simon/adl
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

bug 1801 : Prevent non-administrator access to administrator-only pages. This has involved creating a framework for authentication at controller level, which is not quite working at this stage

Browse source
This commit is contained in:
sb 2008-04-17 16:16:19 +00:00
parent c480c2d41e
commit fd3bfabe3a
1 changed files with 171 additions and 143 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
transforms01/adl2controllerclasses.xslt
View file

@ -9,8 +9,8 @@
Transform ADL into (partial) controller classes
$Author: sb $
$Revision: 1.19 $
$Date: 2008-04-17 15:04:15 $
$Revision: 1.20 $
$Date: 2008-04-17 16:16:19 $
-->
<!-- WARNING WARNING WARNING: Do NOT reformat this file!
@ -71,7 +71,7 @@
//
// Controller for auto-generated forms for editing <xsl:value-of select="@name"/>s
// Automatically generated from application description using
// adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.19 $', 10)"/>
// adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.20 $', 10)"/>
//
// This file is automatically generated; DO NOT EDIT IT.
//
@ -92,7 +92,7 @@ namespace <xsl:value-of select="$controllerns"/> {
///
/// DO NOT EDIT THIS FILE!
/// &lt;/summary&gt;
public abstract class <xsl:value-of select="concat( 'Abstract', /adl:application/@name, 'Controller')"/> : BaseController {
public abstract partial class <xsl:value-of select="concat( 'Abstract', /adl:application/@name, 'Controller')"/> : BaseController {
<xsl:for-each select="//adl:entity">
/// &lt;summary&gt;
/// Return a list of all instances of <xsl:value-of select="@name"/> for use in menus, etc;
@ -128,7 +128,7 @@ namespace <xsl:value-of select="$controllerns"/> {
//
// Controller for auto-generated forms for editing <xsl:value-of select="@name"/>s
// Automatically generated from application description using
// adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.19 $', 10)"/>
// adl2controllerclasses.xslt version <xsl:value-of select="substring( '$Revision: 1.20 $', 10)"/>
//
// This file is automatically generated; DO NOT EDIT IT.
//
@ -182,6 +182,10 @@ namespace <xsl:value-of select="$controllerns"/> {
NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN],
Session[NHibernateHelper.PASSTOKEN]</xsl:if>);
List&lt;string&gt; messages = new List&lt;string&gt;();
// A 'newborn' instance can be updated even if the current user doesn't have
// update permissions, seeing that we use an update operation to set the
// field values and save the entity.
Boolean isnewborn = false;
<xsl:apply-templates select="descendant::adl:property"/>
@ -190,6 +194,7 @@ namespace <xsl:value-of select="$controllerns"/> {
</xsl:call-template>
if ( record == null) {
if ( AssertUserCanCreate()) {
/* it seems to be new, create persistent object */
try {
record = new <xsl:value-of select="concat($entityns, '.', @name)"/>(<xsl:for-each select="adl:key/adl:property">
@ -233,9 +238,17 @@ namespace <xsl:value-of select="$controllerns"/> {
record = new <xsl:value-of select="concat($entityns, '.', @name)"/>();
}
messages.Add( "New <xsl:value-of select="@name"/> record created");
isnewborn = true;
}
else
{
AddError( "You are not authorised to create objects of type <xsl:value-of select="@name"/>");
}
}
if ( record != null) {
if ( isnewborn || AssertUserCanUpdate())
{
try {
/* actually update the record */
BindObjectInstance( record, ParamStore.Form, "instance");
@ -367,6 +380,8 @@ namespace <xsl:value-of select="$controllerns"/> {
hibernator.Flush();
messages.Add( "Record saved successfully");
}
catch ( DataSuitabilityException dse)
{
@ -376,6 +391,10 @@ namespace <xsl:value-of select="$controllerns"/> {
{
AddError( axe.Message);
}
}
else {
AddError( "You are not authorised to update objects of type <xsl:value-of select="@name"/>");
}
PropertyBag["messages"] = messages;
PropertyBag["instance"] = record;
@ -413,6 +432,8 @@ namespace <xsl:value-of select="$controllerns"/> {
/// &lt;/summary&gt;
[AccessibleThrough(Verb.Post)]
public void Delete()
{
if ( AssertUserCanDelete())
{
ISession hibernator =
NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN],
@ -445,6 +466,9 @@ namespace <xsl:value-of select="$controllerns"/> {
Redirect( FormsAuthentication.DefaultUrl);
</xsl:otherwise>
</xsl:choose>
} else {
AddError( "You are not authorised to delete objects of type <xsl:value-of select="@name"/>");
}
}
</xsl:if>
<xsl:apply-templates select="adl:form"/>
@ -468,6 +492,7 @@ namespace <xsl:value-of select="$controllerns"/> {
/// &lt;param name="view"&gt;The name of the list view to show&lt;/param&gt;
public void InternalShowList( String view)
{
if ( AssertUserCanRead()) {
ISession hibernator =
NHibernateHelper.GetCurrentSession( <xsl:if test="$authentication-layer = 'Database'">Session[ NHibernateHelper.USERTOKEN],
Session[NHibernateHelper.PASSTOKEN]</xsl:if>);
@ -483,6 +508,9 @@ namespace <xsl:value-of select="$controllerns"/> {
PaginationHelper.CreatePagination( this, instances, 25);
RenderViewWithFailover(view + ".vm", view + ".auto.vm");
} else {
AddError( "You are not authorised to delete view of type <xsl:value-of select="@name"/>");
}
}
</xsl:if>
}