X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=784b185b459d3412f62f65461d26484893eec62c;hb=0389fbc606e78cdacea36f4bf385e75f879443a2;hp=2c4653b952a57fcc7634399bfbe8258cfcd19959;hpb=f3f0322b124681461f386b95361f55f501409744;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 2c4653b95..784b185b4 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -12,6 +12,7 @@ use SL::Auth::Constants qw(:all);
 use SL::Auth::DB;
 use SL::Auth::LDAP;
 
+use SL::SessionFile;
 use SL::User;
 use SL::DBConnect;
 use SL::DBUpgrade2;
@@ -555,6 +556,8 @@ sub destroy_session {
 
     $dbh->commit();
 
+    SL::SessionFile->destroy_session($session_id);
+
     $session_id      = undef;
     $self->{SESSION} = { };
   }
@@ -567,26 +570,31 @@ sub expire_sessions {
 
   my $self  = shift;
 
+  $main::lxdebug->leave_sub and return if !$self->session_tables_present;
+
   my $dbh   = $self->dbconnect();
 
-  $dbh->begin_work;
+  my $query = qq|SELECT id
+                 FROM auth.session
+                 WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
 
-  my $query =
-    qq|DELETE FROM auth.session_content
-       WHERE session_id IN
-         (SELECT id
-          FROM auth.session
-          WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
+  my @ids   = selectall_array_query($::form, $dbh, $query);
 
-  do_query($main::form, $dbh, $query);
+  if (@ids) {
+    $dbh->begin_work;
 
-  $query =
-    qq|DELETE FROM auth.session
-       WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
+    SL::SessionFile->destroy_session($_) for @ids;
 
-  do_query($main::form, $dbh, $query);
+    $query = qq|DELETE FROM auth.session_content
+                WHERE session_id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+    do_query($main::form, $dbh, $query, @ids);
 
-  $dbh->commit();
+    $query = qq|DELETE FROM auth.session
+                WHERE id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+    do_query($main::form, $dbh, $query, @ids);
+
+    $dbh->commit();
+  }
 
   $main::lxdebug->leave_sub();
 }
@@ -615,7 +623,7 @@ sub save_session {
 
   my $dbh          = $provided_dbh || $self->dbconnect(1);
 
-   $::lxdebug->leave_sub && return unless $dbh;
+  $::lxdebug->leave_sub && return unless $dbh && $session_id;
 
   $dbh->begin_work unless $provided_dbh;
 
@@ -701,7 +709,6 @@ sub create_unique_sesion_value {
   $self->{unique_counter}++;
 
   $value  = { expiration => $params{expiration} ? ($now[0] + $params{expiration}) * 1000000 + $now[1] : undef,
-              no_auto    => !$params{auto_restore},
               data       => $value,
             };
 
@@ -780,6 +787,14 @@ sub session_tables_present {
   $main::lxdebug->enter_sub();
 
   my $self = shift;
+
+  # Only re-check for the presence of auth tables if either the check
+  # hasn't been done before of if they weren't present.
+  if ($self->{session_tables_present}) {
+    $main::lxdebug->leave_sub();
+    return $self->{session_tables_present};
+  }
+
   my $dbh  = $self->dbconnect(1);
 
   if (!$dbh) {
@@ -795,9 +810,11 @@ sub session_tables_present {
 
   my ($count) = selectrow_query($main::form, $dbh, $query);
 
+  $self->{session_tables_present} = 2 == $count;
+
   $main::lxdebug->leave_sub();
 
-  return 2 == $count;
+  return $self->{session_tables_present};
 }
 
 # --------------------------------------
@@ -1093,25 +1110,20 @@ sub check_right {
 }
 
 sub assert {
-  $main::lxdebug->enter_sub(2);
+  $::lxdebug->enter_sub(2);
+  my ($self, $right, $dont_abort) = @_;
 
-  my $self       = shift;
-  my $right      = shift;
-  my $dont_abort = shift;
-
-  my $form       = $main::form;
-
-  if ($self->check_right($form->{login}, $right)) {
-    $main::lxdebug->leave_sub(2);
+  if ($self->check_right($::myconfig{login}, $right)) {
+    $::lxdebug->leave_sub(2);
     return 1;
   }
 
   if (!$dont_abort) {
-    delete $form->{title};
-    $form->show_generic_error($main::locale->text("You do not have the permissions to access this function."));
+    delete $::form->{title};
+    $::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
   }
 
-  $main::lxdebug->leave_sub(2);
+  $::lxdebug->leave_sub(2);
 
   return 0;
 }
@@ -1123,7 +1135,7 @@ sub load_rights_for_user {
   my $dbh   = $self->dbconnect;
   my ($query, $sth, $row, $rights);
 
-  $rights = { map { $rights->{$_} = 0 } all_rights() };
+  $rights = { map { $_ => 0 } all_rights() };
 
   $query =
     qq|SELECT gr."right", gr.granted
@@ -1183,11 +1195,6 @@ If C<$params{expiration}> is set then it is interpreted as a number of
 seconds after which the value is removed from the session. It will
 never expire if that parameter is falsish.
 
-If C<$params{auto_restore}> is trueish then the value will be copied
-into C<$::form> upon the next request automatically. It defaults to
-C<false> and has therefore different behaviour than
-L</set_session_value>.
-
 Returns the key created in the session.
 
 =item C<expire_session_keys>