1 package FS::access_user;
2 use base qw( FS::m2m_Common FS::option_Common );
5 use vars qw( $DEBUG $me );
9 use FS::Record qw( qsearch qsearchs dbh );
15 $me = '[FS::access_user]';
19 FS::access_user - Object methods for access_user records
25 $record = new FS::access_user \%hash;
26 $record = new FS::access_user { 'column' => 'value' };
28 $error = $record->insert;
30 $error = $new_record->replace($old_record);
32 $error = $record->delete;
34 $error = $record->check;
38 An FS::access_user object represents an internal access user. FS::access_user
39 inherits from FS::Record. The following fields are currently supported:
51 =item _password_encoding
65 Master customer for this employee (for commissions)
69 Default sales person for this employee (for reports)
83 Creates a new internal access user. To add the user to the database, see L<"insert">.
85 Note that this stores the hash reference, not a distinct copy of the hash it
86 points to. You can ask the object for a copy with the I<hash> method.
90 # the new method can be inherited from FS::Record, if a table method is defined
92 sub table { 'access_user'; }
94 sub _option_table { 'access_user_pref'; }
95 sub _option_namecol { 'prefname'; }
96 sub _option_valuecol { 'prefvalue'; }
100 Adds this record to the database. If there is an error, returns the error,
101 otherwise returns false.
108 my $error = $self->check;
109 return $error if $error;
111 local $SIG{HUP} = 'IGNORE';
112 local $SIG{INT} = 'IGNORE';
113 local $SIG{QUIT} = 'IGNORE';
114 local $SIG{TERM} = 'IGNORE';
115 local $SIG{TSTP} = 'IGNORE';
116 local $SIG{PIPE} = 'IGNORE';
118 my $oldAutoCommit = $FS::UID::AutoCommit;
119 local $FS::UID::AutoCommit = 0;
123 $dbh->rollback or die $dbh->errstr if $oldAutoCommit;
127 $error = $self->SUPER::insert(@_);
130 $dbh->rollback or die $dbh->errstr if $oldAutoCommit;
133 $dbh->commit or die $dbh->errstr if $oldAutoCommit;
141 Delete this record from the database.
148 local $SIG{HUP} = 'IGNORE';
149 local $SIG{INT} = 'IGNORE';
150 local $SIG{QUIT} = 'IGNORE';
151 local $SIG{TERM} = 'IGNORE';
152 local $SIG{TSTP} = 'IGNORE';
153 local $SIG{PIPE} = 'IGNORE';
155 my $oldAutoCommit = $FS::UID::AutoCommit;
156 local $FS::UID::AutoCommit = 0;
159 my $error = $self->SUPER::delete(@_);
162 $dbh->rollback or die $dbh->errstr if $oldAutoCommit;
165 $dbh->commit or die $dbh->errstr if $oldAutoCommit;
171 =item replace OLD_RECORD
173 Replaces the OLD_RECORD with this one in the database. If there is an error,
174 returns the error, otherwise returns false.
181 my $old = ( ref($_[0]) eq ref($new) )
185 local $SIG{HUP} = 'IGNORE';
186 local $SIG{INT} = 'IGNORE';
187 local $SIG{QUIT} = 'IGNORE';
188 local $SIG{TERM} = 'IGNORE';
189 local $SIG{TSTP} = 'IGNORE';
190 local $SIG{PIPE} = 'IGNORE';
192 my $oldAutoCommit = $FS::UID::AutoCommit;
193 local $FS::UID::AutoCommit = 0;
196 return "Must change password when enabling this account"
197 if $old->disabled && !$new->disabled
198 && ( $new->_password =~ /changeme/i
199 || $new->_password eq 'notyet'
202 my $error = $new->SUPER::replace($old, @_);
205 $dbh->rollback or die $dbh->errstr if $oldAutoCommit;
208 $dbh->commit or die $dbh->errstr if $oldAutoCommit;
216 Checks all fields to make sure this is a valid internal access user. If there is
217 an error, returns the error, otherwise returns false. Called by the insert
222 # the check method should currently be supplied - FS::Record contains some
223 # data checking routines
229 $self->ut_numbern('usernum')
230 || $self->ut_alpha_lower('username')
231 || $self->ut_textn('_password')
232 || $self->ut_textn('last')
233 || $self->ut_textn('first')
234 || $self->ut_foreign_keyn('user_custnum', 'cust_main', 'custnum')
235 || $self->ut_foreign_keyn('report_salesnum', 'sales', 'salesnum')
236 || $self->ut_enum('disabled', [ '', 'Y' ] )
238 return $error if $error;
245 Returns a name string for this user: "Last, First".
251 return $self->username
252 if $self->get('last') eq 'Lastname' && $self->first eq 'Firstname'
253 or $self->get('last') eq '' && $self->first eq '';
254 return $self->get('last'). ', '. $self->first;
259 Returns the FS::cust_main object (see L<FS::cust_main>), if any, for this
266 qsearchs( 'cust_main', { 'custnum' => $self->user_custnum } );
271 Returns the FS::sales object (see L<FS::sales>), if any, for this
278 qsearchs( 'sales', { 'salesnum' => $self->report_salesnum } );
281 =item access_usergroup
283 Returns links to the the groups this user is a part of, as FS::access_usergroup
284 objects (see L<FS::access_usergroup>).
288 Returns a list of agentnums this user can view (via group membership).
294 my $sth = dbh->prepare(
295 "SELECT DISTINCT agentnum FROM access_usergroup
296 JOIN access_groupagent USING ( groupnum )
298 ) or die dbh->errstr;
299 $sth->execute($self->usernum) or die $sth->errstr;
300 map { $_->[0] } @{ $sth->fetchall_arrayref };
305 Returns a hashref of agentnums this user can view.
311 scalar( { map { $_ => 1 } $self->agentnums } );
314 =item agentnums_sql [ HASHREF | OPTION => VALUE ... ]
316 Returns an sql fragement to select only agentnums this user can view.
318 Options are passed as a hashref or a list. Available options are:
324 The frament will also allow the selection of null agentnums.
328 The fragment will also allow the selection of null agentnums if the current
329 user has the provided access right
333 Optional table name in which agentnum is being checked. Sometimes required to
334 resolve 'column reference "agentnum" is ambiguous' errors.
338 All agents will be viewable if the current user has the provided access right.
339 Defaults to 'View customers of all agents'.
347 my %opt = ref($_[0]) ? %{$_[0]} : @_;
349 my $agentnum = $opt{'table'} ? $opt{'table'}.'.agentnum' : 'agentnum';
353 my $viewall_right = $opt{'viewall_right'} || 'View customers of all agents';
354 if ( $self->access_right($viewall_right) ) {
355 push @or, "$agentnum IS NOT NULL";
357 push @or, "$agentnum IN (". join(',', $self->agentnums). ')';
360 push @or, "$agentnum IS NULL"
362 || ( $opt{'null_right'} && $self->access_right($opt{'null_right'}) );
364 return ' 1 = 0 ' unless scalar(@or);
365 '( '. join( ' OR ', @or ). ' )';
371 Returns true if the user can view the specified agent.
376 my( $self, $agentnum ) = @_;
377 my $sth = dbh->prepare(
378 "SELECT COUNT(*) FROM access_usergroup
379 JOIN access_groupagent USING ( groupnum )
380 WHERE usernum = ? AND agentnum = ?"
381 ) or die dbh->errstr;
382 $sth->execute($self->usernum, $agentnum) or die $sth->errstr;
383 $sth->fetchrow_arrayref->[0];
386 =item agents [ HASHREF | OPTION => VALUE ... ]
388 Returns the list of agents this user can view (via group membership), as
389 FS::agent objects. Accepts the same options as the agentnums_sql method.
397 'hashref' => { disabled=>'' },
398 'extra_sql' => ' AND '. $self->agentnums_sql(@_),
399 'order_by' => 'ORDER BY agent',
403 =item access_right RIGHTNAME | LISTREF
405 Given a right name or a list reference of right names, returns true if this
406 user has this right, or, for a list, one of the rights (currently via group
407 membership, eventually also via user overrides).
412 my( $self, $rightname ) = @_;
414 $rightname = [ $rightname ] unless ref($rightname);
416 warn "$me access_right called on ". join(', ', @$rightname). "\n"
419 #some caching of ACL requests for low-hanging fruit perf improvement
420 #since we get a new $CurrentUser object each page view there shouldn't be any
421 #issues with stickiness
422 if ( $self->{_ACLcache} ) {
424 unless ( grep !exists($self->{_ACLcache}{$_}), @$rightname ) {
425 warn "$me ACL cache hit for ". join(', ', @$rightname). "\n"
427 return scalar( grep $self->{_ACLcache}{$_}, @$rightname );
430 warn "$me ACL cache miss for ". join(', ', @$rightname). "\n"
435 warn "initializing ACL cache\n"
437 $self->{_ACLcache} = {};
441 my $has_right = ' rightname IN ('. join(',', map '?', @$rightname ). ') ';
443 my $sth = dbh->prepare("
444 SELECT groupnum FROM access_usergroup
445 LEFT JOIN access_group USING ( groupnum )
446 LEFT JOIN access_right
447 ON ( access_group.groupnum = access_right.rightobjnum )
449 AND righttype = 'FS::access_group'
452 ") or die dbh->errstr;
453 $sth->execute($self->usernum, @$rightname) or die $sth->errstr;
454 my $row = $sth->fetchrow_arrayref;
456 my $return = $row ? $row->[0] : '';
458 #just caching the single-rightname hits should be enough of a win for now
459 if ( scalar(@$rightname) == 1 ) {
460 $self->{_ACLcache}{${$rightname}[0]} = $return;
467 =item default_customer_view
469 Returns the default customer view for this user, from the
470 "default_customer_view" user preference, the "cust_main-default_view" config,
471 or the hardcoded default, "basics" (formerly "jumbo" prior to 3.0).
475 sub default_customer_view {
478 $self->option('default_customer_view')
479 || FS::Conf->new->config('cust_main-default_view')
480 || 'basics'; #s/jumbo/basics/ starting with 3.0
484 =item spreadsheet_format [ OVERRIDE ]
486 Returns a hashref of this user's Excel spreadsheet download settings:
487 'extension' (xls or xlsx), 'class' (Spreadsheet::WriteExcel or
488 Excel::Writer::XLSX), and 'mime_type'. If OVERRIDE is 'XLS' or 'XLSX',
489 use that instead of the user's setting.
493 # is there a better place to put this?
497 class => 'Spreadsheet::WriteExcel',
498 mime_type => 'application/vnd.ms-excel',
501 extension => '.xlsx',
502 class => 'Excel::Writer::XLSX',
503 mime_type => # it's on wikipedia, it must be true
504 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
508 sub spreadsheet_format {
510 my $override = shift;
513 || $self->option('spreadsheet_format')
514 || FS::Conf->new->config('spreadsheet_format')
522 Returns true if this user has the name of a known system account. These
523 users cannot log into the web interface and can't have passwords set.
529 return grep { $_ eq $self->username } ( qw(
540 =item change_password NEW_PASSWORD
544 sub change_password {
545 #my( $self, $password ) = @_;
546 #FS::Auth->auth_class->change_password( $self, $password );
547 FS::Auth->auth_class->change_password( @_ );
550 =item change_password_fields NEW_PASSWORD
554 sub change_password_fields {
555 #my( $self, $password ) = @_;
556 #FS::Auth->auth_class->change_password_fields( $self, $password );
557 FS::Auth->auth_class->change_password_fields( @_ );
566 L<FS::Record>, schema.html from the base documentation.