SL/Controller/Admin.pm

   1 package SL::Controller::Admin;
   2
   3 use strict;
   4
   5 use parent qw(SL::Controller::Base);
   6
   7 use IO::File;
   8
   9 use SL::DB::AuthUser;
  10 use SL::DB::AuthGroup;
  11 use SL::Helper::Flash;
  12 use SL::Locale::String qw(t8);
  13
  14 use Rose::Object::MakeMethods::Generic
  15 (
  16   'scalar --get_set_init' => [ qw(client user nologin_file_name db_cfg) ],
  17 );
  18
  19 __PACKAGE__->run_before(\&setup_layout);
  20
  21 sub get_auth_level { "admin" };
  22 sub keep_auth_vars {
  23   my ($class, %params) = @_;
  24   return $params{action} eq 'login';
  25 }
  26
  27 #
  28 # actions
  29 #
  30
  31 sub action_login {
  32   my ($self) = @_;
  33
  34   return $self->login_form if !$::form->{do_login};
  35   return                   if !$self->authenticate_root;
  36   return                   if !$self->check_auth_db_and_tables;
  37   return                   if  $self->apply_dbupgrade_scripts;
  38   $self->redirect_to(action => 'list_clients_and_users');
  39 }
  40
  41 sub action_logout {
  42   my ($self) = @_;
  43   $::auth->destroy_session;
  44   $self->redirect_to(action => 'login');
  45 }
  46
  47 sub action_apply_dbupgrade_scripts {
  48   my ($self) = @_;
  49
  50   return if $self->apply_dbupgrade_scripts;
  51   $self->action_list_clients_and_users;
  52 }
  53
  54 sub action_create_auth_db {
  55   my ($self) = @_;
  56
  57   $::auth->create_database(superuser          => $::form->{db_superuser},
  58                            superuser_password => $::form->{db_superuser_password},
  59                            template           => $::form->{db_template});
  60   $self->check_auth_db_and_tables;
  61 }
  62
  63 sub action_create_auth_tables {
  64   my ($self) = @_;
  65
  66   $::auth->create_tables;
  67   $::auth->set_session_value('admin_password', $::lx_office_conf{authentication}->{admin_password});
  68   $::auth->create_or_refresh_session;
  69
  70   my $group = (SL::DB::Manager::AuthGroup->get_all(limit => 1))[0];
  71   if (!$group) {
  72     SL::DB::AuthGroup->new(
  73       name        => t8('Full Access'),
  74       description => t8('Full access to all functions'),
  75       rights      => [ map { SL::DB::AuthGroupRight->new(right => $_, granted => 1) } SL::Auth::all_rights() ],
  76     )->save;
  77   }
  78
  79   if (!$self->apply_dbupgrade_scripts) {
  80     $self->action_login;
  81   }
  82 }
  83
  84 sub action_list_clients_and_users {
  85   my ($self) = @_;
  86
  87   $self->render(
  88     "admin/list_users",
  89     CLIENTS => SL::DB::Manager::AuthClient->get_all_sorted,
  90     USERS   => SL::DB::Manager::AuthUser->get_all_sorted,
  91     LOCKED  => (-e $self->nologin_file_name),
  92     title   => "kivitendo " . $::locale->text('Administration'),
  93   );
  94 }
  95
  96 sub action_unlock_system {
  97   my ($self) = @_;
  98   unlink $self->nologin_file_name;
  99   flash_later('info', t8('Lockfile removed!'));
 100   $self->redirect_to(action => 'list_clients_and_users');
 101 }
 102
 103 sub action_lock_system {
 104   my ($self) = @_;
 105
 106   my $fh = IO::File->new($self->nologin_file_name, "w");
 107   if (!$fh) {
 108     $::form->error(t8('Cannot create Lock!'));
 109
 110   } else {
 111     $fh->close;
 112     flash_later('info', t8('Lockfile created!'));
 113     $self->redirect_to(action => 'list_clients_and_users');
 114   }
 115 }
 116
 117 #
 118 # initializers
 119 #
 120
 121 sub init_db_cfg            { $::lx_office_conf{'authentication/database'}               }
 122 sub init_nologin_file_name { $::lx_office_conf{paths}->{userspath} . '/nologin';        }
 123 sub init_client            { SL::DB::AuthClient->new(id => $::form->{client_id})->load; }
 124 sub init_user              { SL::DB::AuthUser  ->new(id => $::form->{user_id}  )->load; }
 125
 126 #
 127 # filters
 128 #
 129
 130 sub setup_layout {
 131   my ($self, $action) = @_;
 132
 133   $::request->layout(SL::Layout::Dispatcher->new(style => 'admin'));
 134   $::request->layout->use_stylesheet("lx-office-erp.css");
 135   $::form->{favicon} = "favicon.ico";
 136 }
 137
 138 #
 139 # helpers
 140 #
 141
 142 sub login_form {
 143   my ($self, %params) = @_;
 144   $::request->layout->focus('#admin_password');
 145   $self->render('admin/adminlogin', title => t8('kivitendo v#1 administration', $::form->{version}), %params);
 146 }
 147
 148 sub check_auth_db_and_tables {
 149   my ($self) = @_;
 150
 151   if (!$::auth->check_database) {
 152     $self->render('admin/check_auth_database', title => t8('Authentification database creation'));
 153     return 0;
 154   }
 155
 156   if (!$::auth->check_tables) {
 157     $self->render('admin/check_auth_tables', title => t8('Authentification tables creation'));
 158     return 0;
 159   }
 160
 161   return 1;
 162 }
 163
 164 sub apply_dbupgrade_scripts {
 165   return SL::DBUpgrade2->new(form => $::form, dbdriver => 'Pg', auth => 1)->apply_admin_dbupgrade_scripts(1);
 166 }
 167
 168 sub authenticate_root {
 169   my ($self) = @_;
 170
 171   return 1 if $::auth->authenticate_root($::form->{'{AUTH}admin_password'}) == $::auth->OK();
 172
 173   $::auth->punish_wrong_login;
 174   $::auth->delete_session_value('admin_password');
 175
 176   $self->login_form(error => t8('Incorrect Password!'));
 177
 178   return undef;
 179 }
 180
 181 1;