Dispatcher: Auch Controller ermöglichen, die Admin-Login benötigen

[kivitendo-erp.git] / SL / Controller / Base.pm

diff --git a/SL/Controller/Base.pm b/SL/Controller/Base.pm
index 42bf6bd6efc4a18191d734bc94aa27514c4c29a4..c8713950c2d2415d6935d43fc8879809d1d1d2dd 100644 (file)
--- a/SL/Controller/Base.pm
+++ b/SL/Controller/Base.pm
@@ -7,6 +7,8 @@ use parent qw(Rose::Object);
 use Carp;
 use IO::File;
 use List::Util qw(first);
 use Carp;
 use IO::File;
 use List::Util qw(first);

+use SL::Request qw(flatten);
+use SL::MoreCommon qw(uri_encode);

 
 #
 # public/helper functions
 
 #
 # public/helper functions


@@ -21,7 +23,7 @@ sub url_for {
   my $controller  = delete($params{controller}) || $self->_controller_name;
   my $action      = delete($params{action})     || 'dispatch';
   $params{action} = "${controller}/${action}";
   my $controller  = delete($params{controller}) || $self->_controller_name;
   my $action      = delete($params{action})     || 'dispatch';
   $params{action} = "${controller}/${action}";

-  my $query       = join('&', map { $::form->escape($_) . '=' . $::form->escape($params{$_}) } keys %params);
+  my $query       = join '&', map { uri_encode($_->[0]) . '=' . uri_encode($_->[1]) } @{ flatten(\%params) };

 
   return "controller.pl?${query}";
 }
 
   return "controller.pl?${query}";
 }


@@ -30,7 +32,12 @@ sub redirect_to {
   my $self = shift;
   my $url  = $self->url_for(@_);
 
   my $self = shift;
   my $url  = $self->url_for(@_);
 

-  print $::cgi->redirect($url);
+  if ($self->delay_flash_on_redirect) {
+    require SL::Helper::Flash;
+    SL::Helper::Flash::delay_flash();
+  }
+
+  print $::request->{cgi}->redirect($url);

 }
 
 sub render {
 }
 
 sub render {


@@ -152,6 +159,19 @@ sub _run_hooks {
   }
 }
 
   }
 }
 

+#
+#  behaviour. override these
+#
+
+sub delay_flash_on_redirect {
+  0;
+}
+
+sub get_auth_level {
+  # Ignore the 'action' parameter.
+  return 'user';
+}
+

 #
 # private functions -- for use in Base only
 #
 #
 # private functions -- for use in Base only
 #


@@ -329,7 +349,7 @@ containing the template code to interprete. Additionally the output
 will not be sent to the browser. Instead it is only returned to the
 caller.
 
 will not be sent to the browser. Instead it is only returned to the
 caller.
 

-If C<< $options->{raw}>> is trueish, the function will treat the input as
+If C<< $options->{raw} >> is trueish, the function will treat the input as

 already parsed, and will not filter the input through Template. Unlike
 C<inline>, the input is taked as a reference.
 
 already parsed, and will not filter the input through Template. Unlike
 C<inline>, the input is taked as a reference.
 


@@ -482,6 +502,21 @@ action.
 
 The hook's return values are discarded.
 
 
 The hook's return values are discarded.
 

+=item delay_flash_on_redirect
+
+May be overridden by a controller. If this method returns true, redirect_to
+will delay all flash messages for the current request. Defaults to false for
+compatibility reasons.
+
+=item C<get_auth_level $action>
+
+May be overridden by a controller. Determines what kind of
+authentication is required for a particular action. Must return either
+C<admin> (which means that authentication as an admin is required),
+C<user> (authentication as a normal user suffices) with a possible
+future value C<none> (which would require no authentication but is not
+yet implemented).
+

 =back
 
 =head2 PRIVATE FUNCTIONS
 =back
 
 =head2 PRIVATE FUNCTIONS