X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/abd4a0b007159d46da41dc6ed832acc3e85c9744..a3339fc75fd7c2fd1328e5444dcde255e4034f95:/SL/Controller/Base.pm?ds=inline

diff --git a/SL/Controller/Base.pm b/SL/Controller/Base.pm
index 285bfcee4..29289ff96 100644
--- a/SL/Controller/Base.pm
+++ b/SL/Controller/Base.pm
@@ -7,6 +7,8 @@ use parent qw(Rose::Object);
 use Carp;
 use IO::File;
 use List::Util qw(first);
+use SL::Request qw(flatten);
+use SL::MoreCommon qw(uri_encode);
 
 #
 # public/helper functions
@@ -21,7 +23,7 @@ sub url_for {
   my $controller  = delete($params{controller}) || $self->_controller_name;
   my $action      = delete($params{action})     || 'dispatch';
   $params{action} = "${controller}/${action}";
-  my $query       = join('&', map { $::form->escape($_) . '=' . $::form->escape($params{$_}) } keys %params);
+  my $query       = join '&', map { uri_encode($_->[0]) . '=' . uri_encode($_->[1]) } @{ flatten(\%params) };
 
   return "controller.pl?${query}";
 }
@@ -165,6 +167,11 @@ sub delay_flash_on_redirect {
   0;
 }
 
+sub get_auth_level {
+  # Ignore the 'action' parameter.
+  return 'user';
+}
+
 #
 # private functions -- for use in Base only
 #
@@ -495,12 +502,21 @@ action.
 
 The hook's return values are discarded.
 
-=item delay_flash_on_redirect
+=item C<delay_flash_on_redirect>
 
 May be overridden by a controller. If this method returns true, redirect_to
 will delay all flash messages for the current request. Defaults to false for
 compatibility reasons.
 
+=item C<get_auth_level $action>
+
+May be overridden by a controller. Determines what kind of
+authentication is required for a particular action. Must return either
+C<admin> (which means that authentication as an admin is required),
+C<user> (authentication as a normal user suffices) with a possible
+future value C<none> (which would require no authentication but is not
+yet implemented).
+
 =back
 
 =head2 PRIVATE FUNCTIONS