lib/zena/use/grid.rb in zena-0.16.9 vs lib/zena/use/grid.rb in zena-1.0.0.beta1

@@ -24,11 +24,11 @@
         include Common
 
         # Get cell text
         def cell_edit
           # get table
-          table = get_table_from_json(@node.safe_read(params[:attr]))
+          table = get_table_from_json(@node.prop[params[:attr]])
           # get row/cell
           table_data = table[1]
 
           if row = table_data[params[:row].to_i]
             if cell = row[params[:cell].to_i]
@@ -41,12 +41,14 @@
           end
         end
 
         # Ajax table editor
         def cell_update
+          # FIXME: SECURITY: how to make sure we only access authorized keys for tables ?
           # get table
-          table = get_table_from_json(@node.safe_read(params[:attr]))
+          table = get_table_from_json(@node.prop[params[:attr]])
+
           # get row/cell
           table_data = table[1]
 
           if row = table_data[params[:row].to_i]
             if cell = row[params[:cell].to_i]
@@ -60,20 +62,20 @@
           else
             @node.errors.add(params[:attr], 'Row outside of table range.')
           end
 
           respond_to do |format|
-            format.html { render :inline => @node.errors.empty? ? "<%= zazen(params[:value], :no_p => true) %>" : error_messages_for(@node) }
+            format.html { render :inline => @node.errors.empty? ? "<%= zazen(params[:value], :no_p => true) %>" : error_messages_for(:node, :object => @node) }
           end
         rescue JSON::ParserError
           render :inline => _('could not save value (bad attribute)')
         end
 
         # Ajax table add row/column
         def table_update
           # get table
-          @table = get_table_from_json(@node.safe_read(params[:attr]))
+          @table = get_table_from_json(@node.prop[params[:attr]])
           # get row/cell
           table_data = @table[1]
 
           if params[:add] == 'row'
             table_data << table_data[0].map { ' ' }
@@ -106,11 +108,10 @@
         include Common
 
         # Create a table from an attribute
         def make_table(opts)
           style, node, attribute, title, table = opts[:style], opts[:node], opts[:attribute], opts[:title], opts[:table]
-          attribute = "d_#{attribute}" unless ['v_', 'd_'].include?(attribute[0..1])
           case (style || '').sub('.', '')
           when ">"
             prefix = "<div class='img_right'>"
             suffix = "</div>"
           when "<"
@@ -135,12 +136,16 @@
             prefix << link_to_remote("<img src='/images/row_delete.png' alt='#{_('add column')}'/>",
                                       :url => "/nodes/#{node.zip}/table_update?remove=row&attr=#{attribute}")
             prefix << "</div>"
           end
 
-          table ||= get_table_from_json(node.safe_read(attribute))
+          table ||= get_table_from_json(node.prop[attribute])
 
-          prefix + render_to_string( :partial=>'nodes/table', :locals=>{:table=>table, :node=>node, :attribute=>attribute}) + suffix
+          prefix + render_to_string( :partial=>'nodes/table', :locals => {
+            :table     => table,
+            :node      => node,
+            :attribute => attribute
+          }) + suffix
         rescue JSON::ParserError
           "<span class='unknownLink'>could not build table from text</span>"
         end
       end
     end # Grid