X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2Faccess_user.pm;h=21ed2b726b14c9a456c0d5949eba070ae2781c07;hb=1804c24af6b02e25415dbf27fc75b3399ba79fde;hp=9128c42ddaecbe1744b4b3ddd5730be54570b073;hpb=f36c3ae28954bb1b8ea6c10cf596720bc2c94d92;p=freeside.git diff --git a/FS/FS/access_user.pm b/FS/FS/access_user.pm index 9128c42dd..21ed2b726 100644 --- a/FS/FS/access_user.pm +++ b/FS/FS/access_user.pm @@ -90,6 +90,9 @@ otherwise returns false. sub insert { my $self = shift; + my $error = $self->check; + return $error if $error; + local $SIG{HUP} = 'IGNORE'; local $SIG{INT} = 'IGNORE'; local $SIG{QUIT} = 'IGNORE'; @@ -101,7 +104,7 @@ sub insert { local $FS::UID::AutoCommit = 0; my $dbh = dbh; - my $error = $self->htpasswd_kludge(); + $error = $self->htpasswd_kludge(); if ( $error ) { $dbh->rollback or die $dbh->errstr if $oldAutoCommit; return $error; @@ -111,7 +114,14 @@ sub insert { if ( $error ) { $dbh->rollback or die $dbh->errstr if $oldAutoCommit; + + #make sure it isn't a dup username? or you could nuke people's passwords + #blah. really just should do our own login w/cookies + #and auth out of the db in the first place + #my $hterror = $self->htpasswd_kludge('-D'); + #$error .= " - additionally received error cleaning up htpasswd file: $hterror" return $error; + } else { $dbh->commit or die $dbh->errstr if $oldAutoCommit; ''; @@ -208,7 +218,7 @@ sub replace { } } - $error = $new->SUPER::replace($old, @_); + my $error = $new->SUPER::replace($old, @_); if ( $error ) { $dbh->rollback or die $dbh->errstr if $oldAutoCommit; @@ -236,7 +246,7 @@ sub check { my $error = $self->ut_numbern('usernum') - || $self->ut_alpha('username') + || $self->ut_alpha_lower('username') || $self->ut_text('_password') || $self->ut_text('last') || $self->ut_text('first') @@ -308,22 +318,46 @@ Returns a hashref of agentnums this user can view. sub agentnums_href { my $self = shift; - { map { $_ => 1 } $self->agentnums }; + scalar( { map { $_ => 1 } $self->agentnums } ); } -=item agentnums_sql +=item agentnums_sql [ HASHREF | OPTION => VALUE ... ] Returns an sql fragement to select only agentnums this user can view. +Options are passed as a hashref or a list. Available options are: + +=over 4 + +=item null + +The frament will also allow the selection of null agentnums. + +=item null_right + +The fragment will also allow the selection of null agentnums if the current +user has the provided access right + +=item table + +Optional table name in which agentnum is being checked. Sometimes required to +resolve 'column reference "agentnum" is ambiguous' errors. + +=back + =cut sub agentnums_sql { - my $self = shift; + my( $self ) = shift; + my %opt = ref($_[0]) ? %{$_[0]} : @_; + + my $agentnum = $opt{'table'} ? $opt{'table'}.'.agentnum' : 'agentnum'; - my @agentnums = map { "agentnum = $_" } $self->agentnums; + my @agentnums = map { "$agentnum = $_" } $self->agentnums; - push @agentnums, 'agentnum IS NULL' - if $self->access_right('View/link unlinked services'); + push @agentnums, "$agentnum IS NULL" + if $opt{'null'} + || ( $opt{'null_right'} && $self->access_right($opt{'null_right'}) ); return ' 1 = 0 ' unless scalar(@agentnums); '( '. join( ' OR ', @agentnums ). ' )'; @@ -371,6 +405,17 @@ group membership, eventually also via user overrides). sub access_right { my( $self, $rightname ) = @_; + + #some caching of ACL requests for low-hanging fruit perf improvement + #since we get a new $CurrentUser object each page view there shouldn't be any + #issues with stickiness + if ( $self->{_ACLcache} ) { + return $self->{_ACLcache}{$rightname} + if exists($self->{_ACLcache}{$rightname}); + } else { + $self->{_ACLcache} = {}; + } + my $sth = dbh->prepare(" SELECT groupnum FROM access_usergroup LEFT JOIN access_group USING ( groupnum ) @@ -379,10 +424,14 @@ sub access_right { WHERE usernum = ? AND righttype = 'FS::access_group' AND rightname = ? + LIMIT 1 ") or die dbh->errstr; $sth->execute($self->usernum, $rightname) or die $sth->errstr; my $row = $sth->fetchrow_arrayref; - $row ? $row->[0] : ''; + + #$row ? $row->[0] : ''; + $self->{_ACLcache}{$rightname} = ( $row ? $row->[0] : '' ); + } =back