Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 6afd06ad

Von Moritz Bunkus vor etwa 12 Jahren hinzugefügt

  • ID 6afd06adfeb66b481b7240637351a34a41e702d1
  • Vorgänger dcaf9754
  • Nachfolger d28dde0f

Dispatcher: Auch Controller ermöglichen, die Admin-Login benötigen

Default ist für Controller, dass all ihre Funktionen User-Logins
benötigen. Kann ein Controller ändern, indem er die Sub
"get_auth_level" überschreibt (siehe Doku in
SL::Contrller::Base). Dies schafft die Basis dafür, auch Admin-Dinge
in der neuen Controller-Architektur zu implementieren.

Für die Zukunft kann man leicht ein weiteres Level neben 'user' und
'admin' einbauen, z.B. 'none' für Actions, die definitiv kein Login
benötigen.

Funktionierendes Beispiel für einen solchen Controller (Aufruf dann
über URL ".../controller.pl?action=AdminTest/proof_of_concept"):

package SL::Controller::AdminTest;

use strict;

use parent qw(SL::Controller::Base);

use Rose::Object::MakeMethods::Generic
(
scalar => [ qw(business) ],
);

#
  1. actions #

sub action_proof_of_concept {
my ($self) = @_;

$::form->header;
print $self->render(<&lt;EOHTML, { inline =&gt; 1 });
&lt;body&gt;
&lt;p&gt;I've been called with an ADMIN login only!&lt;/p&gt;
&lt;/body&gt;
&lt;/html&gt;
EOHTML
}
#
  1. overrides #

sub get_auth_level {
return 'admin';
}

1;

Unterschiede anzeigen:

SL/Controller/Base.pm
167 167
  0;
168 168
}
169 169

  
170
sub get_auth_level {
171
  # Ignore the 'action' parameter.
172
  return 'user';
173
}
174

  
170 175
#
171 176
# private functions -- for use in Base only
172 177
#
......
503 508
will delay all flash messages for the current request. Defaults to false for
504 509
compatibility reasons.
505 510

  
511
=item C<get_auth_level $action>
512

  
513
May be overridden by a controller. Determines what kind of
514
authentication is required for a particular action. Must return either
515
C<admin> (which means that authentication as an admin is required),
516
C<user> (authentication as a normal user suffices) with a possible
517
future value C<none> (which would require no authentication but is not
518
yet implemented).
519

  
506 520
=back
507 521

  
508 522
=head2 PRIVATE FUNCTIONS
SL/Dispatcher.pm
17 17
use List::Util qw(first);
18 18
use POSIX;
19 19
use SL::Auth;
20
use SL::Dispatcher::AuthHandler;
20 21
use SL::LXDebug;
21 22
use SL::LxOfficeConf;
22 23
use SL::Locale;
......
37 38

  
38 39
  my $self           = bless {}, $class;
39 40
  $self->{interface} = lc($interface || 'cgi');
41
  $self->{auth_handler} = SL::Dispatcher::AuthHandler->new;
40 42

  
41 43
  return $self;
42 44
}
......
63 65
  $::lxdebug->enter_sub;
64 66
  my $template             = shift;
65 67
  my $error_type           = shift || '';
68
  my %params               = @_;
66 69

  
67 70
  $::locale                = Locale->new($::lx_office_conf{system}->{language});
68 71
  $::form->{error}         = $::locale->text('The session is invalid or has expired.') if ($error_type eq 'session');
......
70 73
  $::myconfig{countrycode} = $::lx_office_conf{system}->{language};
71 74

  
72 75
  $::form->header;
73
  print $::form->parse_html_template($template);
76
  print $::form->parse_html_template($template, \%params);
74 77
  $::lxdebug->leave_sub;
75 78

  
76 79
  ::end_of_request();
......
143 146
sub _require_controller {
144 147
  my $controller =  shift;
145 148
  $controller    =~ s|[^A-Za-z0-9_]||g;
149
  $controller    =  "SL/Controller/${controller}";
146 150

  
147 151
  eval {
148 152
    package main;
149
    require "SL/Controller/${controller}.pm";
153
    require "${controller}.pm";
150 154
  } or die $EVAL_ERROR;
151 155
}
152 156

  
......
163 167

  
164 168
  my ($script, $path, $suffix, $script_name, $action, $routing_type);
165 169

  
166
  $script_name = $ENV{SCRIPT_NAME};
167

  
168 170
  $self->unrequire_bin_mozilla;
169 171

  
170 172
  $::locale        = Locale->new($::lx_office_conf{system}->{language});
......
177 179

  
178 180
  $::form->read_cgi_input;
179 181

  
180
  eval { ($routing_type, $script_name, $action) = _route_request($script_name); 1; } or return;
182
  eval { ($routing_type, $script_name, $action) = _route_request($ENV{SCRIPT_NAME}); 1; } or return;
181 183

  
182 184
  if ($routing_type eq 'old') {
183 185
    $::form->{action}  =  lc $::form->{action};
......
205 207
    } else {
206 208
      show_error('login/password_error', 'session') if SL::Auth::SESSION_EXPIRED == $session_result;
207 209

  
208
      my $login = $::auth->get_session_value('login');
209
      show_error('login/password_error', 'password') if not defined $login;
210

  
211
      %::myconfig = $::auth->read_user(login => $login);
212

  
213
      show_error('login/password_error', 'password') unless $::myconfig{login};
214

  
215
      $::locale = Locale->new($::myconfig{countrycode});
216

  
217
      show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($login, undef);
218

  
219
      $::auth->create_or_refresh_session;
220
      $::auth->delete_session_value('FLASH');
221
      delete $::form->{password};
210
      my $auth_level = $self->{auth_handler}->handle(
211
        routing_type => $routing_type,
212
        script       => $script,
213
        controller   => $script_name,
214
        action       => $action,
215
      );
222 216

  
223 217
      if ($action) {
224
        $::instance_conf->init;
218
        $::instance_conf->init if $auth_level eq 'user';
225 219

  
226 220
        map { $::form->{$_} = $::myconfig{$_} } qw(charset)
227 221
          unless $action eq 'save' && $::form->{type} eq 'preferences';
SL/Dispatcher/AuthHandler.pm
1
package SL::Dispatcher::AuthHandler;
2

  
3
use strict;
4

  
5
use parent qw(Rose::Object);
6

  
7
use SL::Dispatcher::AuthHandler::Admin;
8
use SL::Dispatcher::AuthHandler::User;
9

  
10
sub handle {
11
  my ($self, %param) = @_;
12

  
13
  my $auth_level                       = $self->get_auth_level(%param);
14
  my $handler_name                     = "SL::Dispatcher::AuthHandler::" . ucfirst($auth_level);
15
  $self->{handlers}                  ||= {};
16
  $self->{handlers}->{$handler_name} ||= $handler_name->new;
17
  $self->{handlers}->{$handler_name}->handle;
18

  
19
  return $auth_level;
20
}
21

  
22
sub get_auth_level {
23
  my ($self, %param) = @_;
24

  
25
  my $auth_level = $param{routing_type} eq 'old'        ? ($param{script} eq 'admin' ? 'admin' : 'user')
26
                 : $param{routing_type} eq 'controller' ? "SL::Controller::$param{controller}"->get_auth_level($param{action})
27
                 :                                        'user';
28

  
29
  return $auth_level eq 'user' ? 'user' : 'admin';
30
}
31

  
32
1;
SL/Dispatcher/AuthHandler/Admin.pm
1
package SL::Dispatcher::AuthHandler::Admin;
2

  
3
use strict;
4

  
5
use parent qw(Rose::Object);
6

  
7
sub handle {
8
  %::myconfig = ();
9

  
10
  return if $::auth->authenticate_root($::auth->get_session_value('rpw')) == $::auth->OK();
11

  
12
  $::auth->delete_session_value('rpw');
13
  SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1);
14
}
15

  
16
1;
SL/Dispatcher/AuthHandler/User.pm
1
package SL::Dispatcher::AuthHandler::User;
2

  
3
use strict;
4

  
5
use parent qw(Rose::Object);
6

  
7
sub handle {
8
  my $login = $::auth->get_session_value('login');
9
  SL::Dispatcher::show_error('login/password_error', 'password') if not defined $login;
10

  
11
  %::myconfig = $::auth->read_user(login => $login);
12

  
13
  SL::Dispatcher::show_error('login/password_error', 'password') unless $::myconfig{login};
14

  
15
  $::locale = Locale->new($::myconfig{countrycode});
16

  
17
  SL::Dispatcher::show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($login, undef);
18

  
19
  $::auth->create_or_refresh_session;
20
  $::auth->delete_session_value('FLASH');
21
  delete $::form->{password};
22
}
23

  
24
1;
templates/webpages/login/password_error.html
5 5

  
6 6
 <p>[% error %]</p>
7 7

  
8
 <p><a href="login.pl" target="_top">[% 'Login' | $T8 %]</a></p>
8
 <p><a href="[% IF is_admin %]admin.pl[% ELSE %]login.pl[% END %]" target="_top">[% 'Login' | $T8 %]</a></p>
9 9

  
10 10
</body>
11 11
</html>

Auch abrufbar als: Unified diff