: "Summary description for {CMS_ADMIN_USER_VIEW_RESPONSE}."
 	date: "$Date$"
 	revision: "$Revision$"
 
 class
-	CMS_USER_VIEW_RESPONSE
+	CMS_ADMIN_USER_VIEW_RESPONSE
 
 inherit
 	CMS_RESPONSE
@@ -27,7 +27,6 @@ feature -- Query
 			end
 		end
 
-
 feature -- Execution
 
 	process

modules/admin/handler/user/cms_admin_users_handler.e

@@ -73,8 +73,7 @@ feature -- HTTP Methods
 				-- get them from the configuration file and load them into
 				-- the setup class.
 
-			create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
-			if l_response.has_permission ("admin users") then
+			if api.has_permission ("admin users") then
 				user_api := api.user_api
 
 				l_count := user_api.users_count
@@ -157,7 +156,7 @@ feature -- HTTP Methods
 				l_response.set_main_content (s)
 				l_response.execute
 			else
-				l_response.execute
+				send_access_denied (req, res)
 			end
 		end
 end