-# $Header: /home/cvs/cvsroot/freeside/rt/lib/RT/CurrentUser.pm,v 1.1 2002-08-12 06:17:07 ivan Exp $
-# (c) 1996-1999 Jesse Vincent <jesse@fsck.com>
-# This software is redistributable under the terms of the GNU GPL
+# BEGIN BPS TAGGED BLOCK {{{
+#
+# COPYRIGHT:
+#
+# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+# <sales@bestpractical.com>
+#
+# (Except where explicitly superseded by other copyright notices)
+#
+#
+# LICENSE:
+#
+# This work is made available to you under the terms of Version 2 of
+# the GNU General Public License. A copy of that license should have
+# been provided with this software, but in any event can be snarfed
+# from www.gnu.org.
+#
+# This work is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+#
+#
+# CONTRIBUTION SUBMISSION POLICY:
+#
+# (The following paragraph is not intended to limit the rights granted
+# to you to modify and distribute this software under the terms of
+# the GNU General Public License and is only of importance to you if
+# you choose to contribute your changes and enhancements to the
+# community by submitting them to Best Practical Solutions, LLC.)
+#
+# By intentionally submitting any modifications, corrections or
+# derivatives to this work, or any other work intended for use with
+# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+# you are the copyright holder for those contributions and you grant
+# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
+# royalty-free, perpetual, license to use, copy, create derivative
+# works based on those contributions, and sublicense and distribute
+# those contributions and any derivatives thereof.
+#
+# END BPS TAGGED BLOCK }}}
=head1 NAME
=head1 SYNOPSIS
- use RT::CurrentUser
+ use RT::CurrentUser;
+
+ # laod
+ my $current_user = new RT::CurrentUser;
+ $current_user->Load(...);
+ # or
+ my $current_user = RT::CurrentUser->new( $user_obj );
+ # or
+ my $current_user = RT::CurrentUser->new( $address || $name || $id );
+
+ # manipulation
+ $current_user->UserObj->SetName('new_name');
=head1 DESCRIPTION
+B<Read-only> subclass of L<RT::User> class. Used to define the current
+user. You should pass an instance of this class to constructors of
+many RT classes, then the instance used to check ACLs and localize
+strings.
=head1 METHODS
+See also L<RT::User> for a list of methods this class has.
-=begin testing
+=head2 new
-ok (require RT::TestHarness);
-ok (require RT::CurrentUser);
-
-=end testing
+Returns new CurrentUser object. Unlike all other classes of RT it takes
+either subclass of C<RT::User> class object or scalar value that is
+passed to Load method.
=cut
package RT::CurrentUser;
-use RT::Record;
-@ISA= qw(RT::Record);
+use RT::I18N;
+
+use strict;
+use warnings;
-# {{{ sub _Init
+use base qw/RT::User/;
#The basic idea here is that $self->CurrentUser is always supposed
# to be a CurrentUser object. but that's hard to do when we're trying to load
# the CurrentUser object
-sub _Init {
- my $self = shift;
- my $Name = shift;
-
- $self->{'table'} = "Users";
+sub _Init {
+ my $self = shift;
+ my $User = shift;
+
+ $self->{'table'} = "Users";
+
+ if ( defined $User ) {
+
+ if ( UNIVERSAL::isa( $User, 'RT::User' ) ) {
+ $self->LoadById( $User->id );
+ }
+ elsif ( ref $User ) {
+ $RT::Logger->crit(
+ "RT::CurrentUser->new() called with a bogus argument: $User");
+ }
+ else {
+ $self->Load( $User );
+ }
+ }
- if (defined($Name)) {
- $self->Load($Name);
- }
-
- $self->_MyCurrentUser($self);
+ $self->_BuildTableAttributes;
}
-# }}}
-# {{{ sub Create
+=head2 Create, Delete and Set*
-sub Create {
- return (0, 'Permission Denied');
-}
+As stated above it's a subclass of L<RT::User>, but this class is read-only
+and calls to these methods are illegal. Return 'permission denied' message
+and log an error.
-# }}}
+=cut
-# {{{ sub Delete
+sub Create {
+ my $self = shift;
+ $RT::Logger->error('RT::CurrentUser is read-only, RT::User for manipulation');
+ return (0, $self->loc('Permission Denied'));
+}
sub Delete {
- return (0, 'Permission Denied');
+ my $self = shift;
+ $RT::Logger->error('RT::CurrentUser is read-only, RT::User for manipulation');
+ return (0, $self->loc('Permission Denied'));
}
-# }}}
-
-# {{{ sub UserObj
+sub _Set {
+ my $self = shift;
+ $RT::Logger->error('RT::CurrentUser is read-only, RT::User for manipulation');
+ return (0, $self->loc('Permission Denied'));
+}
=head2 UserObj
- Returns the RT::User object associated with this CurrentUser object.
+Returns the L<RT::User> object associated with this CurrentUser object.
=cut
sub UserObj {
my $self = shift;
-
- unless ($self->{'UserObj'}) {
- use RT::User;
- $self->{'UserObj'} = RT::User->new($self);
- unless ($self->{'UserObj'}->Load($self->Id)) {
- $RT::Logger->err("Couldn't load ".$self->Id. "from the users database.\n");
- }
-
+
+ my $user = RT::User->new( $self );
+ unless ( $user->LoadById( $self->Id ) ) {
+ $RT::Logger->error(
+ $self->loc("Couldn't load [_1] from the users database.\n", $self->Id)
+ );
}
- return ($self->{'UserObj'});
-}
-# }}}
-
-# {{{ sub _Accessible
-sub _Accessible {
- my $self = shift;
- my %Cols = (
- Name => 'read',
- Gecos => 'read',
- RealName => 'read',
- Password => 'neither',
- EmailAddress => 'read',
- Privileged => 'read',
- IsAdministrator => 'read'
- );
- return($self->SUPER::_Accessible(@_, %Cols));
+ return $user;
}
-# }}}
-
-# {{{ sub LoadByEmail
-=head2 LoadByEmail
-
-Loads a User into this CurrentUser object.
-Takes the email address of the user to load.
-
-=cut
-
-sub LoadByEmail {
- my $self = shift;
- my $identifier = shift;
-
- $self->LoadByCol("EmailAddress",$identifier);
-
+sub _CoreAccessible {
+ {
+ Name => { 'read' => 1 },
+ Gecos => { 'read' => 1 },
+ RealName => { 'read' => 1 },
+ Lang => { 'read' => 1 },
+ Password => { 'read' => 0, 'write' => 0 },
+ EmailAddress => { 'read' => 1, 'write' => 0 }
+ };
+
}
-# }}}
-
-# {{{ sub LoadByGecos
=head2 LoadByGecos
sub LoadByGecos {
my $self = shift;
- my $identifier = shift;
-
- $self->LoadByCol("Gecos",$identifier);
-
+ return $self->LoadByCol( "Gecos", shift );
}
-# }}}
-
-# {{{ sub LoadByName
=head2 LoadByName
Loads a User into this CurrentUser object.
Takes a Name.
+
=cut
sub LoadByName {
my $self = shift;
- my $identifier = shift;
- $self->LoadByCol("Name",$identifier);
-
+ return $self->LoadByCol( "Name", shift );
}
-# }}}
-# {{{ sub Load
+=head2 LanguageHandle
-=head2 Load
+Returns this current user's langauge handle. Should take a language
+specification. but currently doesn't
-Loads a User into this CurrentUser object.
-Takes either an integer (users id column reference) or a Name
-The latter is deprecated. Instead, you should use LoadByName.
-Formerly, this routine also took email addresses.
+=cut
-=cut
+sub LanguageHandle {
+ my $self = shift;
+ if ( !defined $self->{'LangHandle'}
+ || !UNIVERSAL::can( $self->{'LangHandle'}, 'maketext' )
+ || @_ )
+ {
+ if ( my $lang = $self->Lang ) {
+ push @_, $lang;
+ }
+ elsif ( $self->id && ($self->id == ($RT::SystemUser->id||0) || $self->id == ($RT::Nobody->id||0)) ) {
+ # don't use ENV magic for system users
+ push @_, 'en';
+ }
+
+ $self->{'LangHandle'} = RT::I18N->get_handle(@_);
+ }
-sub Load {
- my $self = shift;
- my $identifier = shift;
-
- #if it's an int, load by id. otherwise, load by name.
- if ($identifier !~ /\D/) {
- $self->SUPER::LoadById($identifier);
- }
- else {
- # This is a bit dangerous, we might get false authen if somebody
- # uses ambigous userids or real names:
- $self->LoadByCol("Name",$identifier);
- }
+ # Fall back to english.
+ unless ( $self->{'LangHandle'} ) {
+ die "We couldn't get a dictionary. Ne mogu naidti slovar. No puedo encontrar dictionario.";
+ }
+ return $self->{'LangHandle'};
}
-# }}}
+sub loc {
+ my $self = shift;
+ return '' if !defined $_[0] || $_[0] eq '';
-# {{{ sub IsPassword
+ my $handle = $self->LanguageHandle;
-=head2 IsPassword
+ if (@_ == 1) {
+ # pre-scan the lexicon hashes to return _AUTO keys verbatim,
+ # to keep locstrings containing '[' and '~' from tripping over Maketext
+ return $_[0] unless grep exists $_->{$_[0]}, @{ $handle->_lex_refs };
+ }
-Takes a password as a string. Passes it off to IsPassword in this
-user's UserObj. If it is the user's password and the user isn't
-disabled, returns 1.
+ return $handle->maketext(@_);
+}
-Otherwise, returns undef.
+sub loc_fuzzy {
+ my $self = shift;
+ return '' if !defined $_[0] || $_[0] eq '';
-=cut
+ # XXX: work around perl's deficiency when matching utf8 data
+ return $_[0] if Encode::is_utf8($_[0]);
-sub IsPassword {
- my $self = shift;
- my $value = shift;
-
- return ($self->UserObj->IsPassword($value));
+ return $self->LanguageHandle->maketext_fuzzy( @_ );
}
-# }}}
-
-# {{{ sub Privileged
+=head2 CurrentUser
-=head2 Privileged
-
-Returns true if the current user can be granted rights and be
-a member of groups.
+Return the current currentuser object
=cut
-sub Privileged {
+sub CurrentUser {
my $self = shift;
- return ($self->UserObj->Privileged());
-}
+ return($self);
-# }}}
+}
-# {{{ Convenient ACL methods
+=head2 Authenticate
-=head2 HasQueueRight
+Takes $password, $created and $nonce, and returns a boolean value
+representing whether the authentication succeeded.
-calls $self->UserObj->HasQueueRight with the arguments passed in
+If both $nonce and $created are specified, validate $password against:
-=cut
+ encode_base64(sha1(
+ $nonce .
+ $created .
+ sha1_hex( "$username:$realm:$server_pass" )
+ ))
-sub HasQueueRight {
- my $self = shift;
- return ($self->UserObj->HasQueueRight(@_));
-}
-
-=head2 HasSystemRight
-
-calls $self->UserObj->HasSystemRight with the arguments passed in
+where $server_pass is the md5_hex(password) digest stored in the
+database, $created is in ISO time format, and $nonce is a random
+string no longer than 32 bytes.
=cut
+sub Authenticate {
+ my ($self, $password, $created, $nonce, $realm) = @_;
-sub HasSystemRight {
- my $self = shift;
- return ($self->UserObj->HasSystemRight(@_));
-}
-# }}}
-
-# {{{ sub HasRight
-
-=head2 HasSystemRight
+ require Digest::MD5;
+ require Digest::SHA1;
+ require MIME::Base64;
-calls $self->UserObj->HasRight with the arguments passed in
+ my $username = $self->UserObj->Name or return;
+ my $server_pass = $self->UserObj->__Value('Password') or return;
+ my $auth_digest = MIME::Base64::encode_base64(Digest::SHA1::sha1(
+ $nonce .
+ $created .
+ Digest::MD5::md5_hex("$username:$realm:$server_pass")
+ ));
-=cut
+ chomp($password);
+ chomp($auth_digest);
-sub HasRight {
- my $self = shift;
- return ($self->UserObj->HasRight(@_));
+ return ($password eq $auth_digest);
}
-# }}}
+RT::Base->_ImportOverlays();
1;
-