xquery version "3.0"; (: $Id: admin.xql 14995 2011-07-30 19:57:47Z dizzzz $ :) (: Main module of the database administration interface. :) module namespace eml = "http://exist-db.org/xquery/rebind/rebind-xform-eml"; declare namespace admin = "http://exist-db.org/xquery/admin-interface"; declare namespace request = "http://exist-db.org/xquery/request"; declare namespace response = "http://exist-db.org/xquery/response"; declare namespace session = "http://exist-db.org/xquery/session"; declare namespace util = "http://exist-db.org/xquery/util"; declare namespace xdb = "http://exist-db.org/xquery/xmldb"; import module namespace metadata="http://exist-db.org/xquery/rebind/edit-metadata" at "xform-eml.xqm"; (: if a page needs custom html headers :) declare function admin:header() as element()* { metadata:header() }; (: Select the page to show. Every page is defined in its own module :) declare function admin:panel() as element()* { let $action := request:get-parameter("action", ())[1] return if($action eq "save-form") then( let $fileName := request:get-parameter("name", "test.xml")[1] return (
File '{$fileName}' was successfully saved!
,metadata:main()) )else( metadata:main() ) }; (:~ Display the login form. :) declare function admin:display-login-form() as element() { let $code := response:set-status-code(200) return
Login

This is a protected resource. Only registered database users can log in.

{ for $param in request:get-parameter-names() return if ( $param = ("username","password") ) then () else }
}; declare function admin:convertParameters() as xs:string*{ for $param in request:get-parameter-names() return if ( $param = ("username","password") ) then () else concat($param,'=',request:get-parameter($param, ())) }; declare function admin:isLoggedIn() as xs:boolean{ let $userParam := request:get-parameter("username", ()) let $passwdParam := request:get-parameter("password", ()) return if(xdb:get-current-user() eq "guest") then ( (: is this a login attempt? :) if($userParam and not(empty($passwdParam)))then ( if($userParam = ("", "guest") )then ( (: prevent the guest user from accessing the admin webapp :) false() ) else ( (: try and log the user in :) let $successful := xdb:login( "/db", $userParam, $passwdParam, true() ) (: this is a small hack to bypass a bug caused by betterform when the login is finished :) let $params := string-join(admin:convertParameters(),"&") let $redirect := response:redirect-to(xs:anyURI(concat(request:get-url(),"?",$params))) return $successful ) ) else ( (: prevent the guest user from accessing the admin webapp :) false() ) ) else ( (: if we are already logged in, are we logging out - i.e. set permissions back to guest :) if(request:get-parameter("logout",()))then ( let $null := xdb:login("/db", "guest", "guest") let $inval := session:invalidate() return false() ) else ( (: we are already logged in and we are not the guest user :) true() ) ) }; declare function admin:process-action($fileName as xs:string) as element()* { (: TODO: check for rights #25 :) let $action := request:get-parameter("action", ())[1] let $protectedRoot := rebind:getSetting('db-protected-folder') return util:catch("java.lang.Exception", if($action eq "save-form") then ( admin:save-metadata($fileName) )else(),
An error occurred while processing the action:
{$util:exception-message}
) }; (: Save metadata file. :) declare function admin:save-metadata($fileName as xs:string) as element() { let $data := request:get-data() return if($data)then(

Actions:

)else() }; declare function eml:get-metadata-form() as element() { declare option exist:serialize "indent=yes method=xhtml media-type=text/html doctype-public=-//W3C//DTD XHTML 1.0 Strict//EN doctype-system=http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"; (: main entry point :) let $isLoggedIn := admin:isLoggedIn() return ( Metadata Editor {if($isLoggedIn)then(admin:header())else()}
{ let $fileName := request:get-parameter("name", "test.xml")[1] return if($isLoggedIn) then (
{admin:process-action($fileName)}
) else () }
{ if($isLoggedIn)then ( admin:panel() ) else ( admin:display-login-form() ) }
) }; declare option exist:serialize "indent=yes method=xhtml media-type=text/html doctype-public=-//W3C//DTD XHTML 1.0 Strict//EN doctype-system=http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"; (: main entry point :) let $isLoggedIn := admin:isLoggedIn() return ( Metadata Editor {if($isLoggedIn)then(admin:header())else()}
{ let $fileName := request:get-parameter("name", "test.xml")[1] return if($isLoggedIn) then (
{admin:process-action($fileName)}
) else () }
{ if($isLoggedIn)then ( admin:panel() ) else ( admin:display-login-form() ) }
)