/ - Diff - projekt kivitendo - wissen

« Zurück | Weiter »

Revision 6afd06ad

Von Moritz Bunkus vor mehr als 12 Jahren hinzugefügt

ID 6afd06adfeb66b481b7240637351a34a41e702d1
Vorgänger dcaf9754
Nachfolger d28dde0f

Dispatcher: Auch Controller ermöglichen, die Admin-Login benötigen

Default ist für Controller, dass all ihre Funktionen User-Logins
benötigen. Kann ein Controller ändern, indem er die Sub
"get_auth_level" überschreibt (siehe Doku in
SL::Contrller::Base). Dies schafft die Basis dafür, auch Admin-Dinge
in der neuen Controller-Architektur zu implementieren.

Für die Zukunft kann man leicht ein weiteres Level neben 'user' und
'admin' einbauen, z.B. 'none' für Actions, die definitiv kein Login
benötigen.

Funktionierendes Beispiel für einen solchen Controller (Aufruf dann
über URL ".../controller.pl?action=AdminTest/proof_of_concept"):

package SL::Controller::AdminTest;

use strict;

use parent qw(SL::Controller::Base);

use Rose::Object::MakeMethods::Generic
(
scalar => [ qw(business) ],
);

actions #

sub action_proof_of_concept {
my ($self) = @_;

$::form->header;
  print $self->render(<&lt;EOHTML, { inline =&gt; 1 });
 &lt;body&gt;
  &lt;p&gt;I've been called with an ADMIN login only!&lt;/p&gt;
 &lt;/body&gt;
&lt;/html&gt;
EOHTML
}

overrides #

sub get_auth_level {
return 'admin';
}

 ;
+    }
     sub get_auth_level {
       # Ignore the 'action' parameter.
       return 'user';
+    }
+    #
     # private functions -- for use in Base only
+    #
-...
     will delay all flash messages for the current request. Defaults to false for
     compatibility reasons.
     =item C<get_auth_level $action>
     May be overridden by a controller. Determines what kind of
     authentication is required for a particular action. Must return either
     C<admin> (which means that authentication as an admin is required),
     C<user> (authentication as a normal user suffices) with a possible
     future value C<none> (which would require no authentication but is not
     yet implemented).
     =back
     =head2 PRIVATE FUNCTIONS

     use List::Util qw(first);
     use POSIX;
     use SL::Auth;
     use SL::Dispatcher::AuthHandler;
     use SL::LXDebug;
     use SL::LxOfficeConf;
     use SL::Locale;
-...
       my $self           = bless {}, $class;
       $self->{interface} = lc($interface || 'cgi');
       $self->{auth_handler} = SL::Dispatcher::AuthHandler->new;
       return $self;
+    }
-...
       $::lxdebug->enter_sub;
       my $template             = shift;
       my $error_type           = shift || '';
       my %params               = @_;
       $::locale                = Locale->new($::lx_office_conf{system}->{language});
       $::form->{error}         = $::locale->text('The session is invalid or has expired.') if ($error_type eq 'session');
-...
       $::myconfig{countrycode} = $::lx_office_conf{system}->{language};
       $::form->header;
       print $::form->parse_html_template($template);
       print $::form->parse_html_template($template, \%params);
       $::lxdebug->leave_sub;
       ::end_of_request();
-...
     sub _require_controller {
       my $controller =  shift;
       $controller    =~ s|[^A-Za-z0-9_]||g;
       $controller    =  "SL/Controller/${controller}";
       eval {
         package main;
         require "SL/Controller/${controller}.pm";
         require "${controller}.pm";
       } or die $EVAL_ERROR;
+    }
-...
       my ($script, $path, $suffix, $script_name, $action, $routing_type);
       $script_name = $ENV{SCRIPT_NAME};
       $self->unrequire_bin_mozilla;
       $::locale        = Locale->new($::lx_office_conf{system}->{language});
-...
       $::form->read_cgi_input;
       eval { ($routing_type, $script_name, $action) = _route_request($script_name); 1; } or return;
       eval { ($routing_type, $script_name, $action) = _route_request($ENV{SCRIPT_NAME}); 1; } or return;
       if ($routing_type eq 'old') {
         $::form->{action}  =  lc $::form->{action};
-...
         } else {
           show_error('login/password_error', 'session') if SL::Auth::SESSION_EXPIRED == $session_result;
           my $login = $::auth->get_session_value('login');
           show_error('login/password_error', 'password') if not defined $login;
           %::myconfig = $::auth->read_user(login => $login);
           show_error('login/password_error', 'password') unless $::myconfig{login};
           $::locale = Locale->new($::myconfig{countrycode});
           show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($login, undef);
           $::auth->create_or_refresh_session;
           $::auth->delete_session_value('FLASH');
           delete $::form->{password};
           my $auth_level = $self->{auth_handler}->handle(
             routing_type => $routing_type,
             script       => $script,
             controller   => $script_name,
             action       => $action,
           );
           if ($action) {
             $::instance_conf->init;
             $::instance_conf->init if $auth_level eq 'user';
             map { $::form->{$_} = $::myconfig{$_} } qw(charset)
               unless $action eq 'save' && $::form->{type} eq 'preferences';

     package SL::Dispatcher::AuthHandler;
     use strict;
     use parent qw(Rose::Object);
     use SL::Dispatcher::AuthHandler::Admin;
     use SL::Dispatcher::AuthHandler::User;
     sub handle {
       my ($self, %param) = @_;
       my $auth_level                       = $self->get_auth_level(%param);
       my $handler_name                     = "SL::Dispatcher::AuthHandler::" . ucfirst($auth_level);
       $self->{handlers}                  ||= {};
       $self->{handlers}->{$handler_name} ||= $handler_name->new;
       $self->{handlers}->{$handler_name}->handle;
       return $auth_level;
+    }
     sub get_auth_level {
       my ($self, %param) = @_;
       my $auth_level = $param{routing_type} eq 'old'        ? ($param{script} eq 'admin' ? 'admin' : 'user')
                      : $param{routing_type} eq 'controller' ? "SL::Controller::$param{controller}"->get_auth_level($param{action})
                      :                                        'user';
       return $auth_level eq 'user' ? 'user' : 'admin';
+    }
 ;

     package SL::Dispatcher::AuthHandler::Admin;
     use strict;
     use parent qw(Rose::Object);
     sub handle {
       %::myconfig = ();
       return if $::auth->authenticate_root($::auth->get_session_value('rpw')) == $::auth->OK();
       $::auth->delete_session_value('rpw');
       SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1);
+    }
 ;

     package SL::Dispatcher::AuthHandler::User;
     use strict;
     use parent qw(Rose::Object);
     sub handle {
       my $login = $::auth->get_session_value('login');
       SL::Dispatcher::show_error('login/password_error', 'password') if not defined $login;
       %::myconfig = $::auth->read_user(login => $login);
       SL::Dispatcher::show_error('login/password_error', 'password') unless $::myconfig{login};
       $::locale = Locale->new($::myconfig{countrycode});
       SL::Dispatcher::show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($login, undef);
       $::auth->create_or_refresh_session;
       $::auth->delete_session_value('FLASH');
       delete $::form->{password};
+    }
 ;

      <p>[% error %]</p>
      <p><a href="login.pl" target="_top">[% 'Login' | $T8 %]</a></p>
      <p><a href="[% IF is_admin %]admin.pl[% ELSE %]login.pl[% END %]" target="_top">[% 'Login' | $T8 %]</a></p>
     </body>
     </html>

Auch abrufbar als: Unified diff

Projekt

Allgemein

Profil

projekt kivitendo

Revision 6afd06ad

Von Moritz Bunkus vor mehr als 12 Jahren hinzugefügt