X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=59542d65d072b4e2baead94460ef5e331c608260;hb=73a58f3dceeb378343ceb151942828eea686b75a;hp=2e49aff302e63f73c28fcb0779b305c89ecce368;hpb=0d1bb5102f01eb03da55bc87b52ac52cd7ae7534;p=kivitendo-erp.git diff --git a/SL/Auth.pm b/SL/Auth.pm index 2e49aff30..59542d65d 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -34,12 +34,10 @@ use Rose::Object::MakeMethods::Generic ( sub new { $main::lxdebug->enter_sub(); - my $type = shift; - my $self = {}; + my ($type, %params) = @_; + my $self = bless {}, $type; - bless $self, $type; - - $self->_read_auth_config(); + $self->_read_auth_config(%params); $self->reset; $main::lxdebug->leave_sub(); @@ -50,6 +48,7 @@ sub new { sub reset { my ($self, %params) = @_; + delete $self->{dbh}; $self->{SESSION} = { }; $self->{FULL_RIGHTS} = { }; $self->{RIGHTS} = { }; @@ -100,15 +99,21 @@ sub mini_error { sub _read_auth_config { $main::lxdebug->enter_sub(); - my $self = shift; + my ($self, %params) = @_; map { $self->{$_} = $::lx_office_conf{authentication}->{$_} } keys %{ $::lx_office_conf{authentication} }; # Prevent password leakage to log files when dumping Auth instances. $self->{admin_password} = sub { $::lx_office_conf{authentication}->{admin_password} }; - $self->{DB_config} = $::lx_office_conf{'authentication/database'}; - $self->{LDAP_config} = $::lx_office_conf{'authentication/ldap'}; + if ($params{unit_tests_database}) { + $self->{DB_config} = $::lx_office_conf{'testing/database'}; + $self->{module} = 'DB'; + + } else { + $self->{DB_config} = $::lx_office_conf{'authentication/database'}; + $self->{LDAP_config} = $::lx_office_conf{'authentication/ldap'}; + } if ($self->{module} eq 'DB') { $self->{authenticator} = SL::Auth::DB->new($self); @@ -602,8 +607,8 @@ sub restore_session { # The session ID provided is valid in the following cases: # 1. session ID exists in the database # 2. hasn't expired yet - # 3. if form field '{AUTH}api_token' is given: form field must equal database column 'auth.session.api_token' for the session ID - # 4. if form field '{AUTH}api_token' is NOT given then: the requestee's IP address must match the stored IP address + # 3. if cookie for the API token is given: the cookie's value equal database column 'auth.session.api_token' for the session ID + # 4. if cookie for the API token is NOT given then: the requestee's IP address must match the stored IP address $self->{api_token} = $cookie->{api_token} if $cookie; my $api_token_cookie = $self->get_api_token_cookie; my $cookie_is_bad = !$cookie || $cookie->{is_expired}; @@ -987,6 +992,12 @@ sub get_api_token_cookie { $::request->{cgi}->cookie($self->get_session_cookie_name(type => 'api_token')); } +sub is_api_token_cookie_valid { + my ($self) = @_; + my $provided_api_token = $self->get_api_token_cookie; + return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token); +} + sub session_tables_present { $main::lxdebug->enter_sub(); @@ -1045,6 +1056,7 @@ sub all_rights_full { ["customer_vendor_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)")], ["customer_vendor_all_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit all customers")], ["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")], + ["part_service_assembly_details", $locale->text("Show details and reports of parts, services, assemblies")], ["project_edit", $locale->text("Create and edit projects")], ["--ar", $locale->text("AR")], ["sales_quotation_edit", $locale->text("Create and edit sales quotations")], @@ -1054,11 +1066,13 @@ sub all_rights_full { ["dunning_edit", $locale->text("Create and edit dunnings")], ["sales_all_edit", $locale->text("View/edit all employees sales documents")], ["edit_prices", $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")], + ["show_ar_transactions", $locale->text("Show AR transactions as part of AR invoice report")], ["--ap", $locale->text("AP")], ["request_quotation_edit", $locale->text("Create and edit RFQs")], ["purchase_order_edit", $locale->text("Create and edit purchase orders")], ["purchase_delivery_order_edit", $locale->text("Create and edit purchase delivery orders")], ["vendor_invoice_edit", $locale->text("Create and edit vendor invoices")], + ["show_ap_transactions", $locale->text("Show AP transactions as part of AP invoice report")], ["--warehouse_management", $locale->text("Warehouse management")], ["warehouse_contents", $locale->text("View warehouse content")], ["warehouse_management", $locale->text("Warehouse management")], @@ -1071,10 +1085,11 @@ sub all_rights_full { ["advance_turnover_tax_return", $locale->text('Advance turnover tax return')], ["--batch_printing", $locale->text("Batch Printing")], ["batch_printing", $locale->text("Batch Printing")], + ["--configuration", $locale->text("Configuration")], + ["config", $locale->text("Change kivitendo installation settings (most entries in the 'System' menu)")], + ["admin", $locale->text("Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the 'System' menu)")], ["--others", $locale->text("Others")], ["email_bcc", $locale->text("May set the BCC field when sending emails")], - ["config", $locale->text("Change kivitendo installation settings (all menu entries beneath 'System')")], - ["admin", $locale->text("Administration (Used to access instance administration from user logins)")], ["productivity", $locale->text("Productivity")], ["display_admin_link", $locale->text("Show administration link")], );