merge of '41b11d3b1b18c4d1c7da8ba97062c553d70d8596'

and 'b4d23e0ff0b98727a952a0a09a9cb7e312f3562a'

Monotone-Parent: 41b11d3b1b18c4d1c7da8ba97062c553d70d8596
Monotone-Parent: b4d23e0ff0b98727a952a0a09a9cb7e312f3562a
Monotone-Revision: 53112c079fc1cf21b6b08a3036256c983f01c96e

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-08-26T17:42:24
Monotone-Branch: ca.inverse.sogo

ChangeLog

@@ -1,3 +1,24 @@
+2008-08-26  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
+
+	* UI/MainUI/SOGoRootPage.m ([SOGoRootPage -setUserName:_value])
+	([SOGoRootPage -userName]): removed accessors, since the
+	corresponding ivar is not used and was removed too.
+
+	* UI/SOGoUI/UIxComponent.m ([-shortUserNameForDisplay]): no longer
+	make use of the "wrongusernamepassword" hack.
+
+	* UI/MainUI/SOGoRootPage.m ([SOGoRootPage -connectAction]): return
+	HTTP code 403 if the username and the password passed in the
+	request are not valid.
+
+	* SoObjects/SOGo/SOGoUserFolder.m ([SOGoUserFolder
+	-lookupName:_keyinContext:_ctxacquire:_flag]): whenever a user has
+	no access to the specified module, a response with code 403 and
+	the content of "UIxModuleAccessDenied" will be generated.
+
+	* UI/SOGoUI/UIxModuleAccessDenied.[hm]: new template module
+	displaying an error message.
+
 2008-08-22  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
 	* UI/MailPartViewers/UIxMailRenderingContext.m

SoObjects/SOGo/SOGoUserFolder.m

@@ -27,6 +27,7 @@
 #import <NGObjWeb/NSException+HTTP.h>
 #import <NGObjWeb/SoClassSecurityInfo.h>
 #import <NGObjWeb/SoSecurityManager.h>
+#import <NGObjWeb/WOApplication.h>
 #import <NGObjWeb/WOContext+SoObjects.h>
 #import <NGObjWeb/WORequest.h>
 #import <NGObjWeb/WOResponse.h>
@@ -44,6 +45,8 @@
 #import <Contacts/SOGoContactFolders.h>
 #import <Mailer/SOGoMailAccounts.h>
 
+#import <SOGoUI/UIxComponent.h>
+
 #import "NSArray+Utilities.h"
 #import "NSDictionary+Utilities.h"
 #import "LDAPUserManager.h"
@@ -442,6 +445,26 @@
   return [$(@"SOGoFreeBusyObject") objectWithName: _key inContainer: self];
 }
 
+- (WOResponse *) _moduleAccessDeniedPage
+{
+  WOResponse *response;
+  UIxComponent *page;
+  NSString *content;
+
+  response = [context response];
+  [response setStatus: 403];
+  [response setHeader: @"text/html; charset=utf8"
+	    forKey: @"content-type"];
+  page = [[WOApplication application] pageWithName: @"UIxModuleAccessDenied"
+				      inContext: context];
+//   [page appendToResponse: response
+// 	inContext: context];
+  content = [[page generateResponse] contentAsString];
+  [response appendContentString: content];
+
+  return response;
+}
+
 - (id) lookupName: (NSString *) _key
         inContext: (WOContext *) _ctx
           acquire: (BOOL) _flag
@@ -454,14 +477,22 @@
   if (!obj)
     {
       currentUser = [_ctx activeUser];
-      if ([_key isEqualToString: @"Calendar"]
+      if ([_key isEqualToString: @"Calendar"])
-	  && [currentUser canAccessModule: _key])
+	{
+	  if ([currentUser canAccessModule: _key])
 	    obj = [self privateCalendars: @"Calendar" inContext: _ctx];
+	  else
+	    obj = [self _moduleAccessDeniedPage];
+	}
       else if ([_key isEqualToString: @"Contacts"])
         obj = [self privateContacts: _key inContext: _ctx];
-      else if ([_key isEqualToString: @"Mail"]
+      else if ([_key isEqualToString: @"Mail"])
-	       && [currentUser canAccessModule: _key])
+	{
+	  if ([currentUser canAccessModule: _key])
 	    obj = [self mailAccountsFolder: _key inContext: _ctx];
+	  else
+	    obj = [self _moduleAccessDeniedPage];
+	}
       else if ([_key isEqualToString: @"Preferences"])
         obj = [$(@"SOGoPreferencesFolder") objectWithName: _key
 		inContainer: self];

UI/Common/Dutch.lproj/Localizable.strings

@@ -40,3 +40,6 @@
      	= "U bent al op deze map geabonneerd!";
 "The user rights cannot be edited for this object!"
         = "De machtigingen kunnen niet worden aangepast voor dit object!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";

UI/Common/English.lproj/Localizable.strings

@@ -41,3 +41,6 @@
      	= "You have already subscribed to that folder!";
 "The user rights cannot be edited for this object!"
         = "The user rights cannot be edited for this object!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";

UI/Common/French.lproj/Localizable.strings

@@ -38,3 +38,6 @@
      	= "Vous êtes déja abonné à ce dossier.";
 "The user rights cannot be edited for this object!"
         = "Les droits sur cet objet ne peuvent pas être édités.";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "Vous n'êtes pas autorisé à accéder à ce module ou ce système. Veuillez contacter votre administrateur système.";

UI/Common/German.lproj/Localizable.strings

@@ -40,3 +40,6 @@
      	= "Sie haben diesen Ordner bereits abonniert!";
 "The user rights cannot be edited for this object!"
         = "Die Benutzer-Rechte können für dieses Objekt nicht verändert werden!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";

UI/Common/Italian.lproj/Localizable.strings

@@ -35,3 +35,6 @@
 "Unable to rename that folder!" = "Impossibile rinominare la cartella!";
 "You have already subscribed to that folder!" 	= "Hai già sottoscritto la cartella!";
 "The user rights cannot be edited for this object!"  = "I permessi di questo oggetto non possono essere modificati!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";

UI/Common/Spanish.lproj/Localizable.strings

@@ -45,3 +45,6 @@
      	= "Ya se ha suscrito a esta carpeta.";
 "The user rights cannot be edited for this object!"
         = "No es posible modificar los permisos de acceso a este objeto.";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";

UI/MainUI/SOGoRootPage.h

@@ -26,9 +26,6 @@
 #import <UI/SOGoUI/UIxComponent.h>
 
 @interface SOGoRootPage : UIxComponent
-{
-  NSString *userName;
-}
 
 @end
 

UI/MainUI/SOGoRootPage.m

@@ -46,24 +46,8 @@
 
 @implementation SOGoRootPage
 
-- (void) dealloc
-{
-  [userName release];
-  [super dealloc];
-}
-
 /* accessors */
 
-- (void) setUserName: (NSString *) _value
-{
-  ASSIGNCOPY (userName, _value);
-}
-
-- (NSString *) userName
-{
-  return userName;
-}
-
 - (NSString *) connectURL
 {
   return [NSString stringWithFormat: @"%@connect", [self applicationPath]];
@@ -77,20 +61,27 @@
   WOCookie *authCookie;
   SOGoWebAuthenticator *auth;
   NSString *cookieValue, *cookieString;
+  NSString *userName, *password;
 
   auth = [[WOApplication application]
 	   authenticatorInContext: context];
   request = [context request];
+  userName = [request formValueForKey: @"userName"];
+  password = [request formValueForKey: @"password"];
+  if ([auth checkLogin: userName password: password])
+    {
       response = [self responseWith204];
       cookieString = [NSString stringWithFormat: @"%@:%@",
-			   [request formValueForKey: @"userName"],
+			       userName, password];
-			   [request formValueForKey: @"password"]];
       cookieValue = [NSString stringWithFormat: @"basic %@",
 			      [cookieString stringByEncodingBase64]];
       authCookie = [WOCookie cookieWithName: [auth cookieNameInContext: context]
 			     value: cookieValue];
       [authCookie setPath: @"/"];
       [response addCookie: authCookie];
+    }
+  else
+    response = [self responseWithStatus: 403];
 
   return response;
 }

UI/SOGoUI/GNUmakefile

@@ -23,6 +23,7 @@ libSOGoUI_OBJC_FILES +=		\
 	\
 	UIxJSClose.m		\
 	UIxComponent.m		\
+	UIxModuleAccessDenied.m	\
 	SOGoAptFormatter.m	\
 	WOContext+UIx.m		\
 	SOGoACLAdvisory.m \

UI/SOGoUI/UIxComponent.m

@@ -446,9 +446,6 @@ static BOOL uixDebugEnabled = NO;
 
 - (NSString *) shortUserNameForDisplay
 {
-  if ([context activeUser] == nil)
-    return @"wrongusernamepassword";
-
   return [[context activeUser] login];
 }
 

UI/SOGoUI/UIxModuleAccessDenied.h

@@ -0,0 +1,27 @@
+/* UIxModuleAccessDenied.h - this file is part of SOGo
+ *
+ * Copyright (C) 2008 Inverse inc.
+ *
+ * Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#import "UIxComponent.h"
+
+@interface UIxModuleAccessDenied : UIxComponent
+
+@end

UI/SOGoUI/UIxModuleAccessDenied.m

@@ -0,0 +1,27 @@
+/* UIxModuleAccessDenied.m - this file is part of SOGo
+ *
+ * Copyright (C) 2008 Inverse inc.
+ *
+ * Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#import "UIxModuleAccessDenied.h"
+
+@implementation UIxModuleAccessDenied
+
+@end

UI/Templates/MainUI/SOGoRootPage.wox

@@ -7,6 +7,7 @@
   xmlns:const="http://www.skyrix.com/od/constant"
   xmlns:rsrc="OGo:url"
   xmlns:label="OGo:label"
+  const:popup="YES"
   ><var:string var:value="doctype" const:escapeHTML="NO"/>
   <form id="connectForm" var:href="connectURL">
     <div id="loginScreen">
@@ -14,9 +15,8 @@
 	 type="text/javascript">var loginSuffix = '<var:string value="loginSuffix"/>';</script
 	></var:if>
       <img const:alt="*" id="splash" rsrc:src="lori-login.jpg"/><br/><br/>
-      <var:if condition="shortUserNameForDisplay" const:value="wrongusernamepassword"
+      <p id="loginErrorMessage"><var:string label:value="Wrong username or password."/></p>
-      ><p class="error"><var:string label:value="Wrong username or password."/></p>
+      <label><var:string label:value="Username:"/><br/>
-      </var:if><label><var:string label:value="Username:"/><br/>
 	<input class="textField" id="userName" name="userName"
 	  type="text" var:value="userName" /></label><br/>
       <label><var:string label:value="Password:"/><br/>

UI/Templates/UIxModuleAccessDenied.wox

@@ -0,0 +1,18 @@
+<?xml version="1.0" standalone="yes"?>
+<!DOCTYPE var:component>
+<var:component xmlns="http://www.w3.org/1999/xhtml"
+  xmlns:var="http://www.skyrix.com/od/binding"
+  xmlns:const="http://www.skyrix.com/od/constant"
+  xmlns:uix="OGo:uix"
+  xmlns:label="OGo:label"
+  xmlns:rsrc="OGo:url"
+  className="UIxPageFrame"
+  title="title"
+  const:toolbar="none"
+  const:cssFiles="UIxModuleAccessDenied.css"
+  const:popup="YES">
+  <div id="messageWindow">
+    <var:string label:value="You are not allowed to access this module or this system. Please contact your system administrator."
+      />
+  </div>
+</var:component>

UI/Templates/UIxPageFrame.wox

@@ -41,12 +41,6 @@
 
       <body var:class="bodyClasses"
 	><var:if condition="isCompatibleBrowser"
-	  >
-	  <var:if condition="shortUserNameForDisplay" const:value="anonymous"
-	    const:negate="YES"
-	    ><var:if condition="shortUserNameForDisplay"
-	      const:value="wrongusernamepassword"
-	      const:negate="YES"
 	  ><var:if condition="isPopup" const:negate="YES"
 	    ><var:if condition="context.isUIxDebugEnabled"
 	      ><div id="logConsole"><!-- space --></div></var:if>
@@ -98,7 +92,6 @@
 	  </var:if
 	    ><var:component className="UIxToolbar" var:toolbar="toolbar"
 	    />
-	    </var:if></var:if>
 
 	  <div id="pageContent"><var:component-content/></div>
 

UI/WebServerResources/SOGoRootPage.css

@@ -48,8 +48,9 @@ DIV#loginButton IMG#progressIndicator
   margin-top: 5px;
   margin-left: 5px; }
 
-P.error
+#loginErrorMessage
-{ color: #f00;
+{ display: none;
+  color: #f00;
   text-align: center; }
 
 P.browser

UI/WebServerResources/SOGoRootPage.js

@@ -70,6 +70,10 @@ function onLoginCallback(http) {
                 newAddress = baseAddress;
             window.location.href = newAddress;
         }
+        else {
+            var message = $("loginErrorMessage");
+            message.setStyle({ display: "block" });
+        }
     }
 }