From: erickson Date: Wed, 22 Jun 2005 15:02:14 +0000 (+0000) Subject: Adding some initial permissions code X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=89ecace43afc3e26b92141100d5f8db169093ecf;p=Evergreen.git Adding some initial permissions code git-svn-id: svn://svn.open-ils.org/ILS/trunk@908 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm index 59b66e201a..74917ab847 100644 --- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm +++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm @@ -808,6 +808,18 @@ sub update_password { } +# returns undef on success, the first perm_type that failed +# on permission error + +__PACKAGE__->register_method( + method => "check_user_perms", + api_name => "open-ils.actor.user.email.update"); + +sub check_user_perms { + my( $self, $client, $user_id, $org_id, @perm_types ) = @_; +} + + diff --git a/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm b/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm index fabcae3e2e..05d1091be1 100644 --- a/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm +++ b/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm @@ -2,6 +2,7 @@ package OpenILS::Application::AppUtils; use strict; use warnings; use base qw/OpenSRF::Application/; use OpenSRF::Utils::Cache; +use OpenSRF::EX qw(:try); my $cache_client = "OpenSRF::Utils::Cache"; @@ -30,6 +31,33 @@ sub start_db_session { return $session; } + +# returns undef if user has all of the perms provided +# returns the first failed perm on failure +sub check_user_perms { + my($self, $user_id, $org_id, @perm_types ) = @_; + + throw OpenSRF::EX::ERROR ("Invalid call to check_user_perms()") + unless( defined($user_id) and defined($org_id) and @perm_types); + + my $session = OpenSRF::AppSession->create("open-ils.storage"); + for my $type (@perm_types) { + my $req = $session->request( + "open-ils.storage.permission.user_has_perm", + $user_id, $type, $org_id ); + my $resp = $req->gather(1); + if(!$resp) { + $session->disconnect(); + return $type; + } + } + + $session->disconnect(); + return undef; +} + + + # --------------------------------------------------------------------------- # commits and destroys the session # --------------------------------------------------------------------------- diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Auth.pm b/Open-ILS/src/perlmods/OpenILS/Application/Auth.pm index 950863f2cc..1902ae53fd 100644 --- a/Open-ILS/src/perlmods/OpenILS/Application/Auth.pm +++ b/Open-ILS/src/perlmods/OpenILS/Application/Auth.pm @@ -8,9 +8,12 @@ use OpenSRF::Utils::Logger qw(:level); use OpenILS::Utils::Fieldmapper; use OpenSRF::EX qw(:try); use OpenILS::Application::AppUtils; +use OpenILS::Perm; +use OpenILS::Application::AppUtils; # memcache handle my $cache_handle; +my $apputils = "OpenILS::Application::AppUtils"; # ------------------------------------------------------------- @@ -93,9 +96,11 @@ sub init_authenticate { # their password hash against our re-hashed version of the # password. If all goes well, we return the session id. # Otherwise, we return "0" +# If type is set to 'opac', then this is an opac login, +# otherwise, it's a staff login # ------------------------------------------------------------- sub complete_authenticate { - my( $self, $client, $username, $passwdhash ) = @_; + my( $self, $client, $username, $passwdhash, $type ) = @_; my $name = "open-ils.storage.direct.actor.user.search.usrname"; @@ -131,9 +136,20 @@ sub complete_authenticate { my $hash = md5_hex($current_seed . $password); if( $hash eq $passwdhash ) { + # password is correct... do they have permission to login here? + + my $timeout = 28800; #staff login timeout - different for opac? + + if($type eq "opac") { + # 1 is the top level org unit (we should probably load the tree and get id from it) + warn "Checking user perms for OPAC login\n"; + if($apputils->check_user_perms($user->id(), 1, "OPAC_LOGIN")) { + return OpenILS::Perm->new("OPAC_LOGIN"); + } + } - my $session_id = md5_hex( time() . $$ . rand() ); - $cache_handle->put_cache( $session_id, $user, 28800 ); + my $session_id = md5_hex(time() . $$ . rand()); + $cache_handle->put_cache( $session_id, $user, $timeout ); return $session_id; } else {