X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=9ed86d66505160e332d5364b14658f77f2711b66;hb=07b14d1f5c08e87ac700564520bc70e1c1ea1923;hp=e2b54906cabbf38538733c9db5bb3da515a4c09c;hpb=cdacfe1cb5156c4bde158f0592d1dd3c445be7dd;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index e2b54906c..9ed86d665 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -47,13 +47,14 @@ sub reset {
   $self->{RIGHTS}             = { };
   $self->{unique_counter}     = 0;
   $self->{column_information} = SL::Auth::ColumnInformation->new(auth => $self);
+  $self->{authenticator}->reset;
 }
 
 sub get_user_dbh {
   my ($self, $login, %params) = @_;
   my $may_fail = delete $params{may_fail};
 
-  my %user = $self->read_user($login);
+  my %user = $self->read_user(login => $login);
   my $dbh  = SL::DBConnect->connect(
     $user{dbconnect},
     $user{dbuser},
@@ -243,9 +244,9 @@ sub dbdisconnect {
 sub check_tables {
   $main::lxdebug->enter_sub();
 
-  my $self    = shift;
+  my ($self, $dbh)    = @_;
 
-  my $dbh     = $self->dbconnect();
+  $dbh   ||= $self->dbconnect();
   my $query   = qq|SELECT COUNT(*) FROM pg_tables WHERE (schemaname = 'auth') AND (tablename = 'user')|;
 
   my ($count) = $dbh->selectrow_array($query);
@@ -437,15 +438,25 @@ sub read_all_users {
 sub read_user {
   $main::lxdebug->enter_sub();
 
-  my $self  = shift;
-  my $login = shift;
+  my ($self, %params) = @_;
 
   my $dbh   = $self->dbconnect();
+
+  my (@where, @values);
+  if ($params{login}) {
+    push @where,  'u.login = ?';
+    push @values, $params{login};
+  }
+  if ($params{id}) {
+    push @where,  'u.id = ?';
+    push @values, $params{id};
+  }
+  my $where = join ' AND ', '1 = 1', @where;
   my $query = qq|SELECT u.id, u.login, cfg.cfg_key, cfg.cfg_value
                  FROM auth.user_config cfg
                  LEFT JOIN auth."user" u ON (cfg.user_id = u.id)
-                 WHERE (u.login = ?)|;
-  my $sth   = prepare_execute_query($main::form, $dbh, $query, $login);
+                 WHERE $where|;
+  my $sth   = prepare_execute_query($main::form, $dbh, $query, @values);
 
   my %user_data;
 
@@ -454,6 +465,9 @@ sub read_user {
     @user_data{qw(id login)}    = @{$ref}{qw(id login)};
   }
 
+  # The XUL/XML backed menu has been removed.
+  $user_data{menustyle} = 'v3' if lc($user_data{menustyle} || '') eq 'xml';
+
   $sth->finish();
 
   $main::lxdebug->leave_sub();
@@ -481,23 +495,26 @@ sub delete_user {
   my $self  = shift;
   my $login = shift;
 
-  my $u_dbh = $self->get_user_dbh($login, may_fail => 1);
   my $dbh   = $self->dbconnect;
+  my $id    = $self->get_user_id($login);
+  my $user_db_exists;
 
-  $dbh->begin_work;
+  $dbh->rollback and return $::lxdebug->leave_sub if (!$id);
 
-  my $query = qq|SELECT id FROM auth."user" WHERE login = ?|;
+  my $u_dbh = $self->get_user_dbh($login, may_fail => 1);
+  $user_db_exists = $self->check_tables($u_dbh) if $u_dbh;
 
-  my ($id)  = selectrow_query($::form, $dbh, $query, $login);
+  $u_dbh->begin_work if $u_dbh && $user_db_exists;
 
-  $dbh->rollback and return $::lxdebug->leave_sub if (!$id);
+  $dbh->begin_work;
 
   do_query($::form, $dbh, qq|DELETE FROM auth.user_group WHERE user_id = ?|, $id);
   do_query($::form, $dbh, qq|DELETE FROM auth.user_config WHERE user_id = ?|, $id);
-  do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh;
+  do_query($::form, $dbh, qq|DELETE FROM auth.user WHERE id = ?|, $id);
+  do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh && $user_db_exists;
 
   $dbh->commit;
-  $u_dbh->commit if $u_dbh;
+  $u_dbh->commit if $u_dbh && $user_db_exists;
 
   $::lxdebug->leave_sub;
 }
@@ -511,11 +528,8 @@ sub restore_session {
 
   my $self = shift;
 
-  my $cgi            =  $main::cgi;
-  $cgi             ||=  CGI->new('');
-
-  $session_id        =  $cgi->cookie($self->get_session_cookie_name());
-  $session_id        =~ s|[^0-9a-f]||g;
+  $session_id        =  $::request->{cgi}->cookie($self->get_session_cookie_name());
+  $session_id        =~ s|[^0-9a-f]||g if $session_id;
 
   $self->{SESSION}   = { };
 
@@ -528,10 +542,24 @@ sub restore_session {
 
   $form   = $main::form;
 
-  $dbh    = $self->dbconnect();
+  # Don't fail if the auth DB doesn't yet.
+  if (!( $dbh = $self->dbconnect(1) )) {
+    $::lxdebug->leave_sub;
+    return SESSION_NONE;
+  }
+
+  # Don't fail if the "auth" schema doesn't exist yet, e.g. if the
+  # admin is creating the session tables at the moment.
   $query  = qq|SELECT *, (mtime < (now() - '$self->{session_timeout}m'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
 
-  $cookie = selectfirst_hashref_query($form, $dbh, $query, $session_id);
+  if (!($sth = $dbh->prepare($query)) || !$sth->execute($session_id)) {
+    $sth->finish if $sth;
+    $::lxdebug->leave_sub;
+    return SESSION_NONE;
+  }
+
+  $cookie = $sth->fetchrow_hashref;
+  $sth->finish;
 
   if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) {
     $self->destroy_session();
@@ -706,7 +734,13 @@ sub save_session {
 
   $dbh->begin_work unless $provided_dbh;
 
-  do_query($::form, $dbh, qq|LOCK auth.session_content|);
+  # If this fails then the "auth" schema might not exist yet, e.g. if
+  # the admin is just trying to create the auth database.
+  if (!$dbh->do(qq|LOCK auth.session_content|)) {
+    $dbh->rollback unless $provided_dbh;
+    $::lxdebug->leave_sub;
+    return;
+  }
 
   my @unfetched_keys = map     { $_->{key}        }
                        grep    { ! $_->{fetched}  }
@@ -926,7 +960,8 @@ sub all_rights_full {
     ["crm_notices",                    $locale->text("CRM notices")],
     ["crm_other",                      $locale->text("CRM other")],
     ["--master_data",                  $locale->text("Master Data")],
-    ["customer_vendor_edit",           $locale->text("Create and edit customers and vendors")],
+    ["customer_vendor_edit",           $locale->text("Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)")],
+    ["customer_vendor_all_edit",       $locale->text("Create customers and vendors. Edit all vendors. Edit all customers")],
     ["part_service_assembly_edit",     $locale->text("Create and edit parts, services, assemblies")],
     ["project_edit",                   $locale->text("Create and edit projects")],
     ["--ar",                           $locale->text("AR")],
@@ -936,6 +971,7 @@ sub all_rights_full {
     ["invoice_edit",                   $locale->text("Create and edit invoices and credit notes")],
     ["dunning_edit",                   $locale->text("Create and edit dunnings")],
     ["sales_all_edit",                 $locale->text("View/edit all employees sales documents")],
+    ["edit_prices",                    $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")],
     ["--ap",                           $locale->text("AP")],
     ["request_quotation_edit",         $locale->text("Create and edit RFQs")],
     ["purchase_order_edit",            $locale->text("Create and edit purchase orders")],
@@ -956,6 +992,7 @@ sub all_rights_full {
     ["--others",                       $locale->text("Others")],
     ["email_bcc",                      $locale->text("May set the BCC field when sending emails")],
     ["config",                         $locale->text("Change Lx-Office installation settings (all menu entries beneath 'System')")],
+    ["admin",                          $locale->text("Administration (Used to access instance administration from user logins)")],
     );
 
   return @all_rights;
@@ -1261,6 +1298,7 @@ SL::Auth - Authentication and session handling
 =over 4
 
 =item C<set_session_value @values>
+
 =item C<set_session_value %values>
 
 Store all values of C<@values> or C<%values> in the session. Each