X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=8ac2293b88d973e4ae5c7c2238c123f8ef7aa62b;hb=af59820cb06ba396ba10ecd88f43a92c331a6066;hp=96514f188526f5aa6910a0faa92f546fb4323d86;hpb=f973611805644e351c5b9699b45b1f7303b026be;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 96514f188..8ac2293b8 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -1,8 +1,12 @@
 package SL::Auth;
 
-use constant OK           =>   0;
-use constant ERR_PASSWORD =>   1;
-use constant ERR_BACKEND  => 100;
+use constant OK              =>   0;
+use constant ERR_PASSWORD    =>   1;
+use constant ERR_BACKEND     => 100;
+
+use constant SESSION_OK      =>   0;
+use constant SESSION_NONE    =>   1;
+use constant SESSION_EXPIRED =>   2;
 
 use Digest::MD5 qw(md5_hex);
 use IO::File;
@@ -86,6 +90,9 @@ sub _read_auth_config {
 
   $self->{authenticator}->verify_config();
 
+  $self->{session_timeout} *= 1;
+  $self->{session_timeout}  = 8 * 60 if (!$self->{session_timeout});
+
   $main::lxdebug->leave_sub();
 }
 
@@ -416,21 +423,24 @@ sub restore_session {
 
   $self->{SESSION}   = { };
 
-  return $main::lxdebug->leave_sub() if (!$session_id);
+  if (!$session_id) {
+    $main::lxdebug->leave_sub();
+    return SESSION_NONE;
+  }
 
   my ($dbh, $query, $sth, $cookie, $ref, $form);
 
   $form   = $main::form;
 
   $dbh    = $self->dbconnect();
-  $query  = qq|SELECT *, (mtime < (now() - '24h'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
+  $query  = qq|SELECT *, (mtime < (now() - '$self->{session_timeout}m'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
 
   $cookie = selectfirst_hashref_query($form, $dbh, $query, $session_id);
 
   if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) {
     $self->destroy_session();
     $main::lxdebug->leave_sub();
-    return;
+    return SESSION_EXPIRED;
   }
 
   $query = qq|SELECT sess_key, sess_value FROM auth.session_content WHERE session_id = ?|;
@@ -444,6 +454,8 @@ sub restore_session {
   $sth->finish();
 
   $main::lxdebug->leave_sub();
+
+  return SESSION_OK;
 }
 
 sub destroy_session {
@@ -477,13 +489,13 @@ sub expire_sessions {
        WHERE session_id IN
          (SELECT id
           FROM auth.session
-          WHERE (mtime < (now() - '24h'::interval)))|;
+          WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
 
   do_query($main::form, $dbh, $query);
 
   $query =
     qq|DELETE FROM auth.session
-       WHERE (mtime < (now() - '24h'::interval))|;
+       WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
 
   do_query($main::form, $dbh, $query);
 
@@ -624,6 +636,9 @@ sub all_rights_full {
     ["purchase_order_edit",            $locale->text("Create and edit purchase orders")],
     ["purchase_delivery_order_edit",   $locale->text("Create and edit purchase delivery orders")],
     ["vendor_invoice_edit",            $locale->text("Create and edit vendor invoices")],
+    ["--warehouse_management",         $locale->text("Warehouse management")],
+    ["warehouse_contents",             $locale->text("View warehouse content")],
+    ["warehouse_management",           $locale->text("Warehouse management")],
     ["--general_ledger_cash",          $locale->text("General ledger and cash")],
     ["general_ledger",                 $locale->text("Transactions, AR transactions, AP transactions")],
     ["datev_export",                   $locale->text("DATEV Export")],