Added basic webapi system to ROC CMS system.

Added sql_delete routine to replace sql_modify with "DELETE FROM .." sql statement.
Fixed filter setup when a module has more than one filter.
Fixed filter setup for site,admin and webapi modes.
Added CMS_AUTH_FILTER, and check if user is already authenticated, then skip following auth filters.
Added specific webapi handler classes for root, user, access token, ...
Added user profile system to the core module.
Moved /user/{uid} from auth module to core module.
Added possibility to add html before and after a cms form. (useful to add a form before or after, as nested form are forbidden).
Now theme can be installed using roc install command.

Author: jocelyn

cms-safe.ecf

@@ -1,15 +1,18 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-15-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-15-0 http://www.eiffel.com/developers/xml/configuration-1-15-0.xsd" name="cms" uuid="8CC0D052-57D1-4CAA-AFF1-448FA290734B" library_target="cms">
+<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-17-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-17-0 http://www.eiffel.com/developers/xml/configuration-1-17-0.xsd" name="cms" uuid="8CC0D052-57D1-4CAA-AFF1-448FA290734B" library_target="cms">
 	<target name="cms">
 		<root all_classes="true"/>
 		<file_rule>
 			<exclude>/.svn$</exclude>
 			<exclude>/CVS$</exclude>
 			<exclude>/EIFGENs$</exclude>
 		</file_rule>
-		<option warning="true" void_safety="all">
+		<option warning="true">
 		</option>
-		<setting name="concurrency" value="scoop"/>
+		<capability>
+			<concurrency support="scoop" use="scoop"/>
+			<void_safety support="all" use="all"/>
+		</capability>
 		<mapping old_name="CMS_LAYOUT" new_name="CMS_ENVIRONMENT"/>
 		<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
 		<library name="base_extension" location="$ISE_LIBRARY\library\base_extension\base_extension-safe.ecf"/>
@@ -20,9 +23,11 @@
 		<library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder-safe.ecf" readonly="false"/>
 		<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error-safe.ecf"/>
 		<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/>
+		<library name="http_authorization" location="$ISE_LIBRARY\contrib\library\web\authentication\http_authorization\http_authorization-safe.ecf"/>
 		<library name="i18n" location="$ISE_LIBRARY\library\i18n\i18n-safe.ecf"/>
 		<library name="json" location="$ISE_LIBRARY\contrib\library\text\parser\json\library\json-safe.ecf" readonly="false"/>
 		<library name="kmp_matcher" location="$ISE_LIBRARY\library\text\regexp\kmp_matcher\kmp_matcher-safe.ecf"/>
+		<library name="microdata" location="$ISE_LIBRARY\contrib\library\text\parser\microdata\microdata.ecf"/>
 		<library name="net" location="$ISE_LIBRARY\library\net\net-safe.ecf"/>
 		<library name="notification_mailer" location="$ISE_LIBRARY\contrib\library\runtime\process\notification_email\notification_email-safe.ecf"/>
 		<library name="smarty" location="$ISE_LIBRARY\contrib\library\text\template\smarty\smarty-safe.ecf" readonly="false"/>

cms.ecf

@@ -20,6 +20,7 @@
 		<library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder.ecf" readonly="false"/>
 		<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error.ecf"/>
 		<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http.ecf"/>
+		<library name="http_authorization" location="$ISE_LIBRARY\contrib\library\web\authentication\http_authorization\http_authorization.ecf"/>
 		<library name="i18n" location="$ISE_LIBRARY\library\i18n\i18n.ecf"/>
 		<library name="json" location="$ISE_LIBRARY\contrib\library\text\parser\json\library\json.ecf" readonly="false"/>
 		<library name="kmp_matcher" location="$ISE_LIBRARY\library\text\regexp\kmp_matcher\kmp_matcher.ecf"/>

examples/demo/roc.cfg

@@ -3,7 +3,11 @@
 	"project": "demo-safe.ecf",
 	"location": ".",
 	"site_directory": "site",
+	"themes": {
+		"admin": 			{ "location": "../../themes/admin", "mode": "link" }
+	},
 	"modules": {
+		"demo": 			{ "location": "modules/demo" },
 		"core": 			{ "location": "../../modules/core" },
 		"admin": 			{ "location": "../../modules/admin" },
 		"auth": 			{ "location": "../../modules/auth" },

examples/demo/site/config/cms.ini

@@ -57,13 +57,15 @@ output=site\db\mails
 #openid.token=
 #oauth.token=
 
+[webapi]
+mode=on
 
 [administration]
 base_path=/roc-admin
-#theme=admin
+theme=admin
 # CMS Installation, are accessible by "all", "none" or uppon "permission". (default is none)
 installation_access=all
 
 [dev]
 # masquerade: all, none, permission. Default is none.
-masquerade=none
+masquerade=all

library/model/src/user/cms_user.e

@@ -98,19 +98,6 @@ feature -- Roles
 	roles: detachable LIST [CMS_USER_ROLE]
 			-- If set, list of roles for current user.			
 
-feature -- Access: data			
-
-	item (k: READABLE_STRING_GENERAL): detachable ANY assign put
-			-- Additional item data associated with key `k'.
-		do
-			if attached items as tb then
-				Result := tb.item (k)
-			end
-		end
-
-	items: detachable STRING_TABLE [detachable ANY]
-			-- Additional data.
-
 feature -- Status report
 
 	has_id: BOOLEAN
@@ -223,29 +210,6 @@ feature -- Element change: roles
 			roles := lst
 		end
 
-feature -- Change element: data
-
-	put (d: like item; k: READABLE_STRING_GENERAL)
-			-- Associate data item `d' with key `k'.
-		local
-			tb: like items
-		do
-			tb := items
-			if tb = Void then
-				create tb.make (1)
-				items := tb
-			end
-			tb.force (d, k)
-		end
-
-	remove (k: READABLE_STRING_GENERAL)
-			-- Remove data item associated with key `k'.	
-		do
-			if attached items as tb then
-				tb.remove (k)
-			end
-		end
-
 feature -- Status change		
 
 	mark_not_active

library/model/src/user/cms_user_profile.e

@@ -0,0 +1,72 @@
+note
+	description: "[
+				User profile used to extend information associated with a {CMS_USER}.
+			]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_USER_PROFILE
+
+inherit
+	TABLE_ITERABLE [READABLE_STRING_32, READABLE_STRING_GENERAL]
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make
+			-- Create Current profile.
+		do
+			create items.make (0)
+		end
+
+feature -- Access
+
+	item alias "[]" (k: READABLE_STRING_GENERAL): detachable READABLE_STRING_32
+			-- Profile item associated with key `k`.
+		do
+			Result := items.item (k)
+		end
+
+	has_key (k: READABLE_STRING_GENERAL): BOOLEAN
+			-- Has a profile item associated with key `k`?
+		do
+			Result := items.has (k)
+		end
+
+	count: INTEGER
+		do
+			Result := items.count
+		end
+
+	is_empty: BOOLEAN
+		do
+			Result := items.is_empty
+		end
+
+feature -- Change
+
+	force (v: READABLE_STRING_GENERAL; k: READABLE_STRING_GENERAL)
+			-- Associated value `v` with key `k`.
+		do
+			items.force (v.to_string_32, k)
+		end
+
+feature -- Access
+
+	new_cursor: TABLE_ITERATION_CURSOR [READABLE_STRING_32, READABLE_STRING_GENERAL]
+			-- Fresh cursor associated with current structure
+		do
+			Result := items.new_cursor
+		end
+
+feature {NONE} -- Implementation				
+
+	items: STRING_TABLE [READABLE_STRING_32]
+
+;note
+	copyright: "2011-2014, Javier Velilla, Jocelyn Fiat, Eiffel Software and others"
+	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
+end

library/persistence/implementation/store/cms_storage_store_sql.e

@@ -110,6 +110,12 @@ feature -- Query
 			sql_post_execution
 		end
 
+	sql_delete (a_sql_statement: STRING; a_params: detachable STRING_TABLE [detachable ANY])
+			-- <Precursor>
+		do
+			sql_modify (a_sql_statement, a_params)
+		end
+
 	sql_rows_count: INTEGER
 			-- Number of rows for last sql execution.	
 		do

library/persistence/sqlite3/src/cms_storage_sqlite3.e

@@ -230,6 +230,12 @@ feature -- Operation
 			end
 		end
 
+	sql_delete (a_sql_statement: STRING; a_params: detachable STRING_TABLE [detachable ANY])
+			-- <Precursor>
+		do
+			sql_modify (a_sql_statement, a_params)
+		end
+
 	sqlite_arguments (a_params: STRING_TABLE [detachable ANY]): ARRAYED_LIST [SQLITE_BIND_ARG [ANY]]
 		local
 			k: READABLE_STRING_GENERAL

modules/auth/cms_auth_strategy_filter.e

@@ -0,0 +1,29 @@
+note
+	description: "Summary description for {CMS_AUTH_FILTER_WITH_LOGOUT}."
+	author: ""
+	date: "$Date$"
+	revision: "$Revision$"
+
+deferred class
+	CMS_AUTH_STRATEGY_FILTER
+
+inherit
+	CMS_AUTH_FILTER
+		redefine
+			set_current_user
+		end
+
+feature -- Basic operations
+
+	auth_strategy: STRING
+		deferred
+		end
+
+	set_current_user (u: CMS_USER)
+		do
+			Precursor (u)
+				-- Record auth strategy:
+			api.set_execution_variable ({CMS_AUTHENTICATION_MODULE}.auth_strategy_execution_variable_name, auth_strategy)
+		end
+
+end

modules/auth/cms_authentication_module.e

@@ -124,8 +124,6 @@ feature -- Router
 			a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password(a_api, ?, ?)), a_router.methods_get_post)
 			a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password(a_api, ?, ?)), a_router.methods_get_post)
 			a_router.handle ("/account/change/{field}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_change_field (a_api, ?, ?)), a_router.methods_get_post)
-
-			a_router.handle ("/user/{uid}", create {CMS_USER_HANDLER}.make (a_api), a_router.methods_get)
 		end
 
 feature -- Hooks configuration
@@ -206,6 +204,23 @@ feature -- Hooks configuration
 			end
 		end
 
+feature -- Handler / Constants
+
+	auth_strategy_execution_variable_name: STRING = "auth_strategy"
+			-- Exevc
+
+	auth_strategy (req: WSF_REQUEST): detachable READABLE_STRING_8
+			-- Strategy used by current authentication.
+			-- note: if user is authenticated..
+		do
+			if
+				attached {READABLE_STRING_GENERAL} req.execution_variable (auth_strategy_execution_variable_name) as s and then
+				s.is_valid_as_string_8
+			then
+				Result := s.to_string_8
+			end
+		end
+
 feature -- Handler
 
 	handle_account (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -214,17 +229,44 @@ feature -- Handler
 			l_user: detachable CMS_USER
 			b: STRING
 			lnk: CMS_LOCAL_LINK
+			f: CMS_FORM
+			tf: WSF_FORM_TEXT_INPUT
 		do
 			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
 			create b.make_empty
 			l_user := r.user
+			create f.make (r.location, "roccms-user-view")
 			if attached smarty_template_block (Current, "account_info", api) as l_tpl_block then
 				l_tpl_block.set_weight (-10)
 				r.add_block (l_tpl_block, "content")
 			else
 				debug ("cms")
 					r.add_warning_message ("Error with block [resources_page]")
 				end
+				if l_user /= Void then
+					create tf.make_with_text ("username", l_user.name)
+					tf.set_label ("Username")
+					f.extend (tf)
+					if attached l_user.email as l_email then
+						create tf.make_with_text ("email", l_email.to_string_32)
+						tf.set_label ("Email")
+						f.extend (tf)
+					end
+					if attached l_user.profile_name as l_prof_name then
+						create tf.make_with_text ("profile_name", l_prof_name)
+						tf.set_label ("Profile name")
+						f.extend (tf)
+					end
+					create tf.make_with_text ("creation", api.formatted_date_time_yyyy_mm_dd (l_user.creation_date))
+					tf.set_label ("Creation date")
+					f.extend (tf)
+
+					if attached l_user.last_login_date as dt then
+						create tf.make_with_text ("last_login", api.formatted_date_time_ago (dt))
+						tf.set_label ("Last login")
+						f.extend (tf)
+					end
+				end
 			end
 
 			if r.is_authenticated then
@@ -237,6 +279,9 @@ feature -- Handler
 				r.add_to_primary_tabs (lnk)
 			end
 
+			api.hooks.invoke_form_alter (f, Void, r)
+			f.append_to_html (r.wsf_theme, b)
+
 			r.set_main_content (b)
 
 			if l_user = Void then
@@ -251,17 +296,20 @@ feature -- Handler
 			l_user: detachable CMS_USER
 			b: STRING
 			lnk: CMS_LOCAL_LINK
+			l_form: CMS_FORM
 		do
 			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
 			create b.make_empty
 			l_user := r.user
+			create l_form.make (r.location, "roccms-user-edit")
 			if attached smarty_template_block (Current, "account_edit", api) as l_tpl_block then
 				l_tpl_block.set_weight (-10)
 				r.add_block (l_tpl_block, "content")
 			else
 				debug ("cms")
 					r.add_warning_message ("Error with block [resources_page]")
 				end
+				-- Build CMS form...
 			end
 			create lnk.make ("View", "account/")
 			lnk.set_weight (1)
@@ -287,6 +335,8 @@ feature -- Handler
 				f.append_to_html (r.wsf_theme, b)
 			end
 
+			l_form.append_to_html (r.wsf_theme, b)
+
 			r.set_main_content (b)
 
 			if l_user = Void then
@@ -336,7 +386,7 @@ feature -- Handler
 			loc: STRING
 		do
 			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			if attached {READABLE_STRING_8} api.execution_variable ("auth_strategy") as l_auth_strategy then
+			if attached auth_strategy (req) as l_auth_strategy then
 				loc := l_auth_strategy
 			else
 				loc := ""