simon/adl
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

bug 1801 : Prevent non-administrator access to administrator-only pages. This has involved creating a framework for authentication at controller level, which is not quite working at this stage

Browse source
This commit is contained in:
sb 2008-04-17 16:16:19 +00:00
parent c480c2d41e
commit fd3bfabe3a
1 changed files with 171 additions and 143 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
transforms01/adl2controllerclasses.xslt
View file

@ -9,8 +9,8 @@
Transform ADL into (partial) controller classes Transform ADL into (partial) controller classes
$Author: sb $ $Author: sb $
$Revision: 1.19 $ $Revision: 1.20 $
$Date: 2008-04-17 15:04:15 $ $Date: 2008-04-17 16:16:19 $
--> -->
<!-- WARNING WARNING WARNING: Do NOT reformat this file! <!-- WARNING WARNING WARNING: Do NOT reformat this file!
@ -71,7 +71,7 @@
// //
// Controller for auto-generated forms for editing <xsl:value-of select="@name"/>s // Controller for auto-generated forms for editing <xsl:value-of select="@name"/>s
// Automatically generated from application description using // Automatically generated from application description using
// adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.19 $', 10)"/> // adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.20 $', 10)"/>
// //
// This file is automatically generated; DO NOT EDIT IT. // This file is automatically generated; DO NOT EDIT IT.
// //
@ -92,7 +92,7 @@ namespace <xsl:value-of select="$controllerns"/> {
/// ///
/// DO NOT EDIT THIS FILE! /// DO NOT EDIT THIS FILE!
/// &lt;/summary&gt; /// &lt;/summary&gt;
public abstract class <xsl:value-of select="concat( 'Abstract', /adl:application/@name, 'Controller')"/> : BaseController { public abstract partial class <xsl:value-of select="concat( 'Abstract', /adl:application/@name, 'Controller')"/> : BaseController {
<xsl:for-each select="//adl:entity"> <xsl:for-each select="//adl:entity">
/// &lt;summary&gt; /// &lt;summary&gt;
/// Return a list of all instances of <xsl:value-of select="@name"/> for use in menus, etc; /// Return a list of all instances of <xsl:value-of select="@name"/> for use in menus, etc;
@ -128,7 +128,7 @@ namespace <xsl:value-of select="$controllerns"/> {
// //
// Controller for auto-generated forms for editing <xsl:value-of select="@name"/>s // Controller for auto-generated forms for editing <xsl:value-of select="@name"/>s
// Automatically generated from application description using // Automatically generated from application description using
// adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.19 $', 10)"/> // adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.20 $', 10)"/>
// //
// This file is automatically generated; DO NOT EDIT IT. // This file is automatically generated; DO NOT EDIT IT.
// //
@ -182,6 +182,10 @@ namespace <xsl:value-of select="$controllerns"/> {
NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN], NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN],
Session[NHibernateHelper.PASSTOKEN]</xsl:if>); Session[NHibernateHelper.PASSTOKEN]</xsl:if>);
List&lt;string&gt; messages = new List&lt;string&gt;(); List&lt;string&gt; messages = new List&lt;string&gt;();
// A 'newborn' instance can be updated even if the current user doesn't have
// update permissions, seeing that we use an update operation to set the
// field values and save the entity.
Boolean isnewborn = false;
<xsl:apply-templates select="descendant::adl:property"/> <xsl:apply-templates select="descendant::adl:property"/>
@ -190,6 +194,7 @@ namespace <xsl:value-of select="$controllerns"/> {
</xsl:call-template> </xsl:call-template>
if ( record == null) { if ( record == null) {
if ( AssertUserCanCreate()) {
/* it seems to be new, create persistent object */ /* it seems to be new, create persistent object */
try { try {
record = new <xsl:value-of select="concat($entityns, '.', @name)"/>(<xsl:for-each select="adl:key/adl:property"> record = new <xsl:value-of select="concat($entityns, '.', @name)"/>(<xsl:for-each select="adl:key/adl:property">
@ -233,9 +238,17 @@ namespace <xsl:value-of select="$controllerns"/> {
record = new <xsl:value-of select="concat($entityns, '.', @name)"/>(); record = new <xsl:value-of select="concat($entityns, '.', @name)"/>();
} }
messages.Add( "New <xsl:value-of select="@name"/> record created"); messages.Add( "New <xsl:value-of select="@name"/> record created");
isnewborn = true;
}
else
{
AddError( "You are not authorised to create objects of type <xsl:value-of select="@name"/>");
}
} }
if ( record != null) { if ( record != null) {
if ( isnewborn || AssertUserCanUpdate())
{
try { try {
/* actually update the record */ /* actually update the record */
BindObjectInstance( record, ParamStore.Form, "instance"); BindObjectInstance( record, ParamStore.Form, "instance");
@ -367,6 +380,8 @@ namespace <xsl:value-of select="$controllerns"/> {
hibernator.Flush(); hibernator.Flush();
messages.Add( "Record saved successfully"); messages.Add( "Record saved successfully");
} }
catch ( DataSuitabilityException dse) catch ( DataSuitabilityException dse)
{ {
@ -376,6 +391,10 @@ namespace <xsl:value-of select="$controllerns"/> {
{ {
AddError( axe.Message); AddError( axe.Message);
} }
}
else {
AddError( "You are not authorised to update objects of type <xsl:value-of select="@name"/>");
}
PropertyBag["messages"] = messages; PropertyBag["messages"] = messages;
PropertyBag["instance"] = record; PropertyBag["instance"] = record;
@ -413,6 +432,8 @@ namespace <xsl:value-of select="$controllerns"/> {
/// &lt;/summary&gt; /// &lt;/summary&gt;
[AccessibleThrough(Verb.Post)] [AccessibleThrough(Verb.Post)]
public void Delete() public void Delete()
{
if ( AssertUserCanDelete())
{ {
ISession hibernator = ISession hibernator =
NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN], NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN],
@ -445,6 +466,9 @@ namespace <xsl:value-of select="$controllerns"/> {
Redirect( FormsAuthentication.DefaultUrl); Redirect( FormsAuthentication.DefaultUrl);
</xsl:otherwise> </xsl:otherwise>
</xsl:choose> </xsl:choose>
} else {
AddError( "You are not authorised to delete objects of type <xsl:value-of select="@name"/>");
}
} }
</xsl:if> </xsl:if>
<xsl:apply-templates select="adl:form"/> <xsl:apply-templates select="adl:form"/>
@ -468,6 +492,7 @@ namespace <xsl:value-of select="$controllerns"/> {
/// &lt;param name="view"&gt;The name of the list view to show&lt;/param&gt; /// &lt;param name="view"&gt;The name of the list view to show&lt;/param&gt;
public void InternalShowList( String view) public void InternalShowList( String view)
{ {
if ( AssertUserCanRead()) {
ISession hibernator = ISession hibernator =
NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN], NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN],
Session[NHibernateHelper.PASSTOKEN]</xsl:if>); Session[NHibernateHelper.PASSTOKEN]</xsl:if>);
@ -483,6 +508,9 @@ namespace <xsl:value-of select="$controllerns"/> {
PaginationHelper.CreatePagination( this, instances, 25); PaginationHelper.CreatePagination( this, instances, 25);
RenderViewWithFailover(view + ".vm", view + ".auto.vm"); RenderViewWithFailover(view + ".vm", view + ".auto.vm");
} else {
AddError( "You are not authorised to delete view of type <xsl:value-of select="@name"/>");
}
} }
</xsl:if> </xsl:if>
} }