Dispatcher: Auch Controller ermöglichen, die Admin-Login benötigen

[kivitendo-erp.git] / SL / Controller / Base.pm

diff --git a/SL/Controller/Base.pm b/SL/Controller/Base.pm
index f8eee88a6cd0e141af4bfa7aa806c5fb36f5b579..c8713950c2d2415d6935d43fc8879809d1d1d2dd 100644 (file)
--- a/SL/Controller/Base.pm
+++ b/SL/Controller/Base.pm
@@ -7,6 +7,8 @@ use parent qw(Rose::Object);
 use Carp;
 use IO::File;
 use List::Util qw(first);
+use SL::Request qw(flatten);
+use SL::MoreCommon qw(uri_encode);
 
 #
 # public/helper functions
@@ -21,7 +23,7 @@ sub url_for {
   my $controller  = delete($params{controller}) || $self->_controller_name;
   my $action      = delete($params{action})     || 'dispatch';
   $params{action} = "${controller}/${action}";
-  my $query       = join('&', map { $::form->escape($_) . '=' . $::form->escape($params{$_}) } keys %params);
+  my $query       = join '&', map { uri_encode($_->[0]) . '=' . uri_encode($_->[1]) } @{ flatten(\%params) };
 
   return "controller.pl?${query}";
 }
@@ -30,7 +32,12 @@ sub redirect_to {
   my $self = shift;
   my $url  = $self->url_for(@_);
 
-  print $::cgi->redirect($url);
+  if ($self->delay_flash_on_redirect) {
+    require SL::Helper::Flash;
+    SL::Helper::Flash::delay_flash();
+  }
+
+  print $::request->{cgi}->redirect($url);
 }
 
 sub render {
@@ -45,6 +52,9 @@ sub render {
   if ($options->{inline}) {
     $source = \$template;
 
+  } elsif($options->{raw}) {
+    $source =  $template;
+
   } else {
     $source = "templates/webpages/${template}." . $options->{type};
     croak "Template file ${source} not found" unless -f $source;
@@ -77,8 +87,12 @@ sub render {
                );
 
   my $output;
-  my $parser = $self->_template_obj;
-  $parser->process($source, \%params, \$output) || croak $parser->error;
+  if (!$options->{raw}) {
+    my $parser = $self->_template_obj;
+    $parser->process($source, \%params, \$output) || croak $parser->error;
+  } else {
+    $output = $$source;
+  }
 
   print $output unless $options->{inline} || $options->{no_output};
 
@@ -145,6 +159,19 @@ sub _run_hooks {
   }
 }
 
+#
+#  behaviour. override these
+#
+
+sub delay_flash_on_redirect {
+  0;
+}
+
+sub get_auth_level {
+  # Ignore the 'action' parameter.
+  return 'user';
+}
+
 #
 # private functions -- for use in Base only
 #
@@ -322,6 +349,10 @@ containing the template code to interprete. Additionally the output
 will not be sent to the browser. Instead it is only returned to the
 caller.
 
+If C<< $options->{raw} >> is trueish, the function will treat the input as
+already parsed, and will not filter the input through Template. Unlike
+C<inline>, the input is taked as a reference.
+
 If C<< $options->{inline} >> is falsish then C<$template> is
 interpreted as the name of a template file. It is prefixed with
 "templates/webpages/" and postfixed with a file extension based on
@@ -471,6 +502,21 @@ action.
 
 The hook's return values are discarded.
 
+=item delay_flash_on_redirect
+
+May be overridden by a controller. If this method returns true, redirect_to
+will delay all flash messages for the current request. Defaults to false for
+compatibility reasons.
+
+=item C<get_auth_level $action>
+
+May be overridden by a controller. Determines what kind of
+authentication is required for a particular action. Must return either
+C<admin> (which means that authentication as an admin is required),
+C<user> (authentication as a normal user suffices) with a possible
+future value C<none> (which would require no authentication but is not
+yet implemented).
+
 =back
 
 =head2 PRIVATE FUNCTIONS