($status, $sessionId) = check_api_auth($cookie, $userflags);
Given a CGISESSID cookie set during a previous login to Koha, determine
-if the user has the privileges specified by C<$userflags>.
+if the user has the privileges specified by C<$userflags>. C<$userflags>
+is passed unaltered into C<haspermission> and as such accepts all options
+avaiable to that routine with the one caveat that C<check_api_auth> will
+also allow 'undef' to be passed and in such a case the permissions check
+will be skipped altogether.
C<check_cookie_auth> is meant for authenticating special services
such as tools/upload-file.pl that are invoked by other pages that
return ( "expired", undef );
} else {
$session->param( 'lasttime', time() );
- my $flags = haspermission( $userid, $flagsrequired );
+ my $flags = defined($flagsrequired) ? haspermission( $userid, $flagsrequired ) : 1;
if ($flags) {
return ( "ok", $sessionID );
} else {
=head2 haspermission
+ $flagsrequired = '*'; # Any permission at all
+ $flagsrequired = 'a_flag'; # a_flag must be satisfied (all subpermissions)
+ $flagsrequired = [ 'a_flag', 'b_flag' ]; # a_flag OR b_flag must be satisfied
+ $flagsrequired = { 'a_flag => 1, 'b_flag' => 1 }; # a_flag AND b_flag must be satisfied
+ $flagsrequired = { 'a_flag' => 'sub_a' }; # sub_a of a_flag must be satisfied
+ $flagsrequired = { 'a_flag' => [ 'sub_a, 'sub_b' ] }; # sub_a OR sub_b of a_flag must be satisfied
+
$flags = ($userid, $flagsrequired);
C<$userid> the userid of the member
C<$flags> is a query structure similar to that used by SQL::Abstract that
-denotes the combination of flags required.
+denotes the combination of flags required. It is a required parameter.
The main logic of this method is that things in arrays are OR'ed, and things
-in hashes are AND'ed.
+in hashes are AND'ed. The `*` character can be used, at any depth, to denote `ANY`
Returns member's flags or 0 if a permission is not met.
sub haspermission {
my ( $userid, $flagsrequired ) = @_;
- Koha::Exceptions::WrongParameter->throw('$flagsrequired should not be undef')
- unless defined($flagsrequired);
+
+ #Koha::Exceptions::WrongParameter->throw('$flagsrequired should not be undef')
+ # unless defined($flagsrequired);
my $sth = C4::Context->dbh->prepare("SELECT flags FROM borrowers WHERE userid=?");
$sth->execute($userid);
my $row = $sth->fetchrow();
my $flags = getuserflags( $row, $userid );
+ return $flags unless defined($flagsrequired);
return $flags if $flags->{superlibrarian};
return _dispatch($flagsrequired, $flags);