Revision a1ea659f
Von Sven Schöling vor mehr als 9 Jahren hinzugefügt
SL/Auth.pm | ||
---|---|---|
return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token);
|
||
}
|
||
|
||
sub session_tables_present {
|
||
my $self = shift;
|
||
sub _tables_present {
|
||
my ($self, @tables) = @_;
|
||
my $cache_key = join '_', @tables;
|
||
|
||
# Only re-check for the presence of auth tables if either the check
|
||
# hasn't been done before of if they weren't present.
|
||
if ($self->{session_tables_present}) {
|
||
return $self->{session_tables_present};
|
||
}
|
||
return $self->{"$cache_key\_tables_present"} ||= do {
|
||
my $dbh = $self->dbconnect(1);
|
||
|
||
my $dbh = $self->dbconnect(1);
|
||
if (!$dbh) {
|
||
return 0;
|
||
}
|
||
|
||
if (!$dbh) {
|
||
return 0;
|
||
}
|
||
my $query =
|
||
qq|SELECT COUNT(*)
|
||
FROM pg_tables
|
||
WHERE (schemaname = 'auth')
|
||
AND (tablename IN (@{[ join ', ', ('?') x @tables ]}))|;
|
||
|
||
my $query =
|
||
qq|SELECT COUNT(*)
|
||
FROM pg_tables
|
||
WHERE (schemaname = 'auth')
|
||
AND (tablename IN ('session', 'session_content'))|;
|
||
my ($count) = selectrow_query($main::form, $dbh, $query, @tables);
|
||
|
||
my ($count) = selectrow_query($main::form, $dbh, $query);
|
||
return scalar @tables == $count;
|
||
}
|
||
}
|
||
|
||
$self->{session_tables_present} = 2 == $count;
|
||
sub session_tables_present {
|
||
$_[0]->_tables_present('session', 'session_content');
|
||
}
|
||
|
||
return $self->{session_tables_present};
|
||
sub master_rights_present {
|
||
$_[0]->_tables_present('master_rights');
|
||
}
|
||
|
||
# --------------------------------------
|
||
|
||
sub all_rights_full {
|
||
my $locale = $main::locale;
|
||
|
||
my @all_rights = (
|
||
["--master_data", $locale->text("Master Data")],
|
||
["customer_vendor_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)")],
|
||
["customer_vendor_all_edit", $locale->text("Create customers and vendors. Edit all vendors. Edit all customers")],
|
||
["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")],
|
||
["part_service_assembly_details", $locale->text("Show details and reports of parts, services, assemblies")],
|
||
["project_edit", $locale->text("Create and edit projects")],
|
||
["--ar", $locale->text("AR")],
|
||
["requirement_spec_edit", $locale->text("Create and edit requirement specs")],
|
||
["sales_quotation_edit", $locale->text("Create and edit sales quotations")],
|
||
["sales_order_edit", $locale->text("Create and edit sales orders")],
|
||
["sales_delivery_order_edit", $locale->text("Create and edit sales delivery orders")],
|
||
["invoice_edit", $locale->text("Create and edit invoices and credit notes")],
|
||
["dunning_edit", $locale->text("Create and edit dunnings")],
|
||
["sales_letter_edit", $locale->text("Edit sales letters")],
|
||
["sales_all_edit", $locale->text("View/edit all employees sales documents")],
|
||
["edit_prices", $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")],
|
||
["show_ar_transactions", $locale->text("Show AR transactions as part of AR invoice report")],
|
||
["delivery_plan", $locale->text("Show delivery plan")],
|
||
["delivery_value_report", $locale->text("Show delivery value report")],
|
||
["sales_letter_report", $locale->text("Show sales letters report")],
|
||
["--ap", $locale->text("AP")],
|
||
["request_quotation_edit", $locale->text("Create and edit RFQs")],
|
||
["purchase_order_edit", $locale->text("Create and edit purchase orders")],
|
||
["purchase_delivery_order_edit", $locale->text("Create and edit purchase delivery orders")],
|
||
["vendor_invoice_edit", $locale->text("Create and edit vendor invoices")],
|
||
["show_ap_transactions", $locale->text("Show AP transactions as part of AP invoice report")],
|
||
["--warehouse_management", $locale->text("Warehouse management")],
|
||
["warehouse_contents", $locale->text("View warehouse content")],
|
||
["warehouse_management", $locale->text("Warehouse management")],
|
||
["--general_ledger_cash", $locale->text("General ledger and cash")],
|
||
["general_ledger", $locale->text("Transactions, AR transactions, AP transactions")],
|
||
["datev_export", $locale->text("DATEV Export")],
|
||
["cash", $locale->text("Receipt, payment, reconciliation")],
|
||
["bank_transaction", $locale->text("Bank transactions")],
|
||
["--reports", $locale->text('Reports')],
|
||
["report", $locale->text('All reports')],
|
||
["advance_turnover_tax_return", $locale->text('Advance turnover tax return')],
|
||
["--batch_printing", $locale->text("Batch Printing")],
|
||
["batch_printing", $locale->text("Batch Printing")],
|
||
["--configuration", $locale->text("Configuration")],
|
||
["config", $locale->text("Change kivitendo installation settings (most entries in the 'System' menu)")],
|
||
["admin", $locale->text("Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the 'System' menu)")],
|
||
["--others", $locale->text("Others")],
|
||
["email_bcc", $locale->text("May set the BCC field when sending emails")],
|
||
["productivity", $locale->text("Productivity")],
|
||
["display_admin_link", $locale->text("Show administration link")],
|
||
);
|
||
|
||
return @all_rights;
|
||
my ($self) = @_;
|
||
|
||
@{ $self->{master_rights} ||= do {
|
||
$self->dbconnect->selectall_arrayref("SELECT name, description, category FROM auth.master_rights ORDER BY id");
|
||
}
|
||
}
|
||
}
|
||
|
||
sub all_rights {
|
||
return grep !/^--/, map { $_->[0] } all_rights_full();
|
||
return map { $_->[0] } grep { !$_->[2] } $_[0]->all_rights_full;
|
||
}
|
||
|
||
sub read_groups {
|
||
... | ... | |
$group->{rights}->{$row->{right}} |= $row->{granted};
|
||
}
|
||
|
||
map { $group->{rights}->{$_} = 0 if (!defined $group->{rights}->{$_}); } all_rights();
|
||
map { $group->{rights}->{$_} = 0 if (!defined $group->{rights}->{$_}); } $self->all_rights;
|
||
}
|
||
$sth->finish();
|
||
|
||
... | ... | |
my $dbh = $self->dbconnect;
|
||
my ($query, $sth, $row, $rights);
|
||
|
||
$rights = { map { $_ => 0 } all_rights() };
|
||
$rights = { map { $_ => 0 } $self->all_rights };
|
||
|
||
return $rights if !$self->client || !$login;
|
||
|
SL/Controller/Admin.pm | ||
---|---|---|
my (@sections, $current_section);
|
||
|
||
foreach my $entry ($::auth->all_rights_full) {
|
||
if ($entry->[0] =~ m/^--/) {
|
||
push @sections, { description => $entry->[1], rights => [] };
|
||
if ($entry->[2]) {
|
||
push @sections, { description => t8($entry->[1]), rights => [] };
|
||
|
||
} elsif (@sections) {
|
||
push @{ $sections[-1]->{rights} }, {
|
||
name => $entry->[0],
|
||
description => $entry->[1],
|
||
description => t8($entry->[1]),
|
||
};
|
||
|
||
} else {
|
SL/Controller/LoginScreen.pm | ||
---|---|---|
# Auth DB needs update? If so log the user out forcefully.
|
||
if (User::LOGIN_AUTH_DBUPDATE_AVAILABLE() == $result) {
|
||
$::auth->destroy_session;
|
||
return $self->render('login_screen/auth_db_needs_update');
|
||
# must be without layout because menu rights might not exist yet
|
||
return $self->render('login_screen/auth_db_needs_update', { layout => 0 });
|
||
}
|
||
|
||
# Basic client tables available? If not tell the user to create them
|
scripts/locales.pl | ||
---|---|---|
use Pod::Usage;
|
||
use YAML ();
|
||
use YAML::Loader (); # YAML tries to load Y:L at runtime, but can't find it after we chdir'ed
|
||
use SL::DBUpgrade2;
|
||
|
||
$OUTPUT_AUTOFLUSH = 1;
|
||
|
||
... | ... | |
handle_file(@{ $_ }) for @progfiles;
|
||
handle_file(@{ $_ }) for @dbplfiles;
|
||
scanmenu($_) for @menufiles;
|
||
scandbupgrades();
|
||
|
||
for my $file_name (grep { /\.(?:js|html)$/i } map({find_files($_)} @javascript_dirs)) {
|
||
scan_javascript_file($file_name);
|
||
... | ... | |
sub scanmenu {
|
||
my $file = shift;
|
||
|
||
print STDERR "trying to load file $file\n";
|
||
my $menu = YAML::LoadFile($file);
|
||
|
||
for my $node (@$menu) {
|
||
# possible for override files
|
||
next unless exists $node->{name};
|
||
|
||
$locale{$node->{name}} = 1;
|
||
$alllocales{$node->{name}} = 1;
|
||
$cached{$file}{all}{$node->{name}} = 1;
|
||
}
|
||
}
|
||
|
||
sub scandbupgrades {
|
||
# we only need to do this for auth atm, because only auth scripts can include new rights, which are translateable
|
||
my $auth = 1;
|
||
|
||
my $dbu = SL::DBUpgrade2->new(auth => $auth, path => '../../sql/Pg-upgrade2-auth');
|
||
|
||
for my $upgrade ($dbu->sort_dbupdate_controls) {
|
||
for my $string (@{ $upgrade->{locales} || [] }) {
|
||
$locale{$string} = 1;
|
||
$alllocales{$string} = 1;
|
||
$cached{$upgrade->{tag}}{all}{$string} = 1;
|
||
}
|
||
}
|
||
}
|
||
|
sql/Pg-upgrade2-auth/add_master_rights.sql | ||
---|---|---|
-- @tag: add_master_rights
|
||
-- @description: Rechte in die Datenbank migrieren
|
||
-- @depends: release_3_2_0
|
||
-- @charset: utf-8
|
||
-- @locales: Master Data
|
||
-- @locales: Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)
|
||
-- @locales: Create customers and vendors. Edit all vendors. Edit all customers
|
||
-- @locales: Create and edit parts, services, assemblies
|
||
-- @locales: Show details and reports of parts, services, assemblies
|
||
-- @locales: Create and edit projects
|
||
-- @locales: AR
|
||
-- @locales: Create and edit requirement specs
|
||
-- @locales: Create and edit sales quotations
|
||
-- @locales: Create and edit sales orders
|
||
-- @locales: Create and edit sales delivery orders
|
||
-- @locales: Create and edit invoices and credit notes
|
||
-- @locales: Create and edit dunnings
|
||
-- @locales: Edit sales letters
|
||
-- @locales: View/edit all employees sales documents
|
||
-- @locales: Edit prices and discount (if not used, textfield is ONLY set readonly)
|
||
-- @locales: Show AR transactions as part of AR invoice report
|
||
-- @locales: Show delivery plan
|
||
-- @locales: Show delivery value report
|
||
-- @locales: Show sales letters report
|
||
-- @locales: AP
|
||
-- @locales: Create and edit RFQs
|
||
-- @locales: Create and edit purchase orders
|
||
-- @locales: Create and edit purchase delivery orders
|
||
-- @locales: Create and edit vendor invoices
|
||
-- @locales: Show AP transactions as part of AP invoice report
|
||
-- @locales: Warehouse management
|
||
-- @locales: View warehouse content
|
||
-- @locales: Warehouse management
|
||
-- @locales: General ledger and cash
|
||
-- @locales: Transactions, AR transactions, AP transactions
|
||
-- @locales: DATEV Export
|
||
-- @locales: Receipt, payment, reconciliation
|
||
-- @locales: Bank transactions
|
||
-- @locales: Reports
|
||
-- @locales: All reports
|
||
-- @locales: Advance turnover tax return
|
||
-- @locales: Batch Printing
|
||
-- @locales: Batch Printing
|
||
-- @locales: Configuration
|
||
-- @locales: Change kivitendo installation settings (most entries in the 'System' menu)
|
||
-- @locales: Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the 'System' menu)
|
||
-- @locales: Others
|
||
-- @locales: May set the BCC field when sending emails
|
||
-- @locales: Productivity
|
||
-- @locales: Show administration link
|
||
|
||
CREATE TABLE auth.master_rights (
|
||
id SERIAL PRIMARY KEY,
|
||
position INTEGER NOT NULL,
|
||
name TEXT NOT NULL UNIQUE,
|
||
description TEXT NOT NULL,
|
||
category BOOLEAN NOT NULL DEFAULT FALSE
|
||
);
|
||
|
||
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES ( 1, 'master_data', 'Master Data', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES ( 2, 'customer_vendor_edit', 'Create customers and vendors. Edit all vendors. Edit only customers where salesman equals employee (login)');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES ( 3, 'customer_vendor_all_edit', 'Create customers and vendors. Edit all vendors. Edit all customers');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES ( 4, 'part_service_assembly_edit', 'Create and edit parts, services, assemblies');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES ( 5, 'part_service_assembly_details', 'Show details and reports of parts, services, assemblies');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES ( 6, 'project_edit', 'Create and edit projects');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES ( 7, 'ar', 'AR', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES ( 8, 'requirement_spec_edit', 'Create and edit requirement specs');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES ( 9, 'sales_quotation_edit', 'Create and edit sales quotations');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (10, 'sales_order_edit', 'Create and edit sales orders');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (11, 'sales_delivery_order_edit', 'Create and edit sales delivery orders');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (12, 'invoice_edit', 'Create and edit invoices and credit notes');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (13, 'dunning_edit', 'Create and edit dunnings');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (14, 'sales_letter_edit', 'Edit sales letters');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (15, 'sales_all_edit', 'View/edit all employees sales documents');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (16, 'edit_prices', 'Edit prices and discount (if not used, textfield is ONLY set readonly)');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (17, 'show_ar_transactions', 'Show AR transactions as part of AR invoice report');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (18, 'delivery_plan', 'Show delivery plan');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (19, 'delivery_value_report', 'Show delivery value report');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (20, 'sales_letter_report', 'Show sales letters report');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES (21, 'ap', 'AP', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (22, 'request_quotation_edit', 'Create and edit RFQs');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (23, 'purchase_order_edit', 'Create and edit purchase orders');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (24, 'purchase_delivery_order_edit', 'Create and edit purchase delivery orders');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (25, 'vendor_invoice_edit', 'Create and edit vendor invoices');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (26, 'show_ap_transactions', 'Show AP transactions as part of AP invoice report');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES (27, 'warehouse', 'Warehouse management', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (28, 'warehouse_contents', 'View warehouse content');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (29, 'warehouse_management', 'Warehouse management');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES (30, 'general_ledger_cash', 'General ledger and cash', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (31, 'general_ledger', 'Transactions, AR transactions, AP transactions');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (32, 'datev_export', 'DATEV Export');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (33, 'cash', 'Receipt, payment, reconciliation');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (34, 'bank_transaction', 'Bank transactions');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES (35, 'reports', 'Reports', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (36, 'report', 'All reports');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (37, 'advance_turnover_tax_return', 'Advance turnover tax return');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES (38, 'batch_printing_category', 'Batch Printing', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (39, 'batch_printing', 'Batch Printing');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES (40, 'configuration', 'Configuration', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (41, 'config', 'Change kivitendo installation settings (most entries in the ''System'' menu)');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (42, 'admin', 'Client administration: configuration, editing templates, task server control, background jobs (remaining entries in the ''System'' menu)');
|
||
INSERT INTO auth.master_rights (position, name, description, category) VALUES (43, 'others', 'Others', TRUE);
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (44, 'email_bcc', 'May set the BCC field when sending emails');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (45, 'productivity', 'Productivity');
|
||
INSERT INTO auth.master_rights (position, name, description) VALUES (46, 'display_admin_link', 'Show administration link');
|
Auch abrufbar als: Unified diff
Rechte: In die Datenbank verlagert