From: Sven Schöling Date: Mon, 20 Jul 2015 14:19:42 +0000 (+0200) Subject: Rechte: In die Datenbank verlagert X-Git-Tag: release-3.3.0beta~31^2~5 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=a1ea659fc8d83ea24f7ba863c82322ae41131007;p=kivitendo-erp.git Rechte: In die Datenbank verlagert --- diff --git a/SL/Auth.pm b/SL/Auth.pm index f6d9e96d7..2323a2841 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -897,93 +897,52 @@ sub is_api_token_cookie_valid { return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token); } -sub session_tables_present { - my $self = shift; +sub _tables_present { + my ($self, @tables) = @_; + my $cache_key = join '_', @tables; # Only re-check for the presence of auth tables if either the check # hasn't been done before of if they weren't present. - if ($self->{session_tables_present}) { - return $self->{session_tables_present}; - } + return $self->{"$cache_key\_tables_present"} ||= do { + my $dbh = $self->dbconnect(1); - my $dbh = $self->dbconnect(1); + if (!$dbh) { + return 0; + } - if (!$dbh) { - return 0; - } + my $query = + qq|SELECT COUNT(*) + FROM pg_tables + WHERE (schemaname = 'auth') + AND (tablename IN (@{[ join ', ', ('?') x @tables ]}))|; - my $query = - qq|SELECT COUNT(*) - FROM pg_tables - WHERE (schemaname = 'auth') - AND (tablename IN ('session', 'session_content'))|; + my ($count) = selectrow_query($main::form, $dbh, $query, @tables); - my ($count) = selectrow_query($main::form, $dbh, $query); + return scalar @tables == $count; + } +} - $self->{session_tables_present} = 2 == $count; +sub session_tables_present { + $_[0]->_tables_present('session', 'session_content'); +} - return $self->{session_tables_present}; +sub master_rights_present { + $_[0]->_tables_present('master_rights'); } # -------------------------------------- sub all_rights_full { - my $locale = $main::locale; - - my @all_rights = ( - ["--master_data", $locale->text("Master Data")], - ["customer_vendor_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)")], - ["customer_vendor_all_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit all customers")], - ["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")], - ["part_service_assembly_details", $locale->text("Show details and reports of parts, services, assemblies")], - ["project_edit", $locale->text("Create and edit projects")], - ["--ar", $locale->text("AR")], - ["requirement_spec_edit", $locale->text("Create and edit requirement specs")], - ["sales_quotation_edit", $locale->text("Create and edit sales quotations")], - ["sales_order_edit", $locale->text("Create and edit sales orders")], - ["sales_delivery_order_edit", $locale->text("Create and edit sales delivery orders")], - ["invoice_edit", $locale->text("Create and edit invoices and credit notes")], - ["dunning_edit", $locale->text("Create and edit dunnings")], - ["sales_letter_edit", $locale->text("Edit sales letters")], - ["sales_all_edit", $locale->text("View/edit all employees sales documents")], - ["edit_prices", $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")], - ["show_ar_transactions", $locale->text("Show AR transactions as part of AR invoice report")], - ["delivery_plan", $locale->text("Show delivery plan")], - ["delivery_value_report", $locale->text("Show delivery value report")], - ["sales_letter_report", $locale->text("Show sales letters report")], - ["--ap", $locale->text("AP")], - ["request_quotation_edit", $locale->text("Create and edit RFQs")], - ["purchase_order_edit", $locale->text("Create and edit purchase orders")], - ["purchase_delivery_order_edit", $locale->text("Create and edit purchase delivery orders")], - ["vendor_invoice_edit", $locale->text("Create and edit vendor invoices")], - ["show_ap_transactions", $locale->text("Show AP transactions as part of AP invoice report")], - ["--warehouse_management", $locale->text("Warehouse management")], - ["warehouse_contents", $locale->text("View warehouse content")], - ["warehouse_management", $locale->text("Warehouse management")], - ["--general_ledger_cash", $locale->text("General ledger and cash")], - ["general_ledger", $locale->text("Transactions, AR transactions, AP transactions")], - ["datev_export", $locale->text("DATEV Export")], - ["cash", $locale->text("Receipt, payment, reconciliation")], - ["bank_transaction", $locale->text("Bank transactions")], - ["--reports", $locale->text('Reports')], - ["report", $locale->text('All reports')], - ["advance_turnover_tax_return", $locale->text('Advance turnover tax return')], - ["--batch_printing", $locale->text("Batch Printing")], - ["batch_printing", $locale->text("Batch Printing")], - ["--configuration", $locale->text("Configuration")], - ["config", $locale->text("Change kivitendo installation settings (most entries in the 'System' menu)")], - ["admin", $locale->text("Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the 'System' menu)")], - ["--others", $locale->text("Others")], - ["email_bcc", $locale->text("May set the BCC field when sending emails")], - ["productivity", $locale->text("Productivity")], - ["display_admin_link", $locale->text("Show administration link")], - ); - - return @all_rights; + my ($self) = @_; + + @{ $self->{master_rights} ||= do { + $self->dbconnect->selectall_arrayref("SELECT name, description, category FROM auth.master_rights ORDER BY id"); + } + } } sub all_rights { - return grep !/^--/, map { $_->[0] } all_rights_full(); + return map { $_->[0] } grep { !$_->[2] } $_[0]->all_rights_full; } sub read_groups { @@ -1030,7 +989,7 @@ sub read_groups { $group->{rights}->{$row->{right}} |= $row->{granted}; } - map { $group->{rights}->{$_} = 0 if (!defined $group->{rights}->{$_}); } all_rights(); + map { $group->{rights}->{$_} = 0 if (!defined $group->{rights}->{$_}); } $self->all_rights; } $sth->finish(); @@ -1212,7 +1171,7 @@ sub load_rights_for_user { my $dbh = $self->dbconnect; my ($query, $sth, $row, $rights); - $rights = { map { $_ => 0 } all_rights() }; + $rights = { map { $_ => 0 } $self->all_rights }; return $rights if !$self->client || !$login; diff --git a/SL/Controller/Admin.pm b/SL/Controller/Admin.pm index ebbcb774f..d0082b1e3 100644 --- a/SL/Controller/Admin.pm +++ b/SL/Controller/Admin.pm @@ -528,13 +528,13 @@ sub init_all_rights { my (@sections, $current_section); foreach my $entry ($::auth->all_rights_full) { - if ($entry->[0] =~ m/^--/) { - push @sections, { description => $entry->[1], rights => [] }; + if ($entry->[2]) { + push @sections, { description => t8($entry->[1]), rights => [] }; } elsif (@sections) { push @{ $sections[-1]->{rights} }, { name => $entry->[0], - description => $entry->[1], + description => t8($entry->[1]), }; } else { diff --git a/SL/Controller/LoginScreen.pm b/SL/Controller/LoginScreen.pm index 80700b930..da2c0bfff 100644 --- a/SL/Controller/LoginScreen.pm +++ b/SL/Controller/LoginScreen.pm @@ -67,7 +67,8 @@ sub action_login { # Auth DB needs update? If so log the user out forcefully. if (User::LOGIN_AUTH_DBUPDATE_AVAILABLE() == $result) { $::auth->destroy_session; - return $self->render('login_screen/auth_db_needs_update'); + # must be without layout because menu rights might not exist yet + return $self->render('login_screen/auth_db_needs_update', { layout => 0 }); } # Basic client tables available? If not tell the user to create them diff --git a/scripts/locales.pl b/scripts/locales.pl index ec9624a60..a83ff9fe6 100755 --- a/scripts/locales.pl +++ b/scripts/locales.pl @@ -27,6 +27,7 @@ use List::Util qw(first); use Pod::Usage; use YAML (); use YAML::Loader (); # YAML tries to load Y:L at runtime, but can't find it after we chdir'ed +use SL::DBUpgrade2; $OUTPUT_AUTOFLUSH = 1; @@ -125,6 +126,7 @@ my %old_texts = %{ $self->{texts} || {} }; handle_file(@{ $_ }) for @progfiles; handle_file(@{ $_ }) for @dbplfiles; scanmenu($_) for @menufiles; +scandbupgrades(); for my $file_name (grep { /\.(?:js|html)$/i } map({find_files($_)} @javascript_dirs)) { scan_javascript_file($file_name); @@ -515,12 +517,30 @@ sub scanfile { sub scanmenu { my $file = shift; - print STDERR "trying to load file $file\n"; my $menu = YAML::LoadFile($file); for my $node (@$menu) { + # possible for override files + next unless exists $node->{name}; + $locale{$node->{name}} = 1; $alllocales{$node->{name}} = 1; + $cached{$file}{all}{$node->{name}} = 1; + } +} + +sub scandbupgrades { + # we only need to do this for auth atm, because only auth scripts can include new rights, which are translateable + my $auth = 1; + + my $dbu = SL::DBUpgrade2->new(auth => $auth, path => '../../sql/Pg-upgrade2-auth'); + + for my $upgrade ($dbu->sort_dbupdate_controls) { + for my $string (@{ $upgrade->{locales} || [] }) { + $locale{$string} = 1; + $alllocales{$string} = 1; + $cached{$upgrade->{tag}}{all}{$string} = 1; + } } } diff --git a/sql/Pg-upgrade2-auth/add_master_rights.sql b/sql/Pg-upgrade2-auth/add_master_rights.sql new file mode 100644 index 000000000..6a3c58c28 --- /dev/null +++ b/sql/Pg-upgrade2-auth/add_master_rights.sql @@ -0,0 +1,106 @@ +-- @tag: add_master_rights +-- @description: Rechte in die Datenbank migrieren +-- @depends: release_3_2_0 +-- @charset: utf-8 +-- @locales: Master Data +-- @locales: Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login) +-- @locales: Create customers and vendors. Edit all vendors. Edit all customers +-- @locales: Create and edit parts, services, assemblies +-- @locales: Show details and reports of parts, services, assemblies +-- @locales: Create and edit projects +-- @locales: AR +-- @locales: Create and edit requirement specs +-- @locales: Create and edit sales quotations +-- @locales: Create and edit sales orders +-- @locales: Create and edit sales delivery orders +-- @locales: Create and edit invoices and credit notes +-- @locales: Create and edit dunnings +-- @locales: Edit sales letters +-- @locales: View/edit all employees sales documents +-- @locales: Edit prices and discount (if not used, textfield is ONLY set readonly) +-- @locales: Show AR transactions as part of AR invoice report +-- @locales: Show delivery plan +-- @locales: Show delivery value report +-- @locales: Show sales letters report +-- @locales: AP +-- @locales: Create and edit RFQs +-- @locales: Create and edit purchase orders +-- @locales: Create and edit purchase delivery orders +-- @locales: Create and edit vendor invoices +-- @locales: Show AP transactions as part of AP invoice report +-- @locales: Warehouse management +-- @locales: View warehouse content +-- @locales: Warehouse management +-- @locales: General ledger and cash +-- @locales: Transactions, AR transactions, AP transactions +-- @locales: DATEV Export +-- @locales: Receipt, payment, reconciliation +-- @locales: Bank transactions +-- @locales: Reports +-- @locales: All reports +-- @locales: Advance turnover tax return +-- @locales: Batch Printing +-- @locales: Batch Printing +-- @locales: Configuration +-- @locales: Change kivitendo installation settings (most entries in the 'System' menu) +-- @locales: Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the 'System' menu) +-- @locales: Others +-- @locales: May set the BCC field when sending emails +-- @locales: Productivity +-- @locales: Show administration link + +CREATE TABLE auth.master_rights ( + id SERIAL PRIMARY KEY, + position INTEGER NOT NULL, + name TEXT NOT NULL UNIQUE, + description TEXT NOT NULL, + category BOOLEAN NOT NULL DEFAULT FALSE +); + + +INSERT INTO auth.master_rights (position, name, description, category) VALUES ( 1, 'master_data', 'Master Data', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES ( 2, 'customer_vendor_edit', 'Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)'); +INSERT INTO auth.master_rights (position, name, description) VALUES ( 3, 'customer_vendor_all_edit', 'Create customers and vendors. Edit all vendors. Edit all customers'); +INSERT INTO auth.master_rights (position, name, description) VALUES ( 4, 'part_service_assembly_edit', 'Create and edit parts, services, assemblies'); +INSERT INTO auth.master_rights (position, name, description) VALUES ( 5, 'part_service_assembly_details', 'Show details and reports of parts, services, assemblies'); +INSERT INTO auth.master_rights (position, name, description) VALUES ( 6, 'project_edit', 'Create and edit projects'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES ( 7, 'ar', 'AR', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES ( 8, 'requirement_spec_edit', 'Create and edit requirement specs'); +INSERT INTO auth.master_rights (position, name, description) VALUES ( 9, 'sales_quotation_edit', 'Create and edit sales quotations'); +INSERT INTO auth.master_rights (position, name, description) VALUES (10, 'sales_order_edit', 'Create and edit sales orders'); +INSERT INTO auth.master_rights (position, name, description) VALUES (11, 'sales_delivery_order_edit', 'Create and edit sales delivery orders'); +INSERT INTO auth.master_rights (position, name, description) VALUES (12, 'invoice_edit', 'Create and edit invoices and credit notes'); +INSERT INTO auth.master_rights (position, name, description) VALUES (13, 'dunning_edit', 'Create and edit dunnings'); +INSERT INTO auth.master_rights (position, name, description) VALUES (14, 'sales_letter_edit', 'Edit sales letters'); +INSERT INTO auth.master_rights (position, name, description) VALUES (15, 'sales_all_edit', 'View/edit all employees sales documents'); +INSERT INTO auth.master_rights (position, name, description) VALUES (16, 'edit_prices', 'Edit prices and discount (if not used, textfield is ONLY set readonly)'); +INSERT INTO auth.master_rights (position, name, description) VALUES (17, 'show_ar_transactions', 'Show AR transactions as part of AR invoice report'); +INSERT INTO auth.master_rights (position, name, description) VALUES (18, 'delivery_plan', 'Show delivery plan'); +INSERT INTO auth.master_rights (position, name, description) VALUES (19, 'delivery_value_report', 'Show delivery value report'); +INSERT INTO auth.master_rights (position, name, description) VALUES (20, 'sales_letter_report', 'Show sales letters report'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES (21, 'ap', 'AP', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES (22, 'request_quotation_edit', 'Create and edit RFQs'); +INSERT INTO auth.master_rights (position, name, description) VALUES (23, 'purchase_order_edit', 'Create and edit purchase orders'); +INSERT INTO auth.master_rights (position, name, description) VALUES (24, 'purchase_delivery_order_edit', 'Create and edit purchase delivery orders'); +INSERT INTO auth.master_rights (position, name, description) VALUES (25, 'vendor_invoice_edit', 'Create and edit vendor invoices'); +INSERT INTO auth.master_rights (position, name, description) VALUES (26, 'show_ap_transactions', 'Show AP transactions as part of AP invoice report'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES (27, 'warehouse', 'Warehouse management', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES (28, 'warehouse_contents', 'View warehouse content'); +INSERT INTO auth.master_rights (position, name, description) VALUES (29, 'warehouse_management', 'Warehouse management'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES (30, 'general_ledger_cash', 'General ledger and cash', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES (31, 'general_ledger', 'Transactions, AR transactions, AP transactions'); +INSERT INTO auth.master_rights (position, name, description) VALUES (32, 'datev_export', 'DATEV Export'); +INSERT INTO auth.master_rights (position, name, description) VALUES (33, 'cash', 'Receipt, payment, reconciliation'); +INSERT INTO auth.master_rights (position, name, description) VALUES (34, 'bank_transaction', 'Bank transactions'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES (35, 'reports', 'Reports', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES (36, 'report', 'All reports'); +INSERT INTO auth.master_rights (position, name, description) VALUES (37, 'advance_turnover_tax_return', 'Advance turnover tax return'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES (38, 'batch_printing_category', 'Batch Printing', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES (39, 'batch_printing', 'Batch Printing'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES (40, 'configuration', 'Configuration', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES (41, 'config', 'Change kivitendo installation settings (most entries in the ''System'' menu)'); +INSERT INTO auth.master_rights (position, name, description) VALUES (42, 'admin', 'Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the ''System'' menu)'); +INSERT INTO auth.master_rights (position, name, description, category) VALUES (43, 'others', 'Others', TRUE); +INSERT INTO auth.master_rights (position, name, description) VALUES (44, 'email_bcc', 'May set the BCC field when sending emails'); +INSERT INTO auth.master_rights (position, name, description) VALUES (45, 'productivity', 'Productivity'); +INSERT INTO auth.master_rights (position, name, description) VALUES (46, 'display_admin_link', 'Show administration link');