From be54aea5115bbfcc5d91de846879126417cacdbd Mon Sep 17 00:00:00 2001
From: Moritz Bunkus
Date: Thu, 12 Oct 2017 14:59:05 +0200
Subject: [PATCH] =?utf8?q?Datenbank=20anlegen:=20Super-User-Rechte=20abfra?=
=?utf8?q?gen,=20sofern=20n=C3=B6tig?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
---
SL/Controller/Admin.pm | 63 +++++++++++++++++++-
SL/DBUtils.pm | 7 +++
SL/User.pm | 2 +-
locale/de/all | 3 +
templates/webpages/admin/create_dataset.html | 19 ++++++
5 files changed, 90 insertions(+), 4 deletions(-)
diff --git a/SL/Controller/Admin.pm b/SL/Controller/Admin.pm
index 3126b4dca..9937c5bab 100644
--- a/SL/Controller/Admin.pm
+++ b/SL/Controller/Admin.pm
@@ -12,6 +12,7 @@ use SL::Common ();
use SL::DB::AuthUser;
use SL::DB::AuthGroup;
use SL::DB::Printer;
+use SL::DBUtils ();
use SL::Helper::Flash;
use SL::Locale::String qw(t8);
use SL::System::InstallationLock;
@@ -401,19 +402,24 @@ sub action_create_dataset_login {
sub action_create_dataset {
my ($self) = @_;
- $self->create_dataset_form;
+
+ my %superuser = $self->check_database_superuser_privileges(no_credentials_not_an_error => 1);
+ $self->create_dataset_form(superuser => \%superuser);
}
sub action_do_create_dataset {
my ($self) = @_;
+ my %superuser = $self->check_database_superuser_privileges;
+
my @errors;
push @errors, t8("Dataset missing!") if !$::form->{db};
push @errors, t8("Default currency missing!") if !$::form->{defaultcurrency};
+ push @errors, $superuser{error} if !$superuser{have_privileges} && $superuser{error};
if (@errors) {
flash('error', @errors);
- return $self->create_dataset_form;
+ return $self->create_dataset_form(superuser => \%superuser);
}
$::form->{encoding} = 'UNICODE';
@@ -645,7 +651,7 @@ sub create_dataset_form {
$::form->{feature_eurechnung} = $defaults->feature_eurechnung(1);
$::form->{feature_ustva} = $defaults->feature_ustva(1);
- $self->render('admin/create_dataset', title => (t8('Database Administration') . " / " . t8('Create Dataset')));
+ $self->render('admin/create_dataset', title => (t8('Database Administration') . " / " . t8('Create Dataset')), superuser => $params{superuser});
}
sub delete_dataset_form {
@@ -697,5 +703,56 @@ sub is_user_used_for_task_server {
return join ', ', sort_by { lc } map { $_->name } @{ SL::DB::Manager::AuthClient->get_all(where => [ task_server_user_id => $user->id ]) };
}
+sub check_database_superuser_privileges {
+ my ($self, %params) = @_;
+
+ my %dbconnect_form = %{ $::form };
+ my %result = (
+ username => $dbconnect_form{dbuser},
+ password => $dbconnect_form{dbpasswd},
+ );
+
+ my $check_privileges = sub {
+ my $dbh = SL::DBConnect->connect($dbconnect_form{dbconnect}, $result{username}, $result{password}, SL::DBConnect->get_options);
+ return (error => $::locale->text('The credentials (username & password) for connecting database are wrong.')) if !$dbh;
+
+ my $is_superuser = SL::DBUtils::role_is_superuser($dbh, $result{username});
+
+ $dbh->disconnect;
+
+ return (have_privileges => $is_superuser);
+ };
+
+ User::dbconnect_vars(\%dbconnect_form, $dbconnect_form{dbdefault});
+
+ %result = (
+ %result,
+ $check_privileges->(),
+ );
+
+ if (!$result{have_privileges}) {
+ $result{username} = $::form->{database_superuser_user};
+ $result{password} = $::form->{database_superuser_password};
+
+ if ($::form->{database_superuser_user}) {
+ %result = (
+ %result,
+ $check_privileges->(),
+ );
+ }
+ }
+
+ if ($result{have_privileges}) {
+ $::auth->set_session_value(database_superuser_username => $result{username}, database_superuser_password => $result{password});
+ return %result;
+ }
+
+ $::auth->delete_session_value(qw(database_superuser_username database_superuser_password));
+
+ return () if !$::form->{database_superuser_user} && $params{no_credentials_not_an_error};
+ return (%result, error => $::locale->text('No superuser credentials were entered.')) if !$::form->{database_superuser_user};
+ return %result if $result{error};
+ return (%result, error => $::locale->text('The database user \'#1\' does not have superuser privileges.', $result{username}));
+}
1;
diff --git a/SL/DBUtils.pm b/SL/DBUtils.pm
index 54cf7da17..c9c70c95a 100644
--- a/SL/DBUtils.pm
+++ b/SL/DBUtils.pm
@@ -392,6 +392,13 @@ sub like {
return "%" . SL::Util::trim($string // '') . "%";
}
+sub role_is_superuser {
+ my ($dbh, $login) = @_;
+ my ($is_superuser) = $dbh->selectrow_array(qq|SELECT usesuper FROM pg_user WHERE usename = ?|, undef, $login);
+
+ return $is_superuser;
+}
+
1;
diff --git a/SL/User.pm b/SL/User.pm
index a271e77df..68fd2c520 100644
--- a/SL/User.pm
+++ b/SL/User.pm
@@ -130,7 +130,7 @@ sub _handle_superuser_privileges {
my $dbh = SL::DBConnect->connect($dbconnect_form{dbconnect}, $dbconnect_form{dbuser}, $dbconnect_form{dbpasswd}, SL::DBConnect->get_options);
return (%result, error => $::locale->text('The credentials (username & password) for connecting database are wrong.')) if !$dbh;
- my ($is_superuser) = $dbh->selectrow_array(qq|SELECT usesuper FROM pg_user WHERE usename = ?|, undef, $dbconnect_form{dbuser});
+ my $is_superuser = SL::DBUtils::role_is_superuser($dbh, $dbconnect_form{dbuser});
$dbh->disconnect;
diff --git a/locale/de/all b/locale/de/all
index cb5305029..2495b5f7f 100755
--- a/locale/de/all
+++ b/locale/de/all
@@ -847,11 +847,13 @@ $self->{texts} = {
'Database Host' => 'Datenbankcomputer',
'Database ID' => 'Datenbank-ID',
'Database Management' => 'Datenbankadministration',
+ 'Database Superuser' => 'Datenbank-Super-Benutzer',
'Database User' => 'Datenbankbenutzer',
'Database host and port' => 'Datenbankhost und -port',
'Database login (#1)' => 'Datenbankanmeldung (#1)',
'Database name' => 'Datenbankname',
'Database settings' => 'Datenbankeinstellungen',
+ 'Database superuser privileges are required for parts of the database modifications.' => 'Für einige Teile der Datenbankänderungen werden Datenbank-Super-Benutzer-Rechte benötigt.',
'Database superuser privileges are required for the update.' => 'Datenbank-Super-Benutzer-Rechte werden für das Update benötigt.',
'Database template' => 'Datenbankvorlage',
'Database update error:' => 'Fehler beim Datenbankupgrade:',
@@ -1974,6 +1976,7 @@ $self->{texts} = {
'No start date given, setting to #1' => 'Kein Startdatum gegeben, setze Startdatum auf #1',
'No such job #1 in the database.' => 'Hintergrund-Job #1 existiert nicht mehr.',
'No summary account' => 'Kein Sammelkonto',
+ 'No superuser credentials were entered.' => 'Es wurden keine Super-Benutzer-Anmeldedaten eingegeben.',
'No template has been selected yet.' => 'Es wurde noch keine Vorlage ausgewählt.',
'No text blocks have been created for this position.' => 'Für diese Position wurden noch keine Textblöcke angelegt.',
'No text has been entered yet.' => 'Es wurde noch kein Text eingegeben.',
diff --git a/templates/webpages/admin/create_dataset.html b/templates/webpages/admin/create_dataset.html
index 7a879d8aa..48998c6a9 100644
--- a/templates/webpages/admin/create_dataset.html
+++ b/templates/webpages/admin/create_dataset.html
@@ -10,6 +10,13 @@
[% LxERP.t8('In the latter case the tables needed by kivitendo will be created in that database.') %]
+ [% IF !superuser.have_privileges %]
+
+ [% LxERP.t8("Database superuser privileges are required for parts of the database modifications.") %]
+ [% LxERP.t8("Please provide corresponding credentials.") %]
+
+ [% END %]
+
[% LxERP.t8('Existing Datasets') %] |
@@ -21,6 +28,18 @@
[% L.input_tag('db', FORM.db, class="initial_focus") %] |
+ [% IF !superuser.have_privileges %]
+
+ [% LxERP.t8("Database Superuser") %] |
+ [% L.input_tag("database_superuser_user", superuser.username) %] |
+
+
+
+ [% LxERP.t8("Password") %] |
+ [% L.input_tag("database_superuser_password", superuser.password, type="password") %] |
+
+ [% END %]
+
|
|
--
2.20.1