X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2Faccess_user.pm;h=25aa8af01420a8dac5d307d8c4bc09f3f88e032c;hb=f8f4c51eaa6f5aa3d49672fe7a17f19fa22494c0;hp=63ae30d36f76f6505f2f2443e5a941b97ab452e3;hpb=df676d82034cb63ff357f8d8ed0f95ce788fb98b;p=freeside.git diff --git a/FS/FS/access_user.pm b/FS/FS/access_user.pm index 63ae30d36..25aa8af01 100644 --- a/FS/FS/access_user.pm +++ b/FS/FS/access_user.pm @@ -1,22 +1,22 @@ package FS::access_user; use strict; -use vars qw( @ISA $htpasswd_file ); +use base qw( FS::m2m_Common FS::option_Common ); +use vars qw( $DEBUG $me $conf $htpasswd_file ); use FS::UID; use FS::Conf; use FS::Record qw( qsearch qsearchs dbh ); -use FS::m2m_Common; -use FS::option_Common; use FS::access_user_pref; use FS::access_usergroup; use FS::agent; +use FS::cust_main; -@ISA = qw( FS::m2m_Common FS::option_Common FS::Record ); -#@ISA = qw( FS::m2m_Common FS::option_Common ); +$DEBUG = 0; +$me = '[FS::access_user]'; #kludge htpasswd for now (i hope this bootstraps okay) FS::UID->install_callback( sub { - my $conf = new FS::Conf; + $conf = new FS::Conf; $htpasswd_file = $conf->base_dir. '/htpasswd'; } ); @@ -41,8 +41,8 @@ FS::access_user - Object methods for access_user records =head1 DESCRIPTION -An FS::access_user object represents an internal access user. FS::access_user inherits from -FS::Record. The following fields are currently supported: +An FS::access_user object represents an internal access user. FS::access_user +inherits from FS::Record. The following fields are currently supported: =over 4 @@ -217,6 +217,9 @@ sub replace { $dbh->rollback or die $dbh->errstr if $oldAutoCommit; return $error; } + } elsif ( $old->disabled && !$new->disabled + && $new->_password =~ /changeme/i ) { + return "Must change password when enabling this account"; } my $error = $new->SUPER::replace($old, @_); @@ -251,6 +254,7 @@ sub check { || $self->ut_text('_password') || $self->ut_text('last') || $self->ut_text('first') + || $self->ut_foreign_keyn('user_custnum', 'cust_main', 'custnum') || $self->ut_enum('disabled', [ '', 'Y' ] ) ; return $error if $error; @@ -269,8 +273,23 @@ sub name { $self->get('last'). ', '. $self->first; } +=item user_cust_main + +Returns the FS::cust_main object (see L), if any, for this +user. + +=cut + +sub user_cust_main { + my $self = shift; + qsearchs( 'cust_main', { 'custnum' => $self->user_custnum } ); +} + =item access_usergroup +Returns links to the the groups this user is a part of, as FS::access_usergroup +objects (see L). + =cut sub access_usergroup { @@ -344,6 +363,11 @@ user has the provided access right Optional table name in which agentnum is being checked. Sometimes required to resolve 'column reference "agentnum" is ambiguous' errors. +=item viewall_right + +All agents will be viewable if the current user has the provided access right. +Defaults to 'View customers of all agents'. + =back =cut @@ -354,16 +378,21 @@ sub agentnums_sql { my $agentnum = $opt{'table'} ? $opt{'table'}.'.agentnum' : 'agentnum'; -# my @agentnums = map { "$agentnum = $_" } $self->agentnums; - my @agentnums = (); - push @agentnums, "$agentnum IN (". join(',', $self->agentnums). ')'; + my @or = (); - push @agentnums, "$agentnum IS NULL" + my $viewall_right = $opt{'viewall_right'} || 'View customers of all agents'; + if ( $self->access_right($viewall_right) ) { + push @or, "$agentnum IS NOT NULL"; + } else { + push @or, "$agentnum IN (". join(',', $self->agentnums). ')'; + } + + push @or, "$agentnum IS NULL" if $opt{'null'} || ( $opt{'null_right'} && $self->access_right($opt{'null_right'}) ); - return ' 1 = 0 ' unless scalar(@agentnums); - '( '. join( ' OR ', @agentnums ). ' )'; + return ' 1 = 0 ' unless scalar(@or); + '( '. join( ' OR ', @or ). ' )'; } @@ -413,16 +442,29 @@ sub access_right { $rightname = [ $rightname ] unless ref($rightname); + warn "$me access_right called on ". join(', ', @$rightname). "\n" + if $DEBUG; + #some caching of ACL requests for low-hanging fruit perf improvement #since we get a new $CurrentUser object each page view there shouldn't be any #issues with stickiness if ( $self->{_ACLcache} ) { - return grep $self->{_ACLcache}{$_}, @$rightname - unless grep !exists($self->{_ACLcache}{$_}), @$rightname; + unless ( grep !exists($self->{_ACLcache}{$_}), @$rightname ) { + warn "$me ACL cache hit for ". join(', ', @$rightname). "\n" + if $DEBUG; + return grep $self->{_ACLcache}{$_}, @$rightname + } + + warn "$me ACL cache miss for ". join(', ', @$rightname). "\n" + if $DEBUG; } else { + + warn "initializing ACL cache\n" + if $DEBUG; $self->{_ACLcache} = {}; + } my $has_right = ' rightname IN ('. join(',', map '?', @$rightname ). ') '; @@ -440,8 +482,31 @@ sub access_right { $sth->execute($self->usernum, @$rightname) or die $sth->errstr; my $row = $sth->fetchrow_arrayref; - #$row ? $row->[0] : ''; - $self->{_ACLcache}{$rightname} = ( $row ? $row->[0] : '' ); + my $return = $row ? $row->[0] : ''; + + #just caching the single-rightname hits should be enough of a win for now + if ( scalar(@$rightname) == 1 ) { + $self->{_ACLcache}{${$rightname}[0]} = $return; + } + + $return; + +} + +=item default_customer_view + +Returns the default customer view for this user, from the +"default_customer_view" user preference, the "cust_main-default_view" config, +or the hardcoded default, "jumbo" (may change to "basics" in the near future). + +=cut + +sub default_customer_view { + my $self = shift; + + $self->option('default_customer_view') + || $conf->config('cust_main-default_view') + || 'jumbo'; #'basics' in 1.9.1? }