Dispatcher: Auch Controller ermöglichen, die Admin-Login benötigen

[kivitendo-erp.git] / SL / Controller / Base.pm

diff --git a/SL/Controller/Base.pm b/SL/Controller/Base.pm
index 285bfcee494a9a2ecea6ab5a95ba97ffd34287f9..c8713950c2d2415d6935d43fc8879809d1d1d2dd 100644 (file)
--- a/SL/Controller/Base.pm
+++ b/SL/Controller/Base.pm
@@ -7,6 +7,8 @@ use parent qw(Rose::Object);
 use Carp;
 use IO::File;
 use List::Util qw(first);
+use SL::Request qw(flatten);
+use SL::MoreCommon qw(uri_encode);
 
 #
 # public/helper functions
@@ -21,7 +23,7 @@ sub url_for {
   my $controller  = delete($params{controller}) || $self->_controller_name;
   my $action      = delete($params{action})     || 'dispatch';
   $params{action} = "${controller}/${action}";
-  my $query       = join('&', map { $::form->escape($_) . '=' . $::form->escape($params{$_}) } keys %params);
+  my $query       = join '&', map { uri_encode($_->[0]) . '=' . uri_encode($_->[1]) } @{ flatten(\%params) };
 
   return "controller.pl?${query}";
 }
@@ -165,6 +167,11 @@ sub delay_flash_on_redirect {
   0;
 }
 
+sub get_auth_level {
+  # Ignore the 'action' parameter.
+  return 'user';
+}
+
 #
 # private functions -- for use in Base only
 #
@@ -501,6 +508,15 @@ May be overridden by a controller. If this method returns true, redirect_to
 will delay all flash messages for the current request. Defaults to false for
 compatibility reasons.
 
+=item C<get_auth_level $action>
+
+May be overridden by a controller. Determines what kind of
+authentication is required for a particular action. Must return either
+C<admin> (which means that authentication as an admin is required),
+C<user> (authentication as a normal user suffices) with a possible
+future value C<none> (which would require no authentication but is not
+yet implemented).
+
 =back
 
 =head2 PRIVATE FUNCTIONS