Compare commits
9 Commits
es_rev9853
...
es_rev9879
| Author | SHA1 | Date | |
|---|---|---|---|
| 6a61c30689 | |||
| 88aaf9ed4c | |||
| 167ac563aa | |||
| f4ac4be684 | |||
| 12a3898487 | |||
| 0e3419fea0 | |||
| 816f0eb820 | |||
| bd3fe63976 | |||
| 0c7d8af9d7 |
@@ -108,6 +108,16 @@ feature -- HTTP Methods
|
||||
s.append ("%">")
|
||||
s.append (html_encoded (u.name))
|
||||
s.append ("</a>")
|
||||
if attached user_api.user_roles (u) as l_roles and then not l_roles.is_empty then
|
||||
s.append (" <span class=%"cms_roles%">(")
|
||||
across
|
||||
l_roles as ic_roles
|
||||
loop
|
||||
s.append (html_encoded (ic_roles.item.name))
|
||||
s.append (" ")
|
||||
end
|
||||
s.append (")</span>")
|
||||
end
|
||||
s.append ("</li>%N")
|
||||
end
|
||||
s.append ("</ul>%N")
|
||||
|
||||
@@ -386,6 +386,9 @@ feature -- Form
|
||||
-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
|
||||
local
|
||||
l_uroles: LIST [CMS_USER_ROLE]
|
||||
l_new_roles: detachable ARRAYED_LIST [CMS_USER_ROLE]
|
||||
r: detachable CMS_USER_ROLE
|
||||
rid: INTEGER
|
||||
do
|
||||
if attached a_form_data.string_item ("op") as f_op then
|
||||
if f_op.is_case_insensitive_equal_general ("Update user role") then
|
||||
@@ -394,23 +397,53 @@ feature -- Form
|
||||
then
|
||||
l_uroles := api.user_api.user_roles (l_user)
|
||||
l_uroles.compare_objects
|
||||
if attached {WSF_STRING} a_form_data.item ("cms_roles") as l_role then
|
||||
if attached api.user_api.user_role_by_id (l_role.integer_value) as role then
|
||||
if not l_uroles.has (role) then
|
||||
api.user_api.assign_role_to_user (role, a_user)
|
||||
|
||||
if attached {WSF_STRING} a_form_data.item ("cms_roles") as p_role_id then
|
||||
rid := p_role_id.integer_value
|
||||
r := api.user_api.user_role_by_id (rid)
|
||||
if r /= Void then
|
||||
create l_new_roles.make (0)
|
||||
l_new_roles.force (r)
|
||||
end
|
||||
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_roles") as p_roles_ids then
|
||||
create l_new_roles.make (p_roles_ids.values.count)
|
||||
across
|
||||
p_roles_ids as ic
|
||||
loop
|
||||
rid := ic.item.integer_value
|
||||
r := api.user_api.user_role_by_id (rid)
|
||||
if r /= Void then
|
||||
l_new_roles.force (r)
|
||||
end
|
||||
end
|
||||
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_roles") as l_roles then
|
||||
across l_roles as ic loop
|
||||
if attached api.user_api.user_role_by_id (ic.item.integer_value) as role then
|
||||
if not l_uroles.has (role) then
|
||||
api.user_api.assign_role_to_user (role, a_user)
|
||||
end
|
||||
end
|
||||
if l_new_roles = Void or else l_new_roles.is_empty then
|
||||
across
|
||||
l_uroles as ic
|
||||
loop
|
||||
r := ic.item
|
||||
api.user_api.unassign_role_from_user (r, a_user)
|
||||
end
|
||||
else
|
||||
across api.user_api.roles as ic loop
|
||||
api.user_api.unassign_role_from_user (ic.item, a_user)
|
||||
across
|
||||
l_new_roles as ic
|
||||
loop
|
||||
r := ic.item
|
||||
if l_uroles.has (r) then
|
||||
-- Already assigned to that role.
|
||||
else
|
||||
api.user_api.assign_role_to_user (ic.item, a_user)
|
||||
end
|
||||
end
|
||||
-- Remove other roles for `a_user'.
|
||||
l_new_roles.compare_objects
|
||||
across
|
||||
l_uroles as ic
|
||||
loop
|
||||
r := ic.item
|
||||
if not l_new_roles.has (r) then
|
||||
api.user_api.unassign_role_from_user (r, a_user)
|
||||
end
|
||||
end
|
||||
end
|
||||
add_success_message ("Roles updated")
|
||||
|
||||
@@ -69,8 +69,8 @@ feature -- Hooks
|
||||
lnk: CMS_LOCAL_LINK
|
||||
l_destination: READABLE_STRING_8
|
||||
do
|
||||
if attached {WSF_STRING} a_response.request.query_parameter ("destination") as p_destination then
|
||||
l_destination := p_destination.value
|
||||
if attached {WSF_STRING} a_response.request.item ("destination") as p_destination then
|
||||
l_destination := p_destination.url_encoded_value
|
||||
else
|
||||
l_destination := a_response.location
|
||||
end
|
||||
@@ -88,4 +88,23 @@ feature -- Hooks
|
||||
end
|
||||
end
|
||||
|
||||
feature {NONE} -- Template
|
||||
|
||||
smarty_template_login_block (a_request: WSF_REQUEST; a_module: CMS_MODULE; a_block_id: READABLE_STRING_8; a_cms_api: CMS_API): like smarty_template_block
|
||||
local
|
||||
l_destination: detachable READABLE_STRING_32
|
||||
do
|
||||
Result := smarty_template_block (a_module, a_block_id, a_cms_api)
|
||||
if Result /= Void then
|
||||
if attached {WSF_STRING} a_request.query_parameter ("destination") as p_destination then
|
||||
l_destination := p_destination.value
|
||||
elseif attached {WSF_STRING} a_request.form_parameter ("destination") as p_destination then
|
||||
l_destination := p_destination.value
|
||||
end
|
||||
if l_destination /= Void then
|
||||
Result.set_value (l_destination, "site_destination")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
note
|
||||
description: "Module Auth"
|
||||
date: "$Date$"
|
||||
revision: "$Revision$"
|
||||
date: "$Date: 2016-04-13 10:59:18 +0200 (mer., 13 avr. 2016) $"
|
||||
revision: "$Revision: 98616 $"
|
||||
|
||||
class
|
||||
CMS_AUTHENTICATION_MODULE
|
||||
@@ -139,7 +139,7 @@ feature -- Hooks configuration
|
||||
l_url: STRING
|
||||
l_url_name: READABLE_STRING_GENERAL
|
||||
do
|
||||
if attached {WSF_STRING} a_response.request.query_parameter ("destination") as p_destination then
|
||||
if attached {WSF_STRING} a_response.request.item ("destination") as p_destination then
|
||||
l_destination := p_destination.value
|
||||
else
|
||||
l_destination := a_response.location
|
||||
@@ -159,7 +159,7 @@ feature -- Hooks configuration
|
||||
l_url_name := "site_sign_in_url"
|
||||
l_url := a_response.url (roc_login_location, Void)
|
||||
end
|
||||
if l_destination /= Void then
|
||||
if l_destination /= Void and then not l_url.has_substring ("?destination") then
|
||||
l_url.append ("?destination=" + percent_encoded (l_destination))
|
||||
end
|
||||
a_value.force (l_url, l_url_name)
|
||||
@@ -289,7 +289,7 @@ feature -- Handler
|
||||
elseif attached api.module_by_name ("session_auth") then
|
||||
-- FIXME: find better solution to support a default login system.
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
|
||||
if attached {WSF_STRING} req.item ("destination") as l_destination then
|
||||
r.set_redirection ("account/auth/roc-session-login?destination=" + l_destination.url_encoded_value)
|
||||
else
|
||||
r.set_redirection ("account/auth/roc-session-login")
|
||||
@@ -300,7 +300,7 @@ feature -- Handler
|
||||
elseif attached api.module_by_name ("basic_auth") then
|
||||
-- FIXME: find better solution to support a default login system.
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
|
||||
if attached {WSF_STRING} req.item ("destination") as l_destination then
|
||||
r.set_redirection ("account/auth/roc-basic-login?destination=" + l_destination.url_encoded_value)
|
||||
else
|
||||
r.set_redirection ("account/auth/roc-basic-login")
|
||||
@@ -324,10 +324,10 @@ feature -- Handler
|
||||
else
|
||||
loc := ""
|
||||
end
|
||||
|
||||
if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
|
||||
loc.append ("?destination=" + l_destination.url_encoded_value)
|
||||
end
|
||||
-- Do not try to redirect to previous page or destination!
|
||||
-- if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
|
||||
-- loc.append ("?destination=" + l_destination.url_encoded_value)
|
||||
-- end
|
||||
r.set_redirection (loc)
|
||||
r.execute
|
||||
end
|
||||
|
||||
@@ -118,7 +118,7 @@ feature {NONE} -- Implementation: routes
|
||||
r.add_error_message ("You are already signed in!")
|
||||
r.set_main_content (r.link ("Logout", "account/roc-logout", Void))
|
||||
else
|
||||
if attached smarty_template_block (Current, "login", api) as l_tpl_block then
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
r.add_javascript_url (r.url ("module/" + name + "/files/js/roc_basic_auth.js", Void))
|
||||
|
||||
create vals.make (1)
|
||||
@@ -170,7 +170,7 @@ feature {NONE} -- Block views
|
||||
local
|
||||
vals: CMS_VALUE_TABLE
|
||||
do
|
||||
if attached smarty_template_block (Current, a_block_id, a_response.api) as l_tpl_block then
|
||||
if attached smarty_template_login_block (a_response.request, Current, a_block_id, a_response.api) as l_tpl_block then
|
||||
create vals.make (1)
|
||||
-- add the variable to the block
|
||||
a_response.api.hooks.invoke_value_table_alter (vals, a_response)
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
<h3>Login or <a href="{$site_url/}account/roc-register">Register</a></h3>
|
||||
<div>
|
||||
<form name="cms_basic_auth" action="{$site_url/}roc-basic-login" method="POST">
|
||||
{unless isempty="$site_destination"}<input type="hidden" name="destination" value="{$site_destination/}">{/unless}
|
||||
<input type="hidden" name="host" id="host" value="{$site_url/}">
|
||||
<div>
|
||||
<input type="text" name="username" id="username" required>
|
||||
|
||||
@@ -136,18 +136,23 @@ feature -- Hooks
|
||||
local
|
||||
l_region: detachable READABLE_STRING_8
|
||||
l_cond: CMS_BLOCK_EXPRESSION_CONDITION
|
||||
l_block_pref: STRING
|
||||
do
|
||||
if attached smarty_template_block (Current, a_block_id, a_response.api) as bk then
|
||||
if attached a_response.api.module_configuration (Current, name) as cfg then
|
||||
l_block_pref := "blocks." + a_block_id
|
||||
if
|
||||
attached cfg.text_item ("blocks." + a_block_id + ".region") as s and then
|
||||
attached cfg.text_item (l_block_pref + ".region") as s and then
|
||||
s.is_valid_as_string_8
|
||||
then
|
||||
l_region := s.to_string_8
|
||||
end
|
||||
bk.set_weight (cfg.integer_item ("blocks." + a_block_id + ".weight"))
|
||||
bk.set_title (cfg.text_item ("blocks." + a_block_id + ".title"))
|
||||
if attached cfg.text_list_item ("blocks." + a_block_id + ".conditions") as l_cond_exp_list then
|
||||
bk.set_weight (cfg.integer_item (l_block_pref + ".weight"))
|
||||
bk.set_title (cfg.text_item (l_block_pref + ".title"))
|
||||
if attached cfg.text_item (l_block_pref + ".is_raw") as l_is_raw then
|
||||
bk.set_is_raw (l_is_raw.is_case_insensitive_equal ("yes"))
|
||||
end
|
||||
if attached cfg.text_list_item (l_block_pref + ".conditions") as l_cond_exp_list then
|
||||
across
|
||||
l_cond_exp_list as ic
|
||||
loop
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
"blocks": {
|
||||
"test": {
|
||||
"title": "Custom block test",
|
||||
"is_raw": "yes",
|
||||
"region": "footer",
|
||||
"weight": 100,
|
||||
"conditions": ["path:demo/*"]
|
||||
|
||||
@@ -3,8 +3,8 @@ note
|
||||
This module allows the use Session Based Authentication using Cookies to restrict access
|
||||
by looking up users in the given providers.
|
||||
]"
|
||||
date: "$Date$"
|
||||
revision: "$Revision$"
|
||||
date: "$Date: 2016-04-27 16:04:18 +0200 (mer., 27 avr. 2016) $"
|
||||
revision: "$Revision: 98643 $"
|
||||
|
||||
class
|
||||
CMS_SESSION_AUTH_MODULE
|
||||
@@ -115,7 +115,7 @@ feature -- Access: router
|
||||
if attached session_api as l_session_api then
|
||||
a_router.handle ("/" + login_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
|
||||
a_router.handle ("/" + logout_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, l_session_api, ?, ?)), a_router.methods_get_post)
|
||||
a_router.handle ("/account/auth/roc-session-login", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_get_post)
|
||||
a_router.handle ("/" + login_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_post)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -141,7 +141,7 @@ feature {NONE} -- Implementation: routes
|
||||
if api.user_is_authenticated then
|
||||
r.add_error_message ("You are already signed in!")
|
||||
else
|
||||
if attached smarty_template_block (Current, "login", api) as l_tpl_block then
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
create vals.make (1)
|
||||
-- add the variable to the block
|
||||
l_tpl_block.set_value (api.user, "user")
|
||||
@@ -172,9 +172,10 @@ feature {NONE} -- Implementation: routes
|
||||
attached api.user as l_user
|
||||
then
|
||||
-- Logout Session
|
||||
create l_cookie.make (tok, l_cookie_token.value) -- FIXME: unicode issue?
|
||||
create l_cookie.make (tok, "") -- l_cookie_token.value) -- FIXME: unicode issue?
|
||||
l_cookie.set_path ("/")
|
||||
l_cookie.set_max_age (-1)
|
||||
l_cookie.unset_max_age
|
||||
l_cookie.set_expiration_date (create {DATE_TIME}.make_from_epoch (0))
|
||||
res.add_cookie (l_cookie)
|
||||
api.unset_user
|
||||
|
||||
@@ -216,14 +217,18 @@ feature {NONE} -- Implementation: routes
|
||||
api.record_user_login (l_user)
|
||||
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached {WSF_STRING} req.query_parameter ("destination") as p_destination then
|
||||
r.set_redirection (p_destination.url_encoded_value)
|
||||
if
|
||||
attached {WSF_STRING} req.item ("destination") as p_destination and then
|
||||
attached p_destination.value as v and then
|
||||
v.is_valid_as_string_8
|
||||
then
|
||||
r.set_redirection (v.to_string_8)
|
||||
else
|
||||
r.set_redirection ("")
|
||||
end
|
||||
else
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached smarty_template_block (Current, "login", api) as l_tpl_block then
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
l_tpl_block.set_value (l_username.value, "username")
|
||||
l_tpl_block.set_value ("Wrong: Username or password ", "error")
|
||||
r.add_block (l_tpl_block, "content")
|
||||
@@ -232,7 +237,7 @@ feature {NONE} -- Implementation: routes
|
||||
r.execute
|
||||
else
|
||||
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached smarty_template_block (Current, "login", api) as l_tpl_block then
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
if attached {WSF_STRING} req.form_parameter ("username") as l_username then
|
||||
l_tpl_block.set_value (l_username.value, "username")
|
||||
end
|
||||
@@ -272,7 +277,7 @@ feature {NONE} -- Block views
|
||||
local
|
||||
vals: CMS_VALUE_TABLE
|
||||
do
|
||||
if attached smarty_template_block (Current, a_block_id, a_response.api) as l_tpl_block then
|
||||
if attached smarty_template_login_block (a_response.request, Current, a_block_id, a_response.api) as l_tpl_block then
|
||||
create vals.make (1)
|
||||
-- add the variable to the block
|
||||
a_response.api.hooks.invoke_value_table_alter (vals, a_response)
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
<h3>Login or <a href="{$site_url/}account/roc-register">Register</a></h3>
|
||||
<div>
|
||||
<form name="cms_session_auth" action="{$site_url/}account/auth/roc-session-login" method="POST">
|
||||
{unless isempty="$site_destination"}<input type="hidden" name="destination" value="{$site_destination/}">{/unless}
|
||||
<div>
|
||||
<input type="text" name="username" id="username" required value="{$username/}">
|
||||
<label>Username</label>
|
||||
|
||||
Reference in New Issue
Block a user