# The session ID provided is valid in the following cases:
# 1. session ID exists in the database
# 2. hasn't expired yet
- # 3. if form field '{AUTH}api_token' is given: form field must equal database column 'auth.session.api_token' for the session ID
- # 4. if form field '{AUTH}api_token' is NOT given then: the requestee's IP address must match the stored IP address
+ # 3. if cookie for the API token is given: the cookie's value equal database column 'auth.session.api_token' for the session ID
+ # 4. if cookie for the API token is NOT given then: the requestee's IP address must match the stored IP address
$self->{api_token} = $cookie->{api_token} if $cookie;
my $api_token_cookie = $self->get_api_token_cookie;
my $cookie_is_bad = !$cookie || $cookie->{is_expired};
$::request->{cgi}->cookie($self->get_session_cookie_name(type => 'api_token'));
}
+sub is_api_token_cookie_valid {
+ my ($self) = @_;
+ my $provided_api_token = $self->get_api_token_cookie;
+ return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token);
+}
+
sub session_tables_present {
$main::lxdebug->enter_sub();
["customer_vendor_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)")],
["customer_vendor_all_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit all customers")],
["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")],
+ ["part_service_assembly_details", $locale->text("Show details and reports of parts, services, assemblies")],
["project_edit", $locale->text("Create and edit projects")],
["--ar", $locale->text("AR")],
+ ["requirement_spec_edit", $locale->text("Create and edit requirement specs")],
["sales_quotation_edit", $locale->text("Create and edit sales quotations")],
["sales_order_edit", $locale->text("Create and edit sales orders")],
["sales_delivery_order_edit", $locale->text("Create and edit sales delivery orders")],
["dunning_edit", $locale->text("Create and edit dunnings")],
["sales_all_edit", $locale->text("View/edit all employees sales documents")],
["edit_prices", $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")],
+ ["show_ar_transactions", $locale->text("Show AR transactions as part of AR invoice report")],
+ ["delivery_plan", $locale->text("Show delivery plan")],
+ ["delivery_value_report", $locale->text("Show delivery value report")],
["--ap", $locale->text("AP")],
["request_quotation_edit", $locale->text("Create and edit RFQs")],
["purchase_order_edit", $locale->text("Create and edit purchase orders")],
["purchase_delivery_order_edit", $locale->text("Create and edit purchase delivery orders")],
["vendor_invoice_edit", $locale->text("Create and edit vendor invoices")],
+ ["show_ap_transactions", $locale->text("Show AP transactions as part of AP invoice report")],
["--warehouse_management", $locale->text("Warehouse management")],
["warehouse_contents", $locale->text("View warehouse content")],
["warehouse_management", $locale->text("Warehouse management")],
projects / kivitendo-erp.git / blobdiff