X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fwebrt%2Fautohandler;fp=rt%2Fwebrt%2Fautohandler;h=16cdbc79bf7ea24776fab99d134734af5b09b7a2;hp=0000000000000000000000000000000000000000;hb=3ef62a0570055da710328937e7f65dbb2c027c62;hpb=030438c9cb1c12ccb79130979ef0922097b4311a

diff --git a/rt/webrt/autohandler b/rt/webrt/autohandler
new file mode 100755
index 000000000..16cdbc79b
--- /dev/null
+++ b/rt/webrt/autohandler
@@ -0,0 +1,73 @@
+%# $Header: /home/cvs/cvsroot/freeside/rt/webrt/Attic/autohandler,v 1.1 2002-08-12 06:17:08 ivan Exp $
+<& /Elements/Footer, %ARGS &>
+
+<%INIT>
+
+$m->{'rt_base_time'} = time;
+
+#if it's a noauth file, don't ask for auth.
+if ($m->base_comp->path =~ '^/+NoAuth/') {
+        $m->call_next();
+	$m->abort();
+}
+
+# If RT is configured for external auth, let's get REMOTE_USER
+# We intentionally don't test for REMOTE_USER to meet our policy
+elsif ($RT::WebExternalAuth){
+
+    $user = $ENV{'REMOTE_USER'};
+    $session{'CurrentUser'} = RT::CurrentUser->new();
+    $session{'CurrentUser'}->Load($user);
+    unless ($session{'CurrentUser'}->id() ) {
+        delete $session{'CurrentUser'};
+        $m->comp('/Elements/Login', %ARGS, Error=> 'You are not an authorized user');
+        $m->abort();
+    }
+}
+ 
+# If the user is loging in, let's authenticate
+elsif (defined ($user) && defined ($pass)){
+    
+    $session{'CurrentUser'} = RT::CurrentUser->new();
+    $session{'CurrentUser'}->Load($user);
+    unless ($session{'CurrentUser'}->id() ) {
+	delete $session{'CurrentUser'};
+	$m->comp('/Elements/Login', %ARGS, Error=> 'Your username or password is incorrect');
+        $m->abort();
+    };
+    unless ($session{'CurrentUser'}->IsPassword($pass)) {
+	delete $session{'CurrentUser'};
+	
+	$m->comp('/Elements/Login', Error => 'Your username or password is incorrect', %ARGS);
+	$m->abort();
+    }
+}
+  
+
+#If we've got credentials, lets serve the file up.
+if ( (defined $session{'CurrentUser'}) and 
+     ( $session{'CurrentUser'}->Id) ) {
+    
+    # If the user isn\'t privileged, they can only see SelfService
+    if ((! $session{'CurrentUser'}->Privileged) and
+	($m->base_comp->path !~ '^/+SelfService/') ) {
+	$m->comp('/SelfService/index.html');
+	$m->abort();
+    }
+    else {
+	$m->call_next;
+    }
+}
+
+#If we have no credentials
+else {
+    $m->comp('/Elements/Login', %ARGS);
+    $m->abort();
+}
+
+</%INIT>
+
+<%ARGS>
+$user => undef
+$pass => undef
+</%ARGS>