X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth.pm;h=593f36e74db440231737be3d5fed4381b0705204;hb=141313666f0eadcd133b91ad2e3920f0107264a9;hp=e1f5b9a9b398ec2f31a2b4a9c4ce5725a2595619;hpb=ec48133f711be97bc87d3f5d52c318736237f291;p=koha.git diff --git a/C4/Auth.pm b/C4/Auth.pm old mode 100755 new mode 100644 index e1f5b9a9b3..593f36e74d --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -13,11 +13,12 @@ package C4::Auth; # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; +#use warnings; FIXME - Bug 2505 use Digest::MD5 qw(md5_base64); use Storable qw(thaw freeze); use URI::Escape; @@ -83,44 +84,46 @@ C4::Auth - Authenticates Koha users =head1 DESCRIPTION - The main function of this module is to provide - authentification. However the get_template_and_user function has - been provided so that a users login information is passed along - automatically. This gets loaded into the template. +The main function of this module is to provide +authentification. However the get_template_and_user function has +been provided so that a users login information is passed along +automatically. This gets loaded into the template. =head1 FUNCTIONS -=over 2 - -=item get_template_and_user - - my ($template, $borrowernumber, $cookie) - = get_template_and_user( - { - template_name => "opac-main.tmpl", - query => $query, - type => "opac", - authnotrequired => 1, - flagsrequired => {borrow => 1, catalogue => '*', tools => 'import_patrons' }, - } - ); - - This call passes the C, C and C - to C<&checkauth> (in this module) to perform authentification. - See C<&checkauth> for an explanation of these parameters. - - The C is then used to find the correct template for - the page. The authenticated users details are loaded onto the - template in the HTML::Template LOOP variable C. Also the - C is passed to the template. This can be used in templates - if cookies are disabled. It needs to be put as and input to every - authenticated page. - - More information on the C sub can be found in the - Output.pm module. +=head2 get_template_and_user + + my ($template, $borrowernumber, $cookie) + = get_template_and_user( + { + template_name => "opac-main.tmpl", + query => $query, + type => "opac", + authnotrequired => 1, + flagsrequired => {borrow => 1, catalogue => '*', tools => 'import_patrons' }, + } + ); + +This call passes the C, C and C +to C<&checkauth> (in this module) to perform authentification. +See C<&checkauth> for an explanation of these parameters. + +The C is then used to find the correct template for +the page. The authenticated users details are loaded onto the +template in the HTML::Template LOOP variable C. Also the +C is passed to the template. This can be used in templates +if cookies are disabled. It needs to be put as and input to every +authenticated page. + +More information on the C sub can be found in the +Output.pm module. =cut +my $SEARCH_HISTORY_INSERT_SQL =<param( bartotal => $total->{'bartotal'}, ) if ($total->{'bartotal'} > scalar (@$barshelves)); } - $borrowernumber = getborrowernumber($user); + $borrowernumber = getborrowernumber($user) if defined($user); + my ( $borr ) = GetMemberDetails( $borrowernumber ); my @bordat; $bordat[0] = $borr; @@ -202,24 +206,16 @@ sub get_template_and_user { } } - if (C4::Context->preference('GranularPermissions')) { - if ( $flags ) { - foreach my $module (keys %$all_perms) { - if ( $flags->{$module} == 1) { - foreach my $subperm (keys %{ $all_perms->{$module} }) { - $template->param( "CAN_user_${module}_${subperm}" => 1 ); - } - } elsif ( ref($flags->{$module}) ) { - foreach my $subperm (keys %{ $flags->{$module} } ) { - $template->param( "CAN_user_${module}_${subperm}" => 1 ); - } - } - } - } - } else { + if ( $flags ) { foreach my $module (keys %$all_perms) { - foreach my $subperm (keys %{ $all_perms->{$module} }) { - $template->param( "CAN_user_${module}_${subperm}" => 1 ); + if ( $flags->{$module} == 1) { + foreach my $subperm (keys %{ $all_perms->{$module} }) { + $template->param( "CAN_user_${module}_${subperm}" => 1 ); + } + } elsif ( ref($flags->{$module}) ) { + foreach my $subperm (keys %{ $flags->{$module} } ) { + $template->param( "CAN_user_${module}_${subperm}" => 1 ); + } } } } @@ -250,31 +246,19 @@ sub get_template_and_user { # And if there's a cookie with searches performed when the user was not logged in, # we add them to the logged-in search history - my @recentSearches; my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); if ($searchcookie){ $searchcookie = uri_unescape($searchcookie); - if (thaw($searchcookie)) { - @recentSearches = @{thaw($searchcookie)}; - } - - if (@recentSearches > 0) { - my $query = "INSERT INTO search_history(userid, sessionid, query_desc, query_cgi, total, time) VALUES"; - my $icount = 1; - foreach my $asearch (@recentSearches) { - $query .= "("; - $query .= $borrowernumber . ", "; - $query .= '"' . $in->{'query'}->cookie("CGISESSID") . "\", "; - $query .= '"' . $asearch->{'query_desc'} . "\", "; - $query .= '"' . $asearch->{'query_cgi'} . "\", "; - $query .= $asearch->{'total'} . ", "; - $query .= 'FROM_UNIXTIME(' . $asearch->{'time'} . "))"; - if ($icount < @recentSearches) { $query .= ", ";} - $icount++; - } - - my $sth = $dbh->prepare($query); - $sth->execute; + my @recentSearches = @{thaw($searchcookie) || []}; + if (@recentSearches) { + my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); + $sth->execute( $borrowernumber, + $in->{'query'}->cookie("CGISESSID"), + $_->{'query_desc'}, + $_->{'query_cgi'}, + $_->{'total'}, + $_->{'time'}, + ) foreach @recentSearches; # And then, delete the cookie's content my $newsearchcookie = $in->{'query'}->cookie( @@ -313,16 +297,30 @@ sub get_template_and_user { } # Anonymous opac search history # If opac search history is enabled and at least one search has already been performed - if (C4::Context->preference('EnableOpacSearchHistory') && $in->{'query'}->cookie('KohaOpacRecentSearches')) { + if (C4::Context->preference('EnableOpacSearchHistory')) { + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; # We show the link in opac - if (thaw(uri_unescape($in->{'query'}->cookie('KohaOpacRecentSearches')))) { - my @recentSearches = @{thaw(uri_unescape($in->{'query'}->cookie('KohaOpacRecentSearches')))}; - if (@recentSearches > 0) { + if (@recentSearches) { $template->param(ShowOpacRecentSearchLink => 1); } } } + if(C4::Context->preference('dateformat')){ + if(C4::Context->preference('dateformat') eq "metric"){ + $template->param(dateformat_metric => 1); + } elsif(C4::Context->preference('dateformat') eq "us"){ + $template->param(dateformat_us => 1); + } else { + $template->param(dateformat_iso => 1); + } + } else { + $template->param(dateformat_iso => 1); + } + # these template parameters are set the same regardless of $in->{'type'} $template->param( "BiblioDefaultView".C4::Context->preference("BiblioDefaultView") => 1, @@ -337,13 +335,17 @@ sub get_template_and_user { 'item-level_itypes' => C4::Context->preference('item-level_itypes'), patronimages => C4::Context->preference("patronimages"), singleBranchMode => C4::Context->preference("singleBranchMode"), - XSLTDetailsDisplay => C4::Context->preference("XSLTDetailsDisplay"), - XSLTResultsDisplay => C4::Context->preference("XSLTResultsDisplay"), - ); + XSLTDetailsDisplay => C4::Context->preference("XSLTDetailsDisplay"), + XSLTResultsDisplay => C4::Context->preference("XSLTResultsDisplay"), + BranchesLoop => GetBranchesLoop(), + using_https => $in->{'query'}->https() ? 1 : 0, + ); if ( $in->{'type'} eq "intranet" ) { $template->param( AmazonContent => C4::Context->preference("AmazonContent"), + AmazonCoverImages => C4::Context->preference("AmazonCoverImages"), + AmazonEnabled => C4::Context->preference("AmazonEnabled"), AmazonSimilarItems => C4::Context->preference("AmazonSimilarItems"), AutoLocation => C4::Context->preference("AutoLocation"), "BiblioDefaultView".C4::Context->preference("IntranetBiblioDefaultView") => 1, @@ -397,6 +399,7 @@ sub get_template_and_user { OPACAmazonCoverImages => C4::Context->preference("OPACAmazonCoverImages"), OPACAmazonReviews => C4::Context->preference("OPACAmazonReviews"), OPACFRBRizeEditions => C4::Context->preference("OPACFRBRizeEditions"), + OpacHighlightedWords => C4::Context->preference("OpacHighlightedWords"), OPACItemHolds => C4::Context->preference("OPACItemHolds"), OPACShelfBrowser => "". C4::Context->preference("OPACShelfBrowser"), OPACURLOpenInNewWindow => "" . C4::Context->preference("OPACURLOpenInNewWindow"), @@ -436,14 +439,29 @@ sub get_template_and_user { reviewson => C4::Context->preference("reviewson"), suggestion => "" . C4::Context->preference("suggestion"), virtualshelves => "" . C4::Context->preference("virtualshelves"), - OPACSerialIssueDisplayCount => C4::Context->preference("OPACSerialIssueDisplayCount"), + OPACSerialIssueDisplayCount => C4::Context->preference("OPACSerialIssueDisplayCount"), + OpacAddMastheadLibraryPulldown => C4::Context->preference("OpacAddMastheadLibraryPulldown"), + OPACXSLTDetailsDisplay => C4::Context->preference("OPACXSLTDetailsDisplay"), + OPACXSLTResultsDisplay => C4::Context->preference("OPACXSLTResultsDisplay"), + SyndeticsClientCode => C4::Context->preference("SyndeticsClientCode"), + SyndeticsEnabled => C4::Context->preference("SyndeticsEnabled"), + SyndeticsCoverImages => C4::Context->preference("SyndeticsCoverImages"), + SyndeticsTOC => C4::Context->preference("SyndeticsTOC"), + SyndeticsSummary => C4::Context->preference("SyndeticsSummary"), + SyndeticsEditions => C4::Context->preference("SyndeticsEditions"), + SyndeticsExcerpt => C4::Context->preference("SyndeticsExcerpt"), + SyndeticsReviews => C4::Context->preference("SyndeticsReviews"), + SyndeticsAuthorNotes => C4::Context->preference("SyndeticsAuthorNotes"), + SyndeticsAwards => C4::Context->preference("SyndeticsAwards"), + SyndeticsSeries => C4::Context->preference("SyndeticsSeries"), + SyndeticsCoverImageSize => C4::Context->preference("SyndeticsCoverImageSize"), ); } $template->param(listloop=>[{shelfname=>"Freelist", shelfnumber=>110}]); return ( $template, $borrowernumber, $cookie, $flags); } -=item checkauth +=head2 checkauth ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type); @@ -478,21 +496,22 @@ that the user must have the "circulate" privilege in order to proceed. To make sure that access control is correct, the C<$flagsrequired> parameter must be specified correctly. -If the GranularPermissions system preference is ON, the -value of each key in the C hash takes on an additional -meaning, e.g., +Koha also has a concept of sub-permissions, also known as +granular permissions. This makes the value of each key +in the C hash take on an additional +meaning, i.e., -=item 1 + 1 The user must have access to all subfunctions of the module specified by the hash key. -=item * + * The user must have access to at least one subfunction of the module specified by the hash key. -=item specific permission, e.g., 'export_catalog' + specific permission, e.g., 'export_catalog' The user must have access to the specific subfunction list, which must correspond to a row in the permissions table. @@ -952,7 +971,7 @@ sub checkauth { exit; } -=item check_api_auth +=head2 check_api_auth ($status, $cookie, $sessionId) = check_api_auth($query, $userflags); @@ -972,7 +991,7 @@ are OK. Possible return values in C<$status> are: -=over 4 +=over =item "ok" -- user authenticated; C<$cookie> and C<$sessionid> have valid values. @@ -1186,7 +1205,7 @@ sub check_api_auth { } } -=item check_cookie_auth +=head2 check_cookie_auth ($status, $sessionId) = check_api_auth($cookie, $userflags); @@ -1199,7 +1218,7 @@ have been authenticated in the usual way. Possible return values in C<$status> are: -=over 4 +=over =item "ok" -- user authenticated; C<$sessionID> have valid values. @@ -1295,7 +1314,7 @@ sub check_cookie_auth { } } -=item get_session +=head2 get_session use CGI::Session; my $session = get_session($sessionID); @@ -1399,7 +1418,7 @@ sub checkpw { return 0; } -=item getuserflags +=head2 getuserflags my $authflags = getuserflags($flags, $userid, [$dbh]); @@ -1439,24 +1458,20 @@ sub getuserflags { return $userflags; } -=item get_user_subpermissions - -=over 4 +=head2 get_user_subpermissions -my $user_perm_hashref = get_user_subpermissions($userid); - -=back + $user_perm_hashref = get_user_subpermissions($userid); Given the userid (note, not the borrowernumber) of a staff user, return a hashref of hashrefs of the specific subpermissions accorded to the user. An example return is -{ + { tools => { export_catalog => 1, import_patrons => 1, } -} + } The top-level hash-key is a module or function code from userflags.flag, while the second-level key is a code @@ -1487,13 +1502,9 @@ sub get_user_subpermissions { return $user_perms; } -=item get_all_subpermissions - -=over 4 +=head2 get_all_subpermissions -my $perm_hashref = get_all_subpermissions(); - -=back + my $perm_hashref = get_all_subpermissions(); Returns a hashref of hashrefs defining all specific permissions currently defined. The return value @@ -1517,7 +1528,7 @@ sub get_all_subpermissions { return $all_perms; } -=item haspermission +=head2 haspermission $flags = ($userid, $flagsrequired); @@ -1543,20 +1554,16 @@ sub haspermission { } return $flags if $flags->{superlibrarian}; foreach my $module ( keys %$flagsrequired ) { - if (C4::Context->preference('GranularPermissions')) { - my $subperm = $flagsrequired->{$module}; - if ($subperm eq '*') { - return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) ); - } else { - return 0 unless ( $flags->{$module} == 1 or - ( ref($flags->{$module}) and - exists $flags->{$module}->{$subperm} and - $flags->{$module}->{$subperm} == 1 - ) - ); - } + my $subperm = $flagsrequired->{$module}; + if ($subperm eq '*') { + return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) ); } else { - return 0 unless ( $flags->{$module} ); + return 0 unless ( $flags->{$module} == 1 or + ( ref($flags->{$module}) and + exists $flags->{$module}->{$subperm} and + $flags->{$module}->{$subperm} == 1 + ) + ); } } return $flags; @@ -1587,8 +1594,6 @@ END { } # module clean-up code here (global destructor) 1; __END__ -=back - =head1 SEE ALSO CGI(3)