sub reset {
my ($self, %params) = @_;
- $self->{SESSION} = { };
- $self->{FULL_RIGHTS} = { };
- $self->{RIGHTS} = { };
- $self->{unique_counter} = 0;
- $self->{column_information} = SL::Auth::ColumnInformation->new(auth => $self);
- $self->{column_information}->_fetch;
+ $self->{SESSION} = { };
+ $self->{FULL_RIGHTS} = { };
+ $self->{RIGHTS} = { };
+ $self->{unique_counter} = 0;
+
+ if ($self->is_db_connected) {
+ # reset is called during request shutdown already. In case of a
+ # completely new auth DB this would fail and generate an error
+ # message even if the user is currently trying to create said auth
+ # DB. Therefore only fetch the column information if a connection
+ # has been established.
+ $self->{column_information} = SL::Auth::ColumnInformation->new(auth => $self);
+ $self->{column_information}->_fetch;
+ } else {
+ delete $self->{column_information};
+ }
+
$self->{authenticator}->reset;
$self->client(undef);
return $self->client;
}
+sub get_default_client_id {
+ my ($self) = @_;
+
+ my $dbh = $self->dbconnect;
+
+ return unless $dbh;
+
+ my $row = $dbh->selectrow_hashref(qq|SELECT id FROM auth.clients WHERE is_default = TRUE LIMIT 1|);
+
+ return $row->{id} if $row;
+}
+
sub DESTROY {
my $self = shift;
$self->{dbh} = SL::DBConnect->connect($dsn, $cfg->{user}, $cfg->{password}, { pg_enable_utf8 => 1, AutoCommit => 1 });
if (!$may_fail && !$self->{dbh}) {
+ delete $self->{dbh};
$main::form->error($main::locale->text('The connection to the authentication database failed:') . "\n" . $DBI::errstr);
}
}
}
+sub is_db_connected {
+ my ($self) = @_;
+ return !!$self->{dbh};
+}
+
sub check_tables {
my ($self, $dbh) = @_;
# 1. session ID exists in the database
# 2. hasn't expired yet
# 3. if cookie for the API token is given: the cookie's value equal database column 'auth.session.api_token' for the session ID
- # 4. if cookie for the API token is NOT given then: the requestee's IP address must match the stored IP address
$self->{api_token} = $cookie->{api_token} if $cookie;
my $api_token_cookie = $self->get_api_token_cookie;
my $cookie_is_bad = !$cookie || $cookie->{is_expired};
$cookie_is_bad ||= $api_token_cookie && ($api_token_cookie ne $cookie->{api_token}) if $api_token_cookie;
- $cookie_is_bad ||= $cookie->{ip_address} ne $ENV{REMOTE_ADDR} if !$api_token_cookie && $ENV{REMOTE_ADDR} !~ /^$IPv6_re$/;
if ($cookie_is_bad) {
$self->destroy_session();
return $self->session_restore_result($cookie ? SESSION_EXPIRED() : SESSION_NONE());
my ($self) = @_;
@{ $self->{master_rights} ||= do {
- $self->dbconnect->selectall_arrayref("SELECT name, description, category FROM auth.master_rights ORDER BY id");
+ $self->dbconnect->selectall_arrayref("SELECT name, description, category FROM auth.master_rights ORDER BY position");
}
}
}
my $value = 0;
my $action = '|';
+ my $negate = 0;
foreach my $el (@{$ary}) {
if (ref $el eq "ARRAY") {
+ my $val = evaluate_rights_ary($el);
+ $val = !$val if $negate;
+ $negate = 0;
if ($action eq '|') {
- $value |= evaluate_rights_ary($el);
+ $value |= $val;
} else {
- $value &= evaluate_rights_ary($el);
+ $value &= $val;
}
} elsif (($el eq '&') || ($el eq '|')) {
$action = $el;
+ } elsif ($el eq '!') {
+ $negate = !$negate;
+
} elsif ($action eq '|') {
- $value |= $el;
+ my $val = $el;
+ $val = !$val if $negate;
+ $negate = 0;
+ $value |= $val;
} else {
- $value &= $el;
+ my $val = $el;
+ $val = !$val if $negate;
+ $negate = 0;
+ $value &= $val;
}
}
Creating a new database handle on each request can take up to 30% of the
pre-request startup time, so we want to avoid that for fast ajax calls.
+=item C<assert, $right, $dont_abort>
+
+Checks if current user has the C<$right>. If C<$dont_abort> is falsish
+the request dies with a access denied error, otherwise returns true or false.
+
=back
=head1 BUGS
projects / mfinanz.git / blobdiff