X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/kivitendo-erp.git/blobdiff_plain/8084ef359515031ec8429b49baf0ab09858f55d2..6afd06adfeb66b481b7240637351a34a41e702d1:/SL/Controller/Base.pm

diff --git a/SL/Controller/Base.pm b/SL/Controller/Base.pm
index 42bf6bd6e..c8713950c 100644
--- a/SL/Controller/Base.pm
+++ b/SL/Controller/Base.pm
@@ -7,6 +7,8 @@ use parent qw(Rose::Object);
 use Carp;
 use IO::File;
 use List::Util qw(first);
+use SL::Request qw(flatten);
+use SL::MoreCommon qw(uri_encode);
 
 #
 # public/helper functions
@@ -21,7 +23,7 @@ sub url_for {
   my $controller  = delete($params{controller}) || $self->_controller_name;
   my $action      = delete($params{action})     || 'dispatch';
   $params{action} = "${controller}/${action}";
-  my $query       = join('&', map { $::form->escape($_) . '=' . $::form->escape($params{$_}) } keys %params);
+  my $query       = join '&', map { uri_encode($_->[0]) . '=' . uri_encode($_->[1]) } @{ flatten(\%params) };
 
   return "controller.pl?${query}";
 }
@@ -30,7 +32,12 @@ sub redirect_to {
   my $self = shift;
   my $url  = $self->url_for(@_);
 
-  print $::cgi->redirect($url);
+  if ($self->delay_flash_on_redirect) {
+    require SL::Helper::Flash;
+    SL::Helper::Flash::delay_flash();
+  }
+
+  print $::request->{cgi}->redirect($url);
 }
 
 sub render {
@@ -152,6 +159,19 @@ sub _run_hooks {
   }
 }
 
+#
+#  behaviour. override these
+#
+
+sub delay_flash_on_redirect {
+  0;
+}
+
+sub get_auth_level {
+  # Ignore the 'action' parameter.
+  return 'user';
+}
+
 #
 # private functions -- for use in Base only
 #
@@ -329,7 +349,7 @@ containing the template code to interprete. Additionally the output
 will not be sent to the browser. Instead it is only returned to the
 caller.
 
-If C<< $options->{raw}>> is trueish, the function will treat the input as
+If C<< $options->{raw} >> is trueish, the function will treat the input as
 already parsed, and will not filter the input through Template. Unlike
 C<inline>, the input is taked as a reference.
 
@@ -482,6 +502,21 @@ action.
 
 The hook's return values are discarded.
 
+=item delay_flash_on_redirect
+
+May be overridden by a controller. If this method returns true, redirect_to
+will delay all flash messages for the current request. Defaults to false for
+compatibility reasons.
+
+=item C<get_auth_level $action>
+
+May be overridden by a controller. Determines what kind of
+authentication is required for a particular action. Must return either
+C<admin> (which means that authentication as an admin is required),
+C<user> (authentication as a normal user suffices) with a possible
+future value C<none> (which would require no authentication but is not
+yet implemented).
+
 =back
 
 =head2 PRIVATE FUNCTIONS