Jocelyn Fiat
bba1d57ce3
Added CMS_MODULE.permissions to allow module to declare the potential permissions. Added support for CMS_LINK.is_forbidden, in relation with CMS_LOCAL_LINK.permission_arguments. Split link "username (Logout)" into 2 links "username" and "logout". Fixed/Changed the way auth modules alter the logout link based on "(Logout)" title, by safer solution based on `location' of the link. Fixed usage of WSF_REQUEST.path_info by using percent_encoded_path_info which is not non unicode path info to be used most of the time. Merged CMS_REPONSE.variables and CMS_REPONSE.values . When possible, prefer usage of CMS_RESPONSE.user instead of CMS_REQUEST_UTIL.current_user (WSF_REQUEST) whenever it is possible. When possible, prefer usage of CMS_RESPONSE.location, rather than usage of WSF_REQUEST.(percent_encoded_)path_info . Code cleaning.
204 lines
4.8 KiB
Plaintext
204 lines
4.8 KiB
Plaintext
note
|
|
description: "[
|
|
Handler for a CMS user in the CMS interface
|
|
]"
|
|
date: "$Date$"
|
|
revision: "$Revision$"
|
|
|
|
class
|
|
CMS_USER_HANDLER
|
|
|
|
inherit
|
|
CMS_HANDLER
|
|
|
|
WSF_URI_HANDLER
|
|
rename
|
|
execute as uri_execute,
|
|
new_mapping as new_uri_mapping
|
|
end
|
|
|
|
WSF_URI_TEMPLATE_HANDLER
|
|
rename
|
|
execute as uri_template_execute,
|
|
new_mapping as new_uri_template_mapping
|
|
select
|
|
new_uri_template_mapping
|
|
end
|
|
|
|
WSF_RESOURCE_HANDLER_HELPER
|
|
redefine
|
|
do_get,
|
|
do_post,
|
|
do_delete
|
|
end
|
|
|
|
REFACTORING_HELPER
|
|
|
|
create
|
|
make
|
|
|
|
feature -- execute
|
|
|
|
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
|
|
-- Execute request handler
|
|
do
|
|
execute_methods (req, res)
|
|
end
|
|
|
|
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
|
|
-- Execute request handler
|
|
do
|
|
execute (req, res)
|
|
end
|
|
|
|
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
|
|
-- Execute request handler
|
|
do
|
|
execute (req, res)
|
|
end
|
|
|
|
feature -- Query
|
|
|
|
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
|
|
-- User id passed as path parameter for request `req'.
|
|
local
|
|
s: STRING
|
|
do
|
|
if attached {WSF_STRING} req.path_parameter ("id") as p_nid then
|
|
s := p_nid.value
|
|
if s.is_integer_64 then
|
|
Result := s.to_integer_64
|
|
end
|
|
end
|
|
end
|
|
|
|
feature -- HTTP Methods
|
|
|
|
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
|
|
-- <Precursor>
|
|
local
|
|
l_user: detachable CMS_USER
|
|
l_uid: INTEGER_64
|
|
edit_response: CMS_USER_FORM_RESPONSE
|
|
view_response: CMS_USER_VIEW_RESPONSE
|
|
r: CMS_RESPONSE
|
|
do
|
|
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
|
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
|
|
if req.percent_encoded_path_info.ends_with_general ("/edit") then
|
|
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
|
|
create edit_response.make (req, res, api)
|
|
edit_response.execute
|
|
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
|
|
check valid_url: req.percent_encoded_path_info.starts_with_general ("/admin/user/") end
|
|
create edit_response.make (req, res, api)
|
|
edit_response.execute
|
|
else
|
|
-- Display existing node
|
|
l_uid := user_id_path_parameter (req)
|
|
if l_uid > 0 then
|
|
l_user := api.user_api.user_by_id (l_uid)
|
|
if
|
|
l_user /= Void
|
|
then
|
|
create view_response.make (req, res, api)
|
|
view_response.execute
|
|
else
|
|
send_not_found (req, res)
|
|
end
|
|
else
|
|
create_new_user (req, res)
|
|
end
|
|
end
|
|
else
|
|
r.execute
|
|
end
|
|
end
|
|
|
|
|
|
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
|
|
local
|
|
edit_response: CMS_USER_FORM_RESPONSE
|
|
r: CMS_RESPONSE
|
|
do
|
|
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
|
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
|
|
if req.percent_encoded_path_info.ends_with_general ("/edit") then
|
|
create edit_response.make (req, res, api)
|
|
edit_response.execute
|
|
elseif req.percent_encoded_path_info.ends_with_general ("/delete") then
|
|
if
|
|
attached {WSF_STRING} req.form_parameter ("op") as l_op and then
|
|
l_op.value.same_string ("Delete")
|
|
then
|
|
do_delete (req, res)
|
|
end
|
|
elseif req.percent_encoded_path_info.ends_with_general ("/add/user") then
|
|
create edit_response.make (req, res, api)
|
|
edit_response.execute
|
|
end
|
|
else
|
|
r.execute
|
|
end
|
|
end
|
|
|
|
feature -- Error
|
|
|
|
do_error (req: WSF_REQUEST; res: WSF_RESPONSE; a_id: detachable WSF_STRING)
|
|
-- Handling error.
|
|
local
|
|
l_page: CMS_RESPONSE
|
|
do
|
|
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
|
|
l_page.set_value (req.absolute_script_url (req.percent_encoded_path_info), "request")
|
|
if a_id /= Void and then a_id.is_integer then
|
|
-- resource not found
|
|
l_page.set_value ("404", "code")
|
|
l_page.set_status_code (404)
|
|
else
|
|
-- bad request
|
|
l_page.set_value ("400", "code")
|
|
l_page.set_status_code (400)
|
|
end
|
|
l_page.execute
|
|
end
|
|
|
|
do_delete (req: WSF_REQUEST; res: WSF_RESPONSE)
|
|
-- <Precursor>
|
|
do
|
|
if attached current_user (req) as l_user then
|
|
if attached {WSF_STRING} req.path_parameter ("id") as l_id then
|
|
if
|
|
l_id.is_integer and then
|
|
attached api.user_api.user_by_id (l_id.integer_value) as u_user
|
|
then
|
|
api.user_api.delete_user(u_user)
|
|
res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (req.absolute_script_url ("")))
|
|
else
|
|
do_error (req, res, l_id)
|
|
end
|
|
else
|
|
(create {INTERNAL_SERVER_ERROR_CMS_RESPONSE}.make (req, res, api)).execute
|
|
end
|
|
else
|
|
send_access_denied (req, res)
|
|
end
|
|
end
|
|
|
|
|
|
feature {NONE} -- New User
|
|
|
|
create_new_user (req: WSF_REQUEST; res: WSF_RESPONSE)
|
|
local
|
|
edit_response: CMS_USER_FORM_RESPONSE
|
|
do
|
|
if req.percent_encoded_path_info.starts_with ("/admin/add/user") then
|
|
create edit_response.make (req, res, api)
|
|
edit_response.execute
|
|
else
|
|
send_bad_request (req, res)
|
|
end
|
|
end
|
|
|
|
end
|