projects
/
kivitendo-erp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'csv-import-in-perl'
[kivitendo-erp.git]
/
SL
/
Auth.pm
diff --git
a/SL/Auth.pm
b/SL/Auth.pm
index
6fb66c4
..
784b185
100644
(file)
--- a/
SL/Auth.pm
+++ b/
SL/Auth.pm
@@
-12,6
+12,7
@@
use SL::Auth::Constants qw(:all);
use SL::Auth::DB;
use SL::Auth::LDAP;
use SL::Auth::DB;
use SL::Auth::LDAP;
+use SL::SessionFile;
use SL::User;
use SL::DBConnect;
use SL::DBUpgrade2;
use SL::User;
use SL::DBConnect;
use SL::DBUpgrade2;
@@
-555,6
+556,8
@@
sub destroy_session {
$dbh->commit();
$dbh->commit();
+ SL::SessionFile->destroy_session($session_id);
+
$session_id = undef;
$self->{SESSION} = { };
}
$session_id = undef;
$self->{SESSION} = { };
}
@@
-567,26
+570,31
@@
sub expire_sessions {
my $self = shift;
my $self = shift;
+ $main::lxdebug->leave_sub and return if !$self->session_tables_present;
+
my $dbh = $self->dbconnect();
my $dbh = $self->dbconnect();
- $dbh->begin_work;
+ my $query = qq|SELECT id
+ FROM auth.session
+ WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
- my $query =
- qq|DELETE FROM auth.session_content
- WHERE session_id IN
- (SELECT id
- FROM auth.session
- WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
+ my @ids = selectall_array_query($::form, $dbh, $query);
+
+ if (@ids) {
+ $dbh->begin_work;
-
do_query($main::form, $dbh, $query)
;
+
SL::SessionFile->destroy_session($_) for @ids
;
- $query =
- qq|DELETE FROM auth.session
-
WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|
;
+ $query = qq|DELETE FROM auth.session_content
+ WHERE session_id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+
do_query($main::form, $dbh, $query, @ids)
;
- do_query($main::form, $dbh, $query);
+ $query = qq|DELETE FROM auth.session
+ WHERE id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+ do_query($main::form, $dbh, $query, @ids);
- $dbh->commit();
+ $dbh->commit();
+ }
$main::lxdebug->leave_sub();
}
$main::lxdebug->leave_sub();
}
@@
-615,7
+623,7
@@
sub save_session {
my $dbh = $provided_dbh || $self->dbconnect(1);
my $dbh = $provided_dbh || $self->dbconnect(1);
-
$::lxdebug->leave_sub && return unless $dbh
;
+
$::lxdebug->leave_sub && return unless $dbh && $session_id
;
$dbh->begin_work unless $provided_dbh;
$dbh->begin_work unless $provided_dbh;
@@
-779,6
+787,14
@@
sub session_tables_present {
$main::lxdebug->enter_sub();
my $self = shift;
$main::lxdebug->enter_sub();
my $self = shift;
+
+ # Only re-check for the presence of auth tables if either the check
+ # hasn't been done before of if they weren't present.
+ if ($self->{session_tables_present}) {
+ $main::lxdebug->leave_sub();
+ return $self->{session_tables_present};
+ }
+
my $dbh = $self->dbconnect(1);
if (!$dbh) {
my $dbh = $self->dbconnect(1);
if (!$dbh) {
@@
-794,9
+810,11
@@
sub session_tables_present {
my ($count) = selectrow_query($main::form, $dbh, $query);
my ($count) = selectrow_query($main::form, $dbh, $query);
+ $self->{session_tables_present} = 2 == $count;
+
$main::lxdebug->leave_sub();
$main::lxdebug->leave_sub();
- return
2 == $count
;
+ return
$self->{session_tables_present}
;
}
# --------------------------------------
}
# --------------------------------------
@@
-1092,25
+1110,20
@@
sub check_right {
}
sub assert {
}
sub assert {
- $main::lxdebug->enter_sub(2);
-
- my $self = shift;
- my $right = shift;
- my $dont_abort = shift;
-
- my $form = $main::form;
+ $::lxdebug->enter_sub(2);
+ my ($self, $right, $dont_abort) = @_;
- if ($self->check_right($
form->
{login}, $right)) {
- $
main
::lxdebug->leave_sub(2);
+ if ($self->check_right($
::myconfig
{login}, $right)) {
+ $::lxdebug->leave_sub(2);
return 1;
}
if (!$dont_abort) {
return 1;
}
if (!$dont_abort) {
- delete $form->{title};
- $
form->show_generic_error($main
::locale->text("You do not have the permissions to access this function."));
+ delete $
::
form->{title};
+ $
::form->show_generic_error($
::locale->text("You do not have the permissions to access this function."));
}
}
- $
main
::lxdebug->leave_sub(2);
+ $::lxdebug->leave_sub(2);
return 0;
}
return 0;
}
@@
-1122,7
+1135,7
@@
sub load_rights_for_user {
my $dbh = $self->dbconnect;
my ($query, $sth, $row, $rights);
my $dbh = $self->dbconnect;
my ($query, $sth, $row, $rights);
- $rights = { map { $
rights->{$_} =
0 } all_rights() };
+ $rights = { map { $
_ =>
0 } all_rights() };
$query =
qq|SELECT gr."right", gr.granted
$query =
qq|SELECT gr."right", gr.granted