}
+# returns undef on success, the first perm_type that failed
+# on permission error
+
+__PACKAGE__->register_method(
+ method => "check_user_perms",
+ api_name => "open-ils.actor.user.email.update");
+
+sub check_user_perms {
+ my( $self, $client, $user_id, $org_id, @perm_types ) = @_;
+}
+
+
use strict; use warnings;
use base qw/OpenSRF::Application/;
use OpenSRF::Utils::Cache;
+use OpenSRF::EX qw(:try);
my $cache_client = "OpenSRF::Utils::Cache";
return $session;
}
+
+# returns undef if user has all of the perms provided
+# returns the first failed perm on failure
+sub check_user_perms {
+ my($self, $user_id, $org_id, @perm_types ) = @_;
+
+ throw OpenSRF::EX::ERROR ("Invalid call to check_user_perms()")
+ unless( defined($user_id) and defined($org_id) and @perm_types);
+
+ my $session = OpenSRF::AppSession->create("open-ils.storage");
+ for my $type (@perm_types) {
+ my $req = $session->request(
+ "open-ils.storage.permission.user_has_perm",
+ $user_id, $type, $org_id );
+ my $resp = $req->gather(1);
+ if(!$resp) {
+ $session->disconnect();
+ return $type;
+ }
+ }
+
+ $session->disconnect();
+ return undef;
+}
+
+
+
# ---------------------------------------------------------------------------
# commits and destroys the session
# ---------------------------------------------------------------------------
use OpenILS::Utils::Fieldmapper;
use OpenSRF::EX qw(:try);
use OpenILS::Application::AppUtils;
+use OpenILS::Perm;
+use OpenILS::Application::AppUtils;
# memcache handle
my $cache_handle;
+my $apputils = "OpenILS::Application::AppUtils";
# -------------------------------------------------------------
# their password hash against our re-hashed version of the
# password. If all goes well, we return the session id.
# Otherwise, we return "0"
+# If type is set to 'opac', then this is an opac login,
+# otherwise, it's a staff login
# -------------------------------------------------------------
sub complete_authenticate {
- my( $self, $client, $username, $passwdhash ) = @_;
+ my( $self, $client, $username, $passwdhash, $type ) = @_;
my $name = "open-ils.storage.direct.actor.user.search.usrname";
my $hash = md5_hex($current_seed . $password);
if( $hash eq $passwdhash ) {
+ # password is correct... do they have permission to login here?
+
+ my $timeout = 28800; #staff login timeout - different for opac?
+
+ if($type eq "opac") {
+ # 1 is the top level org unit (we should probably load the tree and get id from it)
+ warn "Checking user perms for OPAC login\n";
+ if($apputils->check_user_perms($user->id(), 1, "OPAC_LOGIN")) {
+ return OpenILS::Perm->new("OPAC_LOGIN");
+ }
+ }
- my $session_id = md5_hex( time() . $$ . rand() );
- $cache_handle->put_cache( $session_id, $user, 28800 );
+ my $session_id = md5_hex(time() . $$ . rand());
+ $cache_handle->put_cache( $session_id, $user, $timeout );
return $session_id;
} else {
projects / Evergreen.git / commitdiff