my $self = bless {}, $type;
$self->_read_auth_config(%params);
- $self->reset;
+ $self->init;
return $self;
}
-sub reset {
+sub init {
my ($self, %params) = @_;
$self->{SESSION} = { };
$self->{RIGHTS} = { };
$self->{unique_counter} = 0;
$self->{column_information} = SL::Auth::ColumnInformation->new(auth => $self);
+}
+
+sub reset {
+ my ($self, %params) = @_;
+
+ $self->{SESSION} = { };
+ $self->{FULL_RIGHTS} = { };
+ $self->{RIGHTS} = { };
+ $self->{unique_counter} = 0;
+
+ if ($self->is_db_connected) {
+ # reset is called during request shutdown already. In case of a
+ # completely new auth DB this would fail and generate an error
+ # message even if the user is currently trying to create said auth
+ # DB. Therefore only fetch the column information if a connection
+ # has been established.
+ $self->{column_information} = SL::Auth::ColumnInformation->new(auth => $self);
+ $self->{column_information}->_fetch;
+ } else {
+ delete $self->{column_information};
+ }
+
$self->{authenticator}->reset;
$self->client(undef);
$self->{dbh} = SL::DBConnect->connect($dsn, $cfg->{user}, $cfg->{password}, { pg_enable_utf8 => 1, AutoCommit => 1 });
if (!$may_fail && !$self->{dbh}) {
+ delete $self->{dbh};
$main::form->error($main::locale->text('The connection to the authentication database failed:') . "\n" . $DBI::errstr);
}
}
}
+sub is_db_connected {
+ my ($self) = @_;
+ return !!$self->{dbh};
+}
+
sub check_tables {
my ($self, $dbh) = @_;
sub _load_with_auto_restore_column {
my ($self, $dbh, $session_id) = @_;
- my $auto_restore_keys = join ', ', map { "'${_}'" } qw(login password rpw);
+ my %auto_restore_keys = map { $_ => 1 } qw(login password rpw client_id), SESSION_KEY_ROOT_AUTH, SESSION_KEY_USER_AUTH;
my $query = <<SQL;
SELECT sess_key, sess_value, auto_restore
FROM auth.session_content
WHERE (session_id = ?)
- AND ( auto_restore
- OR sess_key IN (${auto_restore_keys}))
SQL
my $sth = prepare_execute_query($::form, $dbh, $query, $session_id);
while (my $ref = $sth->fetchrow_hashref) {
- my $value = SL::Auth::SessionValue->new(auth => $self,
- key => $ref->{sess_key},
- value => $ref->{sess_value},
- auto_restore => $ref->{auto_restore},
- raw => 1);
- $self->{SESSION}->{ $ref->{sess_key} } = $value;
-
- next if defined $::form->{$ref->{sess_key}};
-
- my $data = $value->get;
- $::form->{$ref->{sess_key}} = $data if $value->{auto_restore} || !ref $data;
+ if ($ref->{auto_restore} || $auto_restore_keys{$ref->{sess_key}}) {
+ my $value = SL::Auth::SessionValue->new(auth => $self,
+ key => $ref->{sess_key},
+ value => $ref->{sess_value},
+ auto_restore => $ref->{auto_restore},
+ raw => 1);
+ $self->{SESSION}->{ $ref->{sess_key} } = $value;
+
+ next if defined $::form->{$ref->{sess_key}};
+
+ my $data = $value->get;
+ $::form->{$ref->{sess_key}} = $data if $value->{auto_restore} || !ref $data;
+ } else {
+ my $value = SL::Auth::SessionValue->new(auth => $self,
+ key => $ref->{sess_key});
+ $self->{SESSION}->{ $ref->{sess_key} } = $value;
+ }
}
$sth->finish;
-
- $query = <<SQL;
- SELECT sess_key
- FROM auth.session_content
- WHERE (session_id = ?)
- AND NOT COALESCE(auto_restore, FALSE)
- AND (sess_key NOT IN (${auto_restore_keys}))
-SQL
- $sth = prepare_execute_query($::form, $dbh, $query, $session_id);
-
- while (my $ref = $sth->fetchrow_hashref) {
- my $value = SL::Auth::SessionValue->new(auth => $self,
- key => $ref->{sess_key});
- $self->{SESSION}->{ $ref->{sess_key} } = $value;
- }
}
sub destroy_session {
my ($count) = selectrow_query($main::form, $dbh, $query, @tables);
- return scalar @tables == $count;
+ scalar @tables == $count;
}
}
my ($self) = @_;
@{ $self->{master_rights} ||= do {
- $self->dbconnect->selectall_arrayref("SELECT name, description, category FROM auth.master_rights ORDER BY id");
+ $self->dbconnect->selectall_arrayref("SELECT name, description, category FROM auth.master_rights ORDER BY position");
}
}
}
my $value = 0;
my $action = '|';
+ my $negate = 0;
foreach my $el (@{$ary}) {
if (ref $el eq "ARRAY") {
+ my $val = evaluate_rights_ary($el);
+ $val = !$val if $negate;
+ $negate = 0;
if ($action eq '|') {
- $value |= evaluate_rights_ary($el);
+ $value |= $val;
} else {
- $value &= evaluate_rights_ary($el);
+ $value &= $val;
}
} elsif (($el eq '&') || ($el eq '|')) {
$action = $el;
+ } elsif ($el eq '!') {
+ $negate = !$negate;
+
} elsif ($action eq '|') {
- $value |= $el;
+ my $val = $el;
+ $val = !$val if $negate;
+ $negate = 0;
+ $value |= $val;
} else {
- $value &= $el;
+ my $val = $el;
+ $val = !$val if $negate;
+ $negate = 0;
+ $value &= $val;
}
}
Creating a new database handle on each request can take up to 30% of the
pre-request startup time, so we want to avoid that for fast ajax calls.
+=item C<assert, $right, $dont_abort>
+
+Checks if current user has the C<$right>. If C<$dont_abort> is falsish
+the request dies with a access denied error, otherwise returns true or false.
+
=back
=head1 BUGS