cvsuser 05/11/07 20:49:03
Modified: App-Context/lib/App/Request CGI.pm
Log:
add permissions to widget display from URL and method calls, also
{open_widget_urls} option
Revision Changes Path
1.14 +35 -11 p5ee/App-Context/lib/App/Request/CGI.pm
Index: CGI.pm
===================================================================
RCS file: /cvs/public/p5ee/App-Context/lib/App/Request/CGI.pm,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- CGI.pm 9 Aug 2005 19:08:55 -0000 1.13
+++ CGI.pm 8 Nov 2005 04:49:03 -0000 1.14
@@ -254,6 +254,7 @@
$self->{cgi} = $cgi;
}
my $context = $self->{context};
+ my $options = $context->{options};
$context->dbgprint("Request::CGI->get_events() cgi=$cgi")
if ($App::DEBUG && $context->dbg(1));
@@ -261,7 +262,7 @@
my (@events);
if (defined $cgi) {
- my ($service, $name, $method, $args, $temp);
+ my ($service, $name, $method, $args, $init_args, $temp);
my $request_method = $cgi->request_method() || "GET";
if ($request_method eq "GET" || $request_method eq "POST") {
@@ -289,18 +290,27 @@
$method = "";
$args = "";
+ $init_args = "";
if ($request_method eq "GET") {
# get PATH_INFO and see if an event is embedded there
if ($path_info =~ s!\.([a-zA-Z0-9_]+)\(([^\(\)]*)\)$!!) {
$method = $1;
$args = $2;
}
+ elsif ($path_info =~ s!\.([a-zA-Z0-9_]+)$!!) {
+ $method = $1;
+ $args = "";
+ }
}
else {
- s!\.([a-zA-Z0-9_]+)\(([^\(\)]*)\)$!!;
+ $path_info =~ s!\.([a-zA-Z0-9_]+)\(([^\(\)]*)\)$!!;
}
- if ($path_info =~ m!^/([a-zA-Z._-]+)$!) {
+ if ($path_info =~ s!^/([a-zA-Z_][a-zA-Z0-9._-]*)\((.*)\)$!!) {
+ $name = $1;
+ $init_args = "{$2}";
+ }
+ elsif ($path_info =~ m!^/([a-zA-Z_][a-zA-Z0-9._-]*)$!) {
$name = $1;
}
else {
@@ -308,12 +318,14 @@
}
# override PATH_INFO with CGI variables
- $temp = $cgi->param("service");
- $service = $temp if ($temp);
- $temp = $cgi->param("name");
- $name = $temp if ($temp);
- $temp = $cgi->param("method");
- $method = $temp if ($temp);
+ $temp = $cgi->param("service");
+ $service = $temp if ($temp);
+ $temp = $cgi->param("name");
+ $name = $temp if ($temp);
+ $temp = $cgi->param("method");
+ $method = $temp if ($temp);
+ $temp = $cgi->param("init_args");
+ $init_args = $temp if ($temp);
my $content = "";
if (!$method && $request_method eq "POST") {
@@ -324,6 +336,13 @@
}
}
+ if ($init_args && $options->{open_widget_urls}) {
+ my $ser = $context->serializer("one_line", class =>
"App::Serializer::OneLine");
+ my $iargs = $ser->deserialize($init_args);
+ my $w = $context->widget($name, %$iargs);
+ }
+ my $permissions = $context->_so_get($name, "permissions");
+
if ($service && $name && $method) {
$temp = $cgi->param("args");
$args = $temp if ($temp);
@@ -337,10 +356,15 @@
$args = $ser->deserialize($args);
}
}
-
+ if (!$options->{open_widget_urls} && (!$permissions ||
!$permissions->{$method})) {
+ die "Not permitted to perform the [$method] method on
the [$name] widget\n";
+ }
push(@events, [ $service, $name, $method, $args ]);
}
elsif ($service && $name) {
+ if (!$options->{open_widget_urls} && (!$permissions ||
!$permissions->{view})) {
+ die "Not permitted to view widget [$name] from the
browser\n";
+ }
if ($request_method eq "POST") {
# do nothing
# push(@events, [ $service, $name, "post", $content ]);
