X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth.pm;h=7404f968586d1594fa39faf11c0b5333f340aadb;hb=bd5e6e9d89cd85fa3bf35c4fc3c90471380bd0f3;hp=90ce2b83ef1f3fa2c8ca21fcc3f217df4685f326;hpb=1f54d10475abbeea9bb777c615415e7b849bf2c3;p=koha.git diff --git a/C4/Auth.pm b/C4/Auth.pm old mode 100755 new mode 100644 index 90ce2b83ef..7404f96858 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -13,11 +13,12 @@ package C4::Auth; # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; +#use warnings; FIXME - Bug 2505 use Digest::MD5 qw(md5_base64); use Storable qw(thaw freeze); use URI::Escape; @@ -83,44 +84,46 @@ C4::Auth - Authenticates Koha users =head1 DESCRIPTION - The main function of this module is to provide - authentification. However the get_template_and_user function has - been provided so that a users login information is passed along - automatically. This gets loaded into the template. +The main function of this module is to provide +authentification. However the get_template_and_user function has +been provided so that a users login information is passed along +automatically. This gets loaded into the template. =head1 FUNCTIONS -=over 2 - -=item get_template_and_user - - my ($template, $borrowernumber, $cookie) - = get_template_and_user( - { - template_name => "opac-main.tmpl", - query => $query, - type => "opac", - authnotrequired => 1, - flagsrequired => {borrow => 1, catalogue => '*', tools => 'import_patrons' }, - } - ); - - This call passes the C, C and C - to C<&checkauth> (in this module) to perform authentification. - See C<&checkauth> for an explanation of these parameters. - - The C is then used to find the correct template for - the page. The authenticated users details are loaded onto the - template in the HTML::Template LOOP variable C. Also the - C is passed to the template. This can be used in templates - if cookies are disabled. It needs to be put as and input to every - authenticated page. - - More information on the C sub can be found in the - Output.pm module. +=head2 get_template_and_user + + my ($template, $borrowernumber, $cookie) + = get_template_and_user( + { + template_name => "opac-main.tmpl", + query => $query, + type => "opac", + authnotrequired => 1, + flagsrequired => {borrow => 1, catalogue => '*', tools => 'import_patrons' }, + } + ); + +This call passes the C, C and C +to C<&checkauth> (in this module) to perform authentification. +See C<&checkauth> for an explanation of these parameters. + +The C is then used to find the correct template for +the page. The authenticated users details are loaded onto the +template in the HTML::Template LOOP variable C. Also the +C is passed to the template. This can be used in templates +if cookies are disabled. It needs to be put as and input to every +authenticated page. + +More information on the C sub can be found in the +Output.pm module. =cut +my $SEARCH_HISTORY_INSERT_SQL =<preference('GranularPermissions')) { - if ( $flags ) { - foreach my $module (keys %$all_perms) { - if ( $flags->{$module} == 1) { - foreach my $subperm (keys %{ $all_perms->{$module} }) { - $template->param( "CAN_user_${module}_${subperm}" => 1 ); - } - } elsif ( ref($flags->{$module}) ) { - foreach my $subperm (keys %{ $flags->{$module} } ) { - $template->param( "CAN_user_${module}_${subperm}" => 1 ); - } - } - } - } - } else { + if ( $flags ) { foreach my $module (keys %$all_perms) { - foreach my $subperm (keys %{ $all_perms->{$module} }) { - $template->param( "CAN_user_${module}_${subperm}" => 1 ); + if ( $flags->{$module} == 1) { + foreach my $subperm (keys %{ $all_perms->{$module} }) { + $template->param( "CAN_user_${module}_${subperm}" => 1 ); + } + } elsif ( ref($flags->{$module}) ) { + foreach my $subperm (keys %{ $flags->{$module} } ) { + $template->param( "CAN_user_${module}_${subperm}" => 1 ); + } } } } @@ -251,31 +246,19 @@ sub get_template_and_user { # And if there's a cookie with searches performed when the user was not logged in, # we add them to the logged-in search history - my @recentSearches; my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); if ($searchcookie){ $searchcookie = uri_unescape($searchcookie); - if (thaw($searchcookie)) { - @recentSearches = @{thaw($searchcookie)}; - } - - if (@recentSearches > 0) { - my $query = "INSERT INTO search_history(userid, sessionid, query_desc, query_cgi, total, time) VALUES"; - my $icount = 1; - foreach my $asearch (@recentSearches) { - $query .= "("; - $query .= $borrowernumber . ", "; - $query .= '"' . $in->{'query'}->cookie("CGISESSID") . "\", "; - $query .= '"' . $asearch->{'query_desc'} . "\", "; - $query .= '"' . $asearch->{'query_cgi'} . "\", "; - $query .= $asearch->{'total'} . ", "; - $query .= 'FROM_UNIXTIME(' . $asearch->{'time'} . "))"; - if ($icount < @recentSearches) { $query .= ", ";} - $icount++; - } - - my $sth = $dbh->prepare($query); - $sth->execute; + my @recentSearches = @{thaw($searchcookie) || []}; + if (@recentSearches) { + my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); + $sth->execute( $borrowernumber, + $in->{'query'}->cookie("CGISESSID"), + $_->{'query_desc'}, + $_->{'query_cgi'}, + $_->{'total'}, + $_->{'time'}, + ) foreach @recentSearches; # And then, delete the cookie's content my $newsearchcookie = $in->{'query'}->cookie( @@ -314,11 +297,13 @@ sub get_template_and_user { } # Anonymous opac search history # If opac search history is enabled and at least one search has already been performed - if (C4::Context->preference('EnableOpacSearchHistory') && $in->{'query'}->cookie('KohaOpacRecentSearches')) { + if (C4::Context->preference('EnableOpacSearchHistory')) { + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; # We show the link in opac - if (thaw(uri_unescape($in->{'query'}->cookie('KohaOpacRecentSearches')))) { - my @recentSearches = @{thaw(uri_unescape($in->{'query'}->cookie('KohaOpacRecentSearches')))}; - if (@recentSearches > 0) { + if (@recentSearches) { $template->param(ShowOpacRecentSearchLink => 1); } } @@ -353,11 +338,15 @@ sub get_template_and_user { XSLTDetailsDisplay => C4::Context->preference("XSLTDetailsDisplay"), XSLTResultsDisplay => C4::Context->preference("XSLTResultsDisplay"), BranchesLoop => GetBranchesLoop(), + using_https => $in->{'query'}->https() ? 1 : 0, + noItemTypeImages => C4::Context->preference("noItemTypeImages"), ); if ( $in->{'type'} eq "intranet" ) { $template->param( AmazonContent => C4::Context->preference("AmazonContent"), + AmazonCoverImages => C4::Context->preference("AmazonCoverImages"), + AmazonEnabled => C4::Context->preference("AmazonEnabled"), AmazonSimilarItems => C4::Context->preference("AmazonSimilarItems"), AutoLocation => C4::Context->preference("AutoLocation"), "BiblioDefaultView".C4::Context->preference("IntranetBiblioDefaultView") => 1, @@ -368,7 +357,6 @@ sub get_template_and_user { IntranetmainUserblock => C4::Context->preference("IntranetmainUserblock"), LibraryName => C4::Context->preference("LibraryName"), LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:"insecure"), - TemplateEncoding => C4::Context->preference("TemplateEncoding"), advancedMARCEditor => C4::Context->preference("advancedMARCEditor"), canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'), intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"), @@ -376,7 +364,6 @@ sub get_template_and_user { intranetstylesheet => C4::Context->preference("intranetstylesheet"), intranetuserjs => C4::Context->preference("intranetuserjs"), intranetbookbag => C4::Context->preference("intranetbookbag"), - noItemTypeImages => C4::Context->preference("noItemTypeImages"), suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), StaffSerialIssueDisplayCount => C4::Context->preference("StaffSerialIssueDisplayCount"), @@ -433,7 +420,6 @@ sub get_template_and_user { OPACFinesTab => C4::Context->preference("OPACFinesTab"), OpacTopissue => C4::Context->preference("OpacTopissue"), RequestOnOpac => C4::Context->preference("RequestOnOpac"), - TemplateEncoding => "". C4::Context->preference("TemplateEncoding"), 'Version' => C4::Context->preference('Version'), hidelostitems => C4::Context->preference("hidelostitems"), mylibraryfirst => (C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv) ? C4::Context->userenv->{'branch'} : '', @@ -453,13 +439,27 @@ sub get_template_and_user { virtualshelves => "" . C4::Context->preference("virtualshelves"), OPACSerialIssueDisplayCount => C4::Context->preference("OPACSerialIssueDisplayCount"), OpacAddMastheadLibraryPulldown => C4::Context->preference("OpacAddMastheadLibraryPulldown"), + OPACXSLTDetailsDisplay => C4::Context->preference("OPACXSLTDetailsDisplay"), + OPACXSLTResultsDisplay => C4::Context->preference("OPACXSLTResultsDisplay"), + SyndeticsClientCode => C4::Context->preference("SyndeticsClientCode"), + SyndeticsEnabled => C4::Context->preference("SyndeticsEnabled"), + SyndeticsCoverImages => C4::Context->preference("SyndeticsCoverImages"), + SyndeticsTOC => C4::Context->preference("SyndeticsTOC"), + SyndeticsSummary => C4::Context->preference("SyndeticsSummary"), + SyndeticsEditions => C4::Context->preference("SyndeticsEditions"), + SyndeticsExcerpt => C4::Context->preference("SyndeticsExcerpt"), + SyndeticsReviews => C4::Context->preference("SyndeticsReviews"), + SyndeticsAuthorNotes => C4::Context->preference("SyndeticsAuthorNotes"), + SyndeticsAwards => C4::Context->preference("SyndeticsAwards"), + SyndeticsSeries => C4::Context->preference("SyndeticsSeries"), + SyndeticsCoverImageSize => C4::Context->preference("SyndeticsCoverImageSize"), ); } $template->param(listloop=>[{shelfname=>"Freelist", shelfnumber=>110}]); return ( $template, $borrowernumber, $cookie, $flags); } -=item checkauth +=head2 checkauth ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type); @@ -494,21 +494,22 @@ that the user must have the "circulate" privilege in order to proceed. To make sure that access control is correct, the C<$flagsrequired> parameter must be specified correctly. -If the GranularPermissions system preference is ON, the -value of each key in the C hash takes on an additional -meaning, e.g., +Koha also has a concept of sub-permissions, also known as +granular permissions. This makes the value of each key +in the C hash take on an additional +meaning, i.e., -=item 1 + 1 The user must have access to all subfunctions of the module specified by the hash key. -=item * + * The user must have access to at least one subfunction of the module specified by the hash key. -=item specific permission, e.g., 'export_catalog' + specific permission, e.g., 'export_catalog' The user must have access to the specific subfunction list, which must correspond to a row in the permissions table. @@ -716,7 +717,7 @@ sub checkauth { ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); } if ($return) { - _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime); + _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime)); if ( $flags = haspermission( $userid, $flagsrequired ) ) { $loggedin = 1; } @@ -937,7 +938,6 @@ sub checkauth { intranetbookbag => C4::Context->preference("intranetbookbag"), IntranetNav => C4::Context->preference("IntranetNav"), intranetuserjs => C4::Context->preference("intranetuserjs"), - TemplateEncoding => C4::Context->preference("TemplateEncoding"), IndependantBranches=> C4::Context->preference("IndependantBranches"), AutoLocation => C4::Context->preference("AutoLocation"), wrongip => $info{'wrongip'} @@ -968,7 +968,7 @@ sub checkauth { exit; } -=item check_api_auth +=head2 check_api_auth ($status, $cookie, $sessionId) = check_api_auth($query, $userflags); @@ -988,7 +988,7 @@ are OK. Possible return values in C<$status> are: -=over 4 +=over =item "ok" -- user authenticated; C<$cookie> and C<$sessionid> have valid values. @@ -1202,7 +1202,7 @@ sub check_api_auth { } } -=item check_cookie_auth +=head2 check_cookie_auth ($status, $sessionId) = check_api_auth($cookie, $userflags); @@ -1215,7 +1215,7 @@ have been authenticated in the usual way. Possible return values in C<$status> are: -=over 4 +=over =item "ok" -- user authenticated; C<$sessionID> have valid values. @@ -1311,7 +1311,7 @@ sub check_cookie_auth { } } -=item get_session +=head2 get_session use CGI::Session; my $session = get_session($sessionID); @@ -1415,7 +1415,7 @@ sub checkpw { return 0; } -=item getuserflags +=head2 getuserflags my $authflags = getuserflags($flags, $userid, [$dbh]); @@ -1455,24 +1455,20 @@ sub getuserflags { return $userflags; } -=item get_user_subpermissions +=head2 get_user_subpermissions -=over 4 - -my $user_perm_hashref = get_user_subpermissions($userid); - -=back + $user_perm_hashref = get_user_subpermissions($userid); Given the userid (note, not the borrowernumber) of a staff user, return a hashref of hashrefs of the specific subpermissions accorded to the user. An example return is -{ + { tools => { export_catalog => 1, import_patrons => 1, } -} + } The top-level hash-key is a module or function code from userflags.flag, while the second-level key is a code @@ -1503,13 +1499,9 @@ sub get_user_subpermissions { return $user_perms; } -=item get_all_subpermissions +=head2 get_all_subpermissions -=over 4 - -my $perm_hashref = get_all_subpermissions(); - -=back + my $perm_hashref = get_all_subpermissions(); Returns a hashref of hashrefs defining all specific permissions currently defined. The return value @@ -1533,7 +1525,7 @@ sub get_all_subpermissions { return $all_perms; } -=item haspermission +=head2 haspermission $flags = ($userid, $flagsrequired); @@ -1559,20 +1551,16 @@ sub haspermission { } return $flags if $flags->{superlibrarian}; foreach my $module ( keys %$flagsrequired ) { - if (C4::Context->preference('GranularPermissions')) { - my $subperm = $flagsrequired->{$module}; - if ($subperm eq '*') { - return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) ); - } else { - return 0 unless ( $flags->{$module} == 1 or - ( ref($flags->{$module}) and - exists $flags->{$module}->{$subperm} and - $flags->{$module}->{$subperm} == 1 - ) - ); - } + my $subperm = $flagsrequired->{$module}; + if ($subperm eq '*') { + return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) ); } else { - return 0 unless ( $flags->{$module} ); + return 0 unless ( $flags->{$module} == 1 or + ( ref($flags->{$module}) and + exists $flags->{$module}->{$subperm} and + $flags->{$module}->{$subperm} == 1 + ) + ); } } return $flags; @@ -1603,8 +1591,6 @@ END { } # module clean-up code here (global destructor) 1; __END__ -=back - =head1 SEE ALSO CGI(3)