X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=f0f58d8d850ce25aadd073eed043d61d003bf516;hb=2acbe8c6c3c8a988e712deb438adf0dc40c3daaf;hp=00a4b3bbd6295c3cb945f2b2e2d02c8681064832;hpb=94d3a3e92e1d18cb1b9f9b2f85838e3854905966;p=kivitendo-erp.git diff --git a/SL/Auth.pm b/SL/Auth.pm index 00a4b3bbd..f0f58d8d8 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -607,8 +607,8 @@ sub restore_session { # The session ID provided is valid in the following cases: # 1. session ID exists in the database # 2. hasn't expired yet - # 3. if form field '{AUTH}api_token' is given: form field must equal database column 'auth.session.api_token' for the session ID - # 4. if form field '{AUTH}api_token' is NOT given then: the requestee's IP address must match the stored IP address + # 3. if cookie for the API token is given: the cookie's value equal database column 'auth.session.api_token' for the session ID + # 4. if cookie for the API token is NOT given then: the requestee's IP address must match the stored IP address $self->{api_token} = $cookie->{api_token} if $cookie; my $api_token_cookie = $self->get_api_token_cookie; my $cookie_is_bad = !$cookie || $cookie->{is_expired}; @@ -992,6 +992,12 @@ sub get_api_token_cookie { $::request->{cgi}->cookie($self->get_session_cookie_name(type => 'api_token')); } +sub is_api_token_cookie_valid { + my ($self) = @_; + my $provided_api_token = $self->get_api_token_cookie; + return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token); +} + sub session_tables_present { $main::lxdebug->enter_sub(); @@ -1050,8 +1056,10 @@ sub all_rights_full { ["customer_vendor_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)")], ["customer_vendor_all_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit all customers")], ["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")], + ["part_service_assembly_details", $locale->text("Show details and reports of parts, services, assemblies")], ["project_edit", $locale->text("Create and edit projects")], ["--ar", $locale->text("AR")], + ["requirement_spec_edit", $locale->text("Create and edit requirement specs")], ["sales_quotation_edit", $locale->text("Create and edit sales quotations")], ["sales_order_edit", $locale->text("Create and edit sales orders")], ["sales_delivery_order_edit", $locale->text("Create and edit sales delivery orders")], @@ -1059,11 +1067,15 @@ sub all_rights_full { ["dunning_edit", $locale->text("Create and edit dunnings")], ["sales_all_edit", $locale->text("View/edit all employees sales documents")], ["edit_prices", $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")], + ["show_ar_transactions", $locale->text("Show AR transactions as part of AR invoice report")], + ["delivery_plan", $locale->text("Show delivery plan")], + ["delivery_value_report", $locale->text("Show delivery value report")], ["--ap", $locale->text("AP")], ["request_quotation_edit", $locale->text("Create and edit RFQs")], ["purchase_order_edit", $locale->text("Create and edit purchase orders")], ["purchase_delivery_order_edit", $locale->text("Create and edit purchase delivery orders")], ["vendor_invoice_edit", $locale->text("Create and edit vendor invoices")], + ["show_ap_transactions", $locale->text("Show AP transactions as part of AP invoice report")], ["--warehouse_management", $locale->text("Warehouse management")], ["warehouse_contents", $locale->text("View warehouse content")], ["warehouse_management", $locale->text("Warehouse management")],