Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision a1ea659f

Von Sven Schöling vor mehr als 9 Jahren hinzugefügt

  • ID a1ea659fc8d83ea24f7ba863c82322ae41131007
  • Vorgänger 1b9b086f
  • Nachfolger 361ae413

Rechte: In die Datenbank verlagert

Unterschiede anzeigen:

SL/Auth.pm
return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token);
}
sub session_tables_present {
my $self = shift;
sub _tables_present {
my ($self, @tables) = @_;
my $cache_key = join '_', @tables;
# Only re-check for the presence of auth tables if either the check
# hasn't been done before of if they weren't present.
if ($self->{session_tables_present}) {
return $self->{session_tables_present};
}
return $self->{"$cache_key\_tables_present"} ||= do {
my $dbh = $self->dbconnect(1);
my $dbh = $self->dbconnect(1);
if (!$dbh) {
return 0;
}
if (!$dbh) {
return 0;
}
my $query =
qq|SELECT COUNT(*)
FROM pg_tables
WHERE (schemaname = 'auth')
AND (tablename IN (@{[ join ', ', ('?') x @tables ]}))|;
my $query =
qq|SELECT COUNT(*)
FROM pg_tables
WHERE (schemaname = 'auth')
AND (tablename IN ('session', 'session_content'))|;
my ($count) = selectrow_query($main::form, $dbh, $query, @tables);
my ($count) = selectrow_query($main::form, $dbh, $query);
return scalar @tables == $count;
}
}
$self->{session_tables_present} = 2 == $count;
sub session_tables_present {
$_[0]->_tables_present('session', 'session_content');
}
return $self->{session_tables_present};
sub master_rights_present {
$_[0]->_tables_present('master_rights');
}
# --------------------------------------
sub all_rights_full {
my $locale = $main::locale;
my @all_rights = (
["--master_data", $locale->text("Master Data")],
["customer_vendor_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)")],
["customer_vendor_all_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit all customers")],
["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")],
["part_service_assembly_details", $locale->text("Show details and reports of parts, services, assemblies")],
["project_edit", $locale->text("Create and edit projects")],
["--ar", $locale->text("AR")],
["requirement_spec_edit", $locale->text("Create and edit requirement specs")],
["sales_quotation_edit", $locale->text("Create and edit sales quotations")],
["sales_order_edit", $locale->text("Create and edit sales orders")],
["sales_delivery_order_edit", $locale->text("Create and edit sales delivery orders")],
["invoice_edit", $locale->text("Create and edit invoices and credit notes")],
["dunning_edit", $locale->text("Create and edit dunnings")],
["sales_letter_edit", $locale->text("Edit sales letters")],
["sales_all_edit", $locale->text("View/edit all employees sales documents")],
["edit_prices", $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")],
["show_ar_transactions", $locale->text("Show AR transactions as part of AR invoice report")],
["delivery_plan", $locale->text("Show delivery plan")],
["delivery_value_report", $locale->text("Show delivery value report")],
["sales_letter_report", $locale->text("Show sales letters report")],
["--ap", $locale->text("AP")],
["request_quotation_edit", $locale->text("Create and edit RFQs")],
["purchase_order_edit", $locale->text("Create and edit purchase orders")],
["purchase_delivery_order_edit", $locale->text("Create and edit purchase delivery orders")],
["vendor_invoice_edit", $locale->text("Create and edit vendor invoices")],
["show_ap_transactions", $locale->text("Show AP transactions as part of AP invoice report")],
["--warehouse_management", $locale->text("Warehouse management")],
["warehouse_contents", $locale->text("View warehouse content")],
["warehouse_management", $locale->text("Warehouse management")],
["--general_ledger_cash", $locale->text("General ledger and cash")],
["general_ledger", $locale->text("Transactions, AR transactions, AP transactions")],
["datev_export", $locale->text("DATEV Export")],
["cash", $locale->text("Receipt, payment, reconciliation")],
["bank_transaction", $locale->text("Bank transactions")],
["--reports", $locale->text('Reports')],
["report", $locale->text('All reports')],
["advance_turnover_tax_return", $locale->text('Advance turnover tax return')],
["--batch_printing", $locale->text("Batch Printing")],
["batch_printing", $locale->text("Batch Printing")],
["--configuration", $locale->text("Configuration")],
["config", $locale->text("Change kivitendo installation settings (most entries in the 'System' menu)")],
["admin", $locale->text("Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the 'System' menu)")],
["--others", $locale->text("Others")],
["email_bcc", $locale->text("May set the BCC field when sending emails")],
["productivity", $locale->text("Productivity")],
["display_admin_link", $locale->text("Show administration link")],
);
return @all_rights;
my ($self) = @_;
@{ $self->{master_rights} ||= do {
$self->dbconnect->selectall_arrayref("SELECT name, description, category FROM auth.master_rights ORDER BY id");
}
}
}
sub all_rights {
return grep !/^--/, map { $_->[0] } all_rights_full();
return map { $_->[0] } grep { !$_->[2] } $_[0]->all_rights_full;
}
sub read_groups {
......
$group->{rights}->{$row->{right}} |= $row->{granted};
}
map { $group->{rights}->{$_} = 0 if (!defined $group->{rights}->{$_}); } all_rights();
map { $group->{rights}->{$_} = 0 if (!defined $group->{rights}->{$_}); } $self->all_rights;
}
$sth->finish();
......
my $dbh = $self->dbconnect;
my ($query, $sth, $row, $rights);
$rights = { map { $_ => 0 } all_rights() };
$rights = { map { $_ => 0 } $self->all_rights };
return $rights if !$self->client || !$login;
SL/Controller/Admin.pm
my (@sections, $current_section);
foreach my $entry ($::auth->all_rights_full) {
if ($entry->[0] =~ m/^--/) {
push @sections, { description => $entry->[1], rights => [] };
if ($entry->[2]) {
push @sections, { description => t8($entry->[1]), rights => [] };
} elsif (@sections) {
push @{ $sections[-1]->{rights} }, {
name => $entry->[0],
description => $entry->[1],
description => t8($entry->[1]),
};
} else {
SL/Controller/LoginScreen.pm
# Auth DB needs update? If so log the user out forcefully.
if (User::LOGIN_AUTH_DBUPDATE_AVAILABLE() == $result) {
$::auth->destroy_session;
return $self->render('login_screen/auth_db_needs_update');
# must be without layout because menu rights might not exist yet
return $self->render('login_screen/auth_db_needs_update', { layout => 0 });
}
# Basic client tables available? If not tell the user to create them
scripts/locales.pl
use Pod::Usage;
use YAML ();
use YAML::Loader (); # YAML tries to load Y:L at runtime, but can't find it after we chdir'ed
use SL::DBUpgrade2;
$OUTPUT_AUTOFLUSH = 1;
......
handle_file(@{ $_ }) for @progfiles;
handle_file(@{ $_ }) for @dbplfiles;
scanmenu($_) for @menufiles;
scandbupgrades();
for my $file_name (grep { /\.(?:js|html)$/i } map({find_files($_)} @javascript_dirs)) {
scan_javascript_file($file_name);
......
sub scanmenu {
my $file = shift;
print STDERR "trying to load file $file\n";
my $menu = YAML::LoadFile($file);
for my $node (@$menu) {
# possible for override files
next unless exists $node->{name};
$locale{$node->{name}} = 1;
$alllocales{$node->{name}} = 1;
$cached{$file}{all}{$node->{name}} = 1;
}
}
sub scandbupgrades {
# we only need to do this for auth atm, because only auth scripts can include new rights, which are translateable
my $auth = 1;
my $dbu = SL::DBUpgrade2->new(auth => $auth, path => '../../sql/Pg-upgrade2-auth');
for my $upgrade ($dbu->sort_dbupdate_controls) {
for my $string (@{ $upgrade->{locales} || [] }) {
$locale{$string} = 1;
$alllocales{$string} = 1;
$cached{$upgrade->{tag}}{all}{$string} = 1;
}
}
}
sql/Pg-upgrade2-auth/add_master_rights.sql
-- @tag: add_master_rights
-- @description: Rechte in die Datenbank migrieren
-- @depends: release_3_2_0
-- @charset: utf-8
-- @locales: Master Data
-- @locales: Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)
-- @locales: Create customers and vendors. Edit all vendors. Edit all customers
-- @locales: Create and edit parts, services, assemblies
-- @locales: Show details and reports of parts, services, assemblies
-- @locales: Create and edit projects
-- @locales: AR
-- @locales: Create and edit requirement specs
-- @locales: Create and edit sales quotations
-- @locales: Create and edit sales orders
-- @locales: Create and edit sales delivery orders
-- @locales: Create and edit invoices and credit notes
-- @locales: Create and edit dunnings
-- @locales: Edit sales letters
-- @locales: View/edit all employees sales documents
-- @locales: Edit prices and discount (if not used, textfield is ONLY set readonly)
-- @locales: Show AR transactions as part of AR invoice report
-- @locales: Show delivery plan
-- @locales: Show delivery value report
-- @locales: Show sales letters report
-- @locales: AP
-- @locales: Create and edit RFQs
-- @locales: Create and edit purchase orders
-- @locales: Create and edit purchase delivery orders
-- @locales: Create and edit vendor invoices
-- @locales: Show AP transactions as part of AP invoice report
-- @locales: Warehouse management
-- @locales: View warehouse content
-- @locales: Warehouse management
-- @locales: General ledger and cash
-- @locales: Transactions, AR transactions, AP transactions
-- @locales: DATEV Export
-- @locales: Receipt, payment, reconciliation
-- @locales: Bank transactions
-- @locales: Reports
-- @locales: All reports
-- @locales: Advance turnover tax return
-- @locales: Batch Printing
-- @locales: Batch Printing
-- @locales: Configuration
-- @locales: Change kivitendo installation settings (most entries in the 'System' menu)
-- @locales: Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the 'System' menu)
-- @locales: Others
-- @locales: May set the BCC field when sending emails
-- @locales: Productivity
-- @locales: Show administration link
CREATE TABLE auth.master_rights (
id SERIAL PRIMARY KEY,
position INTEGER NOT NULL,
name TEXT NOT NULL UNIQUE,
description TEXT NOT NULL,
category BOOLEAN NOT NULL DEFAULT FALSE
);
INSERT INTO auth.master_rights (position, name, description, category) VALUES ( 1, 'master_data', 'Master Data', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES ( 2, 'customer_vendor_edit', 'Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)');
INSERT INTO auth.master_rights (position, name, description) VALUES ( 3, 'customer_vendor_all_edit', 'Create customers and vendors. Edit all vendors. Edit all customers');
INSERT INTO auth.master_rights (position, name, description) VALUES ( 4, 'part_service_assembly_edit', 'Create and edit parts, services, assemblies');
INSERT INTO auth.master_rights (position, name, description) VALUES ( 5, 'part_service_assembly_details', 'Show details and reports of parts, services, assemblies');
INSERT INTO auth.master_rights (position, name, description) VALUES ( 6, 'project_edit', 'Create and edit projects');
INSERT INTO auth.master_rights (position, name, description, category) VALUES ( 7, 'ar', 'AR', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES ( 8, 'requirement_spec_edit', 'Create and edit requirement specs');
INSERT INTO auth.master_rights (position, name, description) VALUES ( 9, 'sales_quotation_edit', 'Create and edit sales quotations');
INSERT INTO auth.master_rights (position, name, description) VALUES (10, 'sales_order_edit', 'Create and edit sales orders');
INSERT INTO auth.master_rights (position, name, description) VALUES (11, 'sales_delivery_order_edit', 'Create and edit sales delivery orders');
INSERT INTO auth.master_rights (position, name, description) VALUES (12, 'invoice_edit', 'Create and edit invoices and credit notes');
INSERT INTO auth.master_rights (position, name, description) VALUES (13, 'dunning_edit', 'Create and edit dunnings');
INSERT INTO auth.master_rights (position, name, description) VALUES (14, 'sales_letter_edit', 'Edit sales letters');
INSERT INTO auth.master_rights (position, name, description) VALUES (15, 'sales_all_edit', 'View/edit all employees sales documents');
INSERT INTO auth.master_rights (position, name, description) VALUES (16, 'edit_prices', 'Edit prices and discount (if not used, textfield is ONLY set readonly)');
INSERT INTO auth.master_rights (position, name, description) VALUES (17, 'show_ar_transactions', 'Show AR transactions as part of AR invoice report');
INSERT INTO auth.master_rights (position, name, description) VALUES (18, 'delivery_plan', 'Show delivery plan');
INSERT INTO auth.master_rights (position, name, description) VALUES (19, 'delivery_value_report', 'Show delivery value report');
INSERT INTO auth.master_rights (position, name, description) VALUES (20, 'sales_letter_report', 'Show sales letters report');
INSERT INTO auth.master_rights (position, name, description, category) VALUES (21, 'ap', 'AP', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES (22, 'request_quotation_edit', 'Create and edit RFQs');
INSERT INTO auth.master_rights (position, name, description) VALUES (23, 'purchase_order_edit', 'Create and edit purchase orders');
INSERT INTO auth.master_rights (position, name, description) VALUES (24, 'purchase_delivery_order_edit', 'Create and edit purchase delivery orders');
INSERT INTO auth.master_rights (position, name, description) VALUES (25, 'vendor_invoice_edit', 'Create and edit vendor invoices');
INSERT INTO auth.master_rights (position, name, description) VALUES (26, 'show_ap_transactions', 'Show AP transactions as part of AP invoice report');
INSERT INTO auth.master_rights (position, name, description, category) VALUES (27, 'warehouse', 'Warehouse management', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES (28, 'warehouse_contents', 'View warehouse content');
INSERT INTO auth.master_rights (position, name, description) VALUES (29, 'warehouse_management', 'Warehouse management');
INSERT INTO auth.master_rights (position, name, description, category) VALUES (30, 'general_ledger_cash', 'General ledger and cash', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES (31, 'general_ledger', 'Transactions, AR transactions, AP transactions');
INSERT INTO auth.master_rights (position, name, description) VALUES (32, 'datev_export', 'DATEV Export');
INSERT INTO auth.master_rights (position, name, description) VALUES (33, 'cash', 'Receipt, payment, reconciliation');
INSERT INTO auth.master_rights (position, name, description) VALUES (34, 'bank_transaction', 'Bank transactions');
INSERT INTO auth.master_rights (position, name, description, category) VALUES (35, 'reports', 'Reports', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES (36, 'report', 'All reports');
INSERT INTO auth.master_rights (position, name, description) VALUES (37, 'advance_turnover_tax_return', 'Advance turnover tax return');
INSERT INTO auth.master_rights (position, name, description, category) VALUES (38, 'batch_printing_category', 'Batch Printing', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES (39, 'batch_printing', 'Batch Printing');
INSERT INTO auth.master_rights (position, name, description, category) VALUES (40, 'configuration', 'Configuration', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES (41, 'config', 'Change kivitendo installation settings (most entries in the ''System'' menu)');
INSERT INTO auth.master_rights (position, name, description) VALUES (42, 'admin', 'Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the ''System'' menu)');
INSERT INTO auth.master_rights (position, name, description, category) VALUES (43, 'others', 'Others', TRUE);
INSERT INTO auth.master_rights (position, name, description) VALUES (44, 'email_bcc', 'May set the BCC field when sending emails');
INSERT INTO auth.master_rights (position, name, description) VALUES (45, 'productivity', 'Productivity');
INSERT INTO auth.master_rights (position, name, description) VALUES (46, 'display_admin_link', 'Show administration link');

Auch abrufbar als: Unified diff