package FS::access_user;
use strict;
-use vars qw( @ISA $htpasswd_file );
+use base qw( FS::m2m_Common FS::option_Common );
+use vars qw( $DEBUG $me $conf );
use FS::UID;
+use FS::Auth;
use FS::Conf;
use FS::Record qw( qsearch qsearchs dbh );
-use FS::m2m_Common;
-use FS::option_Common;
+use FS::access_user_pref;
use FS::access_usergroup;
use FS::agent;
+use FS::cust_main;
-@ISA = qw( FS::m2m_Common FS::option_Common FS::Record );
-#@ISA = qw( FS::m2m_Common FS::option_Common );
-
-#kludge htpasswd for now (i hope this bootstraps okay)
-FS::UID->install_callback( sub {
- my $conf = new FS::Conf;
- $htpasswd_file = $conf->base_dir. '/htpasswd';
-} );
+$DEBUG = 0;
+$me = '[FS::access_user]';
=head1 NAME
=head1 DESCRIPTION
-An FS::access_user object represents an internal access user. FS::access_user inherits from
-FS::Record. The following fields are currently supported:
+An FS::access_user object represents an internal access user. FS::access_user
+inherits from FS::Record. The following fields are currently supported:
=over 4
sub insert {
my $self = shift;
+ my $error = $self->check;
+ return $error if $error;
+
local $SIG{HUP} = 'IGNORE';
local $SIG{INT} = 'IGNORE';
local $SIG{QUIT} = 'IGNORE';
local $FS::UID::AutoCommit = 0;
my $dbh = dbh;
- my $error = $self->htpasswd_kludge();
if ( $error ) {
$dbh->rollback or die $dbh->errstr if $oldAutoCommit;
return $error;
}
-sub htpasswd_kludge {
- my $self = shift;
-
- #awful kludge to skip setting htpasswd for fs_* users
- return '' if $self->username =~ /^fs_/;
-
- unshift @_, '-c' unless -e $htpasswd_file;
- if (
- system('htpasswd', '-b', @_,
- $htpasswd_file,
- $self->username,
- $self->_password,
- ) == 0
- )
- {
- return '';
- } else {
- return 'htpasswd exited unsucessfully';
- }
-}
-
=item delete
Delete this record from the database.
local $FS::UID::AutoCommit = 0;
my $dbh = dbh;
- my $error =
- $self->SUPER::delete(@_)
- || $self->htpasswd_kludge('-D')
- ;
+ my $error = $self->SUPER::delete(@_);
if ( $error ) {
$dbh->rollback or die $dbh->errstr if $oldAutoCommit;
local $FS::UID::AutoCommit = 0;
my $dbh = dbh;
- my $error = $new->htpasswd_kludge();
- if ( $error ) {
- $dbh->rollback or die $dbh->errstr if $oldAutoCommit;
- return $error;
- }
+ return "Must change password when enabling this account"
+ if $old->disabled && !$new->disabled
+ && ( $new->_password =~ /changeme/i
+ || $new->_password eq 'notyet'
+ );
- $error = $new->SUPER::replace($old, @_);
+ my $error = $new->SUPER::replace($old, @_);
if ( $error ) {
$dbh->rollback or die $dbh->errstr if $oldAutoCommit;
my $error =
$self->ut_numbern('usernum')
- || $self->ut_alpha('username')
- || $self->ut_text('_password')
- || $self->ut_text('last')
- || $self->ut_text('first')
+ || $self->ut_alpha_lower('username')
+ || $self->ut_textn('_password')
+ || $self->ut_textn('last')
+ || $self->ut_textn('first')
+ || $self->ut_foreign_keyn('user_custnum', 'cust_main', 'custnum')
|| $self->ut_enum('disabled', [ '', 'Y' ] )
;
return $error if $error;
sub name {
my $self = shift;
- $self->get('last'). ', '. $self->first;
+ return $self->username
+ if $self->get('last') eq 'Lastname' && $self->first eq 'Firstname'
+ or $self->get('last') eq '' && $self->first eq '';
+ return $self->get('last'). ', '. $self->first;
+}
+
+=item user_cust_main
+
+Returns the FS::cust_main object (see L<FS::cust_main>), if any, for this
+user.
+
+=cut
+
+sub user_cust_main {
+ my $self = shift;
+ qsearchs( 'cust_main', { 'custnum' => $self->user_custnum } );
}
=item access_usergroup
+Returns links to the the groups this user is a part of, as FS::access_usergroup
+objects (see L<FS::access_usergroup>).
+
=cut
sub access_usergroup {
sub agentnums_href {
my $self = shift;
- { map { $_ => 1 } $self->agentnums };
+ scalar( { map { $_ => 1 } $self->agentnums } );
}
-=item agentnums_sql
+=item agentnums_sql [ HASHREF | OPTION => VALUE ... ]
Returns an sql fragement to select only agentnums this user can view.
+Options are passed as a hashref or a list. Available options are:
+
+=over 4
+
+=item null
+
+The frament will also allow the selection of null agentnums.
+
+=item null_right
+
+The fragment will also allow the selection of null agentnums if the current
+user has the provided access right
+
+=item table
+
+Optional table name in which agentnum is being checked. Sometimes required to
+resolve 'column reference "agentnum" is ambiguous' errors.
+
+=item viewall_right
+
+All agents will be viewable if the current user has the provided access right.
+Defaults to 'View customers of all agents'.
+
+=back
+
=cut
sub agentnums_sql {
- my $self = shift;
+ my( $self ) = shift;
+ my %opt = ref($_[0]) ? %{$_[0]} : @_;
- my @agentnums = map { "agentnum = $_" } $self->agentnums;
+ my $agentnum = $opt{'table'} ? $opt{'table'}.'.agentnum' : 'agentnum';
- push @agentnums, 'agentnum IS NULL'
- if $self->access_right('View/link unlinked services');
+ my @or = ();
+
+ my $viewall_right = $opt{'viewall_right'} || 'View customers of all agents';
+ if ( $self->access_right($viewall_right) ) {
+ push @or, "$agentnum IS NOT NULL";
+ } else {
+ push @or, "$agentnum IN (". join(',', $self->agentnums). ')';
+ }
+
+ push @or, "$agentnum IS NULL"
+ if $opt{'null'}
+ || ( $opt{'null_right'} && $self->access_right($opt{'null_right'}) );
+
+ return ' 1 = 0 ' unless scalar(@or);
+ '( '. join( ' OR ', @or ). ' )';
- return ' 1 = 0 ' unless scalar(@agentnums);
- '( '. join( ' OR ', @agentnums ). ' )';
}
=item agentnum
$sth->fetchrow_arrayref->[0];
}
-=item agents
+=item agents [ HASHREF | OPTION => VALUE ... ]
Returns the list of agents this user can view (via group membership), as
-FS::agent objects.
+FS::agent objects. Accepts the same options as the agentnums_sql method.
=cut
qsearch({
'table' => 'agent',
'hashref' => { disabled=>'' },
- 'extra_sql' => ' AND '. $self->agentnums_sql,
+ 'extra_sql' => ' AND '. $self->agentnums_sql(@_),
});
}
-=item access_right
+=item access_right RIGHTNAME | LISTREF
-Given a right name, returns true if this user has this right (currently via
-group membership, eventually also via user overrides).
+Given a right name or a list reference of right names, returns true if this
+user has this right, or, for a list, one of the rights (currently via group
+membership, eventually also via user overrides).
=cut
sub access_right {
my( $self, $rightname ) = @_;
+
+ $rightname = [ $rightname ] unless ref($rightname);
+
+ warn "$me access_right called on ". join(', ', @$rightname). "\n"
+ if $DEBUG;
+
+ #some caching of ACL requests for low-hanging fruit perf improvement
+ #since we get a new $CurrentUser object each page view there shouldn't be any
+ #issues with stickiness
+ if ( $self->{_ACLcache} ) {
+
+ unless ( grep !exists($self->{_ACLcache}{$_}), @$rightname ) {
+ warn "$me ACL cache hit for ". join(', ', @$rightname). "\n"
+ if $DEBUG;
+ return grep $self->{_ACLcache}{$_}, @$rightname
+ }
+
+ warn "$me ACL cache miss for ". join(', ', @$rightname). "\n"
+ if $DEBUG;
+
+ } else {
+
+ warn "initializing ACL cache\n"
+ if $DEBUG;
+ $self->{_ACLcache} = {};
+
+ }
+
+ my $has_right = ' rightname IN ('. join(',', map '?', @$rightname ). ') ';
+
my $sth = dbh->prepare("
SELECT groupnum FROM access_usergroup
LEFT JOIN access_group USING ( groupnum )
ON ( access_group.groupnum = access_right.rightobjnum )
WHERE usernum = ?
AND righttype = 'FS::access_group'
- AND rightname = ?
+ AND $has_right
+ LIMIT 1
") or die dbh->errstr;
- $sth->execute($self->usernum, $rightname) or die $sth->errstr;
+ $sth->execute($self->usernum, @$rightname) or die $sth->errstr;
my $row = $sth->fetchrow_arrayref;
- $row ? $row->[0] : '';
+
+ my $return = $row ? $row->[0] : '';
+
+ #just caching the single-rightname hits should be enough of a win for now
+ if ( scalar(@$rightname) == 1 ) {
+ $self->{_ACLcache}{${$rightname}[0]} = $return;
+ }
+
+ $return;
+
+}
+
+=item default_customer_view
+
+Returns the default customer view for this user, from the
+"default_customer_view" user preference, the "cust_main-default_view" config,
+or the hardcoded default, "basics" (formerly "jumbo" prior to 3.0).
+
+=cut
+
+sub default_customer_view {
+ my $self = shift;
+
+ $self->option('default_customer_view')
+ || $conf->config('cust_main-default_view')
+ || 'basics'; #s/jumbo/basics/ starting with 3.0
+
+}
+
+=item spreadsheet_format [ OVERRIDE ]
+
+Returns a hashref of this user's Excel spreadsheet download settings:
+'extension' (xls or xlsx), 'class' (Spreadsheet::WriteExcel or
+Excel::Writer::XLSX), and 'mime_type'. If OVERRIDE is 'XLS' or 'XLSX',
+use that instead of the user's setting.
+
+=cut
+
+# is there a better place to put this?
+my %formats = (
+ XLS => {
+ extension => '.xls',
+ class => 'Spreadsheet::WriteExcel',
+ mime_type => 'application/vnd.ms-excel',
+ },
+ XLSX => {
+ extension => '.xlsx',
+ class => 'Excel::Writer::XLSX',
+ mime_type => # it's on wikipedia, it must be true
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+ }
+);
+
+sub spreadsheet_format {
+ my $self = shift;
+ my $override = shift;
+
+ my $f = $override
+ || $self->option('spreadsheet_format')
+ || $conf->config('spreadsheet_format')
+ || 'XLS';
+
+ $formats{$f};
+}
+
+=item is_system_user
+
+Returns true if this user has the name of a known system account. These
+users cannot log into the web interface and can't have passwords set.
+
+=cut
+
+sub is_system_user {
+ my $self = shift;
+ return grep { $_ eq $self->username } ( qw(
+ fs_queue
+ fs_daily
+ fs_selfservice
+ fs_signup
+ fs_bootstrap
+ fs_selfserv
+ ) );
+}
+
+=item change_password NEW_PASSWORD
+
+=cut
+
+sub change_password {
+ #my( $self, $password ) = @_;
+ #FS::Auth->auth_class->change_password( $self, $password );
+ FS::Auth->auth_class->change_password( @_ );
+}
+
+=item change_password_fields NEW_PASSWORD
+
+=cut
+
+sub change_password_fields {
+ #my( $self, $password ) = @_;
+ #FS::Auth->auth_class->change_password_fields( $self, $password );
+ FS::Auth->auth_class->change_password_fields( @_ );
}
=back
projects / freeside.git / blobdiff