There is a bug when deleting pages. Here is a test
1) Add a *Test* link to the Introduction page
2) Click the Page link to create a new Test page
3) Save the Test page
4) Go to the Information folder and "remove" the Test page
5) Go back to the Introduction page and click the Page link to create
6) Save the new Test page
7) Go back to the Introduction page -- the Folder, Page, Resource
still there. However the Information page contains a Test page. If you
the Page link again, it will create a Test1 page, but it won't update
- This bug has been fixed. At the same time I have cleaned the code
with the internal links a little bit, as this was not the only case
where they showed wrong behavior. The look-up of the link-target is now
done dynamically whenever the page is rendered, so I am always
up-to-date. However the new implementation does not update
automatically when renaming the target. In a future version a visitor
could be added to fix that kind of problem. Of course I've also added
some new tests.
- I have added a couple of missing tests, especially for the serving
part with the chain-of-responsibility pattern. This raises the overall
coverage of the tests to about 75% immediately.
Also, the cache uses a simple scheme for assigning
keys (+1). Isn't
scheme too simple for web apps? For example, I could look at the page
source, and come up with callbacks that are likely to be valid. For
if I see callbacks for 341-344, I could try evaluating code for 340.
might execute a callback for some other person. Shouldn't the keys be
large random number instead?
- The tricky thing about the callbacks is, that they have to be
evaluated in the right order. To archive this, I sort the callbacks
according to their number to make sure that they are evaluated in the
same order as they had been defined on the page. In most cases this is
no security-issue as the the global permission of the action is checked
before evaluating the callbacks. However, and in that part your
concerns were absolutely right, there are some links in the EditFolder
action that require special permission (remove, copy) and that had not
been checked properly before. I've added some additional code to handle
The optimal solution would be to have a huge and random session key
combined with small callback-numbers unique to that session. Probably
this will come in the future, when there is a proper session support in
I've committed the changes to Cincom StORE.