" @@ -2427,6 +3137,7 @@ Package instproc flush_name_cache {-name:required -parent_id:required} { # xowiki::LinkCache flush $parent_id ::xo::xotcl_object_type_cache flush -partition_key $parent_id $parent_id-$name + acs::per_request_cache flush -pattern xotcl-core.lookup-$parent_id-$name } Package instproc delete_revision {-revision_id:required -item_id:required} { @@ -2435,25 +3146,29 @@ ::xo::db::sql::content_revision del -revision_id $revision_id } - Package instproc www-delete {-item_id -name -parent_id} { - # - # This delete method does not require an instantiated object, - # while the class-specific delete methods in xowiki-procs need these. - # If a (broken) object can't be instantiated, it cannot be deleted. - # Therefore we need this package level delete method. - # While the class specific methods are used from the - # application pages, the package_level method is used from the admin pages. - # + Package instproc query_parameter_return_url {default} { + return [:query_parameter "return_url:localurl" \ + [:query_parameter "local_return_url:localurl" \ + $default]] + } + + Package ad_instproc www-delete {-item_id -name -parent_id -return_url} { + + This web-callable "delete" method does not require an instantiated object, + while the class-specific delete methods in xowiki-procs need these. + If a (broken) object can't be instantiated, it cannot be deleted. + Therefore, we need this package level delete method. + While the class specific methods are used from the + application pages, the package_level method is used from the admin pages. + + If no "item_id", "name" or "return_url" are given, take it from + the query parameters. + + } { #:log "--D delete [self args]" - # - # if no item_id given, take it from the query parameter - # + if {![info exists item_id]} { - set item_id [:query_parameter item_id] - if {![string is integer $item_id]} { - ad_return_complaint 1 "invalid item_id" - ad_script_abort - } + set item_id [:query_parameter item_id:int32] #:log "--D item_id from query parameter $item_id" } # @@ -2463,14 +3178,19 @@ set name [:query_parameter name] } + if {![info exists return_url]} { + set return_url [:query_parameter_return_url \ + [ad_urlencode_folder_path ${:package_url}]] + } + if {$item_id eq ""} { - array set "" [:item_info_from_url -with_package_prefix false $name] - if {$(item_id) == 0} { + set item_info [:item_info_from_url -with_package_prefix false $name] + if {[dict get $item_info item_id] == 0} { :log "www-delete: url lookup of '$name' failed" } else { - set parent_id $(parent_id) - set item_id $(item_id) - set name $(name) + set parent_id [dict get $item_info parent_id] + set item_id [dict get $item_info item_id] + set name [dict get $item_info name] } } else { set name [::xo::db::CrClass get_name -item_id $item_id] @@ -2493,7 +3213,7 @@ [_ xowiki.error-delete_entries_first [list count $count]]] } } - if {[:get_parameter "with_general_comments" 0]} { + if {[:get_parameter with_general_comments:boolean 0]} { # # We have general comments. In a first step, we have to delete # these, before we are able to delete the item. @@ -2509,13 +3229,14 @@ foreach child_item_id [::xo::db::CrClass get_child_item_ids -item_id $item_id] { :flush_references -item_id $child_item_id } + $object_type delete -item_id $item_id :flush_references -item_id $item_id -name $name -parent_id $parent_id :flush_page_fragment_cache -scope agg } else { :log "--D nothing to delete!" } - :returnredirect [:query_parameter "return_url" [${:id} package_url]] + :returnredirect $return_url } # @@ -2610,17 +3331,41 @@ # Class create ParameterCache - ParameterCache instproc get_parameter {{-check_query_parameter true} {-type ""} attribute {default ""}} { - set key [list ${:id} [self proc] $attribute] - if {[info commands "::xo::cc"] ne ""} { - if {[::xo::cc cache_exists $key]} { - return [::xo::cc cache_get $key] - } - return [::xo::cc cache_set $key [next]] + ParameterCache instproc get_parameter { + {-check_query_parameter true} + {-nocache:switch} + {-type ""} + attribute + {default ""} + } { + #ns_log notice "check for parameter $attribute, xo::cc exists <[info commands ::xo::cc]>" + if {$nocache} { + next } else { - # in case, we have no ::xo::cc (e.g. during bootstrap). - ns_log warning "no ::xo::cc available, returning default for parameter $attribute" - return $default + # + # Cache the parameter value regardless of the notation with + # "name:valueconstraint" + # + regexp {^([^:]+):.*$} $attribute _ attribute + + set key [list ${:id} [self proc] $attribute] + if {[nsf::is object "::xo::cc"]} { + if {[::xo::cc cache_exists $key]} { + return [::xo::cc cache_get $key] + } + return [::xo::cc cache_set $key [next]] + } else { + # in case, we have no ::xo::cc (e.g. during bootstrap). + ad_log warning "no ::xo::cc available (package_id ${:id}), returning default for parameter $attribute" + + # + # For more rigid debugging one might consider to enable the + # exception below. + # + #error "no ::xo::cc available (package_id ${:id}), returning default for parameter $attribute" + + return $default + } } } Package instmixin add ParameterCache @@ -2631,7 +3376,7 @@ # Package instproc condition=has_class {query_context value} { - return [expr {[$query_context query_parameter object_type ""] eq $value}] + return [expr {[$query_context query_parameter object_type:class ""] eq $value}] } Package instproc condition=has_name {query_context value} { return [regexp $value [$query_context query_parameter name ""]] @@ -2643,6 +3388,7 @@ Class create Package -array set require_permission { reindex swa + update-references {{id admin}} change-page-order {{id admin}} import-prototype-page swa refresh-login none @@ -2658,6 +3404,7 @@ {{has_name {[.](js|css)$}} id admin} {id create} } + create-from-prototype {{id create}} } Class create Page -array set require_permission { @@ -2669,10 +3416,12 @@ {package_id write} } save-attributes {{package_id write}} + autosave-attribute {{package_id write}} make-live-revision {{package_id write}} delete-revision {{package_id admin}} delete {{package_id admin}} bulk-delete {{package_id admin}} + duplicate {{package_id write}} save-tags login popular-tags login create-new {{parent_id create}} @@ -2695,15 +3444,21 @@ delete {{package_id admin}} edit-new {{item_id write}} } + + Class create FormPage -array set require_permission { + list { {{is_folder_page .} read} } + } } Policy policy2 -contains { # - # we require side wide admin rights for deletions and code + # Require side wide admin rights for deletions and creation of + # program code via ::xowiki::Object. # Class create Package -array set require_permission { reindex {{id admin}} + update-references {{id admin}} rss none refresh-login none google-sitemap none @@ -2718,6 +3473,7 @@ {{has_name {[.](js|css)$}} swa} {id create} } + create-from-prototype {{id create}} } Class create Page -array set require_permission { @@ -2729,10 +3485,12 @@ {package_id write} } save-attributes {{package_id write}} + autosave-attribute {{package_id write}} make-live-revision {{package_id write}} delete-revision swa delete swa bulk-delete swa + duplicate {{package_id write}} save-tags login popular-tags login create-new {{parent_id create}} @@ -2750,16 +3508,21 @@ edit admin list {{package_id read}} } + Class create FormPage -array set require_permission { + list { {{is_folder_page .} read} } + } } Policy policy3 -contains { # - # we require side wide admin rights for deletions - # we perform checking on item_ids for pages. + # Require side wide admin rights for deletions. Perform checking + # on item_ids (instead on package_id) for pages. This policy + # implements therefore per-page permissions. # Class create Package -array set require_permission { reindex {{id admin}} + update-references {{id admin}} rss none refresh-login none google-sitemap none @@ -2774,6 +3537,7 @@ {{has_name {[.](js|css)$}} swa} {id create} } + create-from-prototype {{id create}} } Class create Page -array set require_permission { @@ -2783,9 +3547,11 @@ edit {{item_id write}} make-live-revision {{item_id write}} save-attributes {{package_id write}} + autosave-attribute {{package_id write}} delete-revision swa delete swa bulk-delete swa + duplicate {{parent_id create}} save-tags login popular-tags login create-new {{parent_id create}} @@ -2815,7 +3581,10 @@ {{in_state initial|answered|suspended|working|done} creator} admin } - list admin + list { + {{is_folder_page .} read} + admin + } clipboard-add admin clipboard-clear admin clipboard-content admin @@ -2834,12 +3603,13 @@ #:log "--set granted [policy4 check_permissions -user_id 0 -package_id 0 function f]" # - # an example with in_state condition... + # An example with an "in_state" condition for workflows ... # Policy policy5 -contains { Class create Package -array set require_permission { reindex {{id admin}} + update-references {{id admin}} rss none refresh-login none google-sitemap none @@ -2854,6 +3624,7 @@ {{has_name {[.](js|css)$}} swa} {id create} } + create-from-prototype {{id create}} } Class create Page -array set require_permission { @@ -2862,10 +3633,12 @@ diff {{item_id write}} edit {{item_id write}} save-attributes {{item_id write}} + autosave-attribute {{item_id write}} make-live-revision {{item_id write}} delete-revision swa delete swa bulk-delete swa + duplicate {{parent_id create}} save-tags login popular-tags login create-new {{parent_id create}} @@ -2884,7 +3657,10 @@ edit { {{in_state initial|suspended|working} creator} admin } - list admin + list { + {{is_folder_page .} read} + admin + } } Class create Form -array set require_permission { view admin