web: more detailed authentication system

author: Sebastian Reichel <sre@ring0.de> 2015-02-14 22:53:22 +0100
committer: Sebastian Reichel <sre@ring0.de> 2015-02-14 23:42:09 +0100
commit: d2f7ccfd1bab830e7758b3af4a70dc31e64327f3 (patch)
tree: 5c56e8082df85ddcaf009c1d20782d306e385acc
parent: 06c4d13da6267d9c5698bec9521c76e3efdb1efa (diff)
download: serial-barcode-scanner-d2f7ccfd1bab830e7758b3af4a70dc31e64327f3.tar.bz2
8 files changed, 52 insertions, 15 deletions
diff --git a/sql/tables.sql b/sql/tables.sql
index 4a40d4d..a81d60c 100644
--- a/sql/tables.sql
+++ b/sql/tables.sql
@@ -4,7 +4,7 @@ CREATE TABLE IF NOT EXISTS sales (user INTEGER NOT NULL REFERENCES users, produc
 CREATE TABLE IF NOT EXISTS restock (user INTEGER NOT NULL REFERENCES users, product INTEGER NOT NULL REFERENCES products, amount INTEGER NOT NULL DEFAULT 0, timestamp INTEGER NOT NULL DEFAULT 0, price INTEGER NOT NULL DEFAULT 0, supplier INTEGER, best_before_date INTEGER);
 CREATE TABLE IF NOT EXISTS prices (product INTEGER NOT NULL REFERENCES products, valid_from INTEGER NOT NULL DEFAULT 0, memberprice INTEGER NOT NULL DEFAULT 0, guestprice INTEGER NOT NULL DEFAULT 0);
 CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY NOT NULL, email TEXT, firstname TEXT NOT NULL, lastname TEXT NOT NULL, gender TEXT, street TEXT, plz INTEGER, city TEXT, pgp TEXT);
-CREATE TABLE IF NOT EXISTS authentication(user INTEGER PRIMARY KEY NOT NULL REFERENCES users, password TEXT, session CHARACTER(20), superuser BOOLEAN NOT NULL DEFAULT 0, disabled BOOLEAN NOT NULL DEFAULT 0);
+CREATE TABLE IF NOT EXISTS authentication(user INTEGER PRIMARY KEY NOT NULL REFERENCES users, password TEXT, session CHARACTER(20), superuser BOOLEAN NOT NULL DEFAULT 0, auth_users BOOLEAN NOT NULL DEFAULT 0, auth_products BOOLEAN NOT NULL DEFAULT 0, auth_cashbox BOOLEAN NOT NULL DEFAULT 0, disabled BOOLEAN NOT NULL DEFAULT 0);
 CREATE TABLE IF NOT EXISTS supplier(id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT, city TEXT, postal_code TEXT, street TEXT, phone TEXT, website TEXT);
 CREATE TABLE IF NOT EXISTS cashbox_diff(id INTEGER PRIMARY KEY AUTOINCREMENT, user INTEGER NOT NULL REFERENCES users, amount INTEGER NOT NULL, timestamp INTEGER NOT NULL DEFAULT 0);
 CREATE INDEX IF NOT EXISTS invoiceindex ON sales (user ASC, timestamp DESC);
diff --git a/src/database/database.vala b/src/database/database.vala
index ddc71d4..9335b35 100644
--- a/src/database/database.vala
+++ b/src/database/database.vala
@@ -103,7 +103,7 @@ public class DataBase : Object {
 		queries["password_get"]      = "SELECT password FROM authentication WHERE user = ?";
 		queries["password_set"]      = "UPDATE authentication SET password=? WHERE user = ?";
 		queries["userinfo"]          = "SELECT firstname, lastname, email, gender, street, plz, city, pgp FROM users WHERE id = ?";
-		queries["userauth"]          = "SELECT disabled, superuser FROM authentication WHERE user = ?";
+		queries["userauth"]          = "SELECT disabled, superuser, auth_users, auth_products, auth_cashbox FROM authentication WHERE user = ?";
 		queries["profit_by_product"] = "SELECT name, SUM(memberprice - (SELECT price FROM purchaseprices WHERE product = purch.product)) AS price FROM sales purch, prices, products WHERE purch.product = products.id AND purch.product = prices.product AND purch.user > 0 AND purch.timestamp > ? AND purch.timestamp < ? AND prices.valid_from = (SELECT valid_from FROM prices WHERE product = purch.product AND valid_from < purch.timestamp ORDER BY valid_from DESC LIMIT 1) GROUP BY name ORDER BY price;";
 		queries["invoice"]           = "SELECT timestamp, id AS productid, name AS productname, CASE WHEN user < 0 THEN (SELECT price FROM purchaseprices WHERE purchaseprices.product = id) else (SELECT CASE WHEN user=0 THEN guestprice else memberprice END FROM prices WHERE product = id AND valid_from <= timestamp ORDER BY valid_from DESC LIMIT 1) END AS price FROM sales INNER JOIN products ON sales.product = products.id WHERE user = ? AND timestamp >= ? AND timestamp <= ? ORDER BY timestamp";
 		queries["purchase_first"]    = "SELECT timestamp FROM sales WHERE user = ? ORDER BY timestamp ASC  LIMIT 1";
@@ -558,6 +558,9 @@ public class DataBase : Object {
 		result.id = user;
 		result.disabled = false;
 		result.superuser = false;
+		result.auth_cashbox = false;
+		result.auth_products = false;
+		result.auth_users = false;
 
 		statements["userauth"].reset();
 		statements["userauth"].bind_int(1, user);
@@ -566,6 +569,9 @@ public class DataBase : Object {
 		if(rc == Sqlite.ROW) {
 			result.disabled  = statements["userauth"].column_int(0) == 1;
 			result.superuser = statements["userauth"].column_int(1) == 1;
+			result.auth_users = statements["userauth"].column_int(2) == 1;
+			result.auth_products = statements["userauth"].column_int(3) == 1;
+			result.auth_cashbox = statements["userauth"].column_int(4) == 1;
 		} else if(rc == Sqlite.DONE) {
 			/* entry not found, we return defaults */
 		} else {
diff --git a/src/database/db-interface.vala b/src/database/db-interface.vala
index 6ec77eb..5042c7f 100644
--- a/src/database/db-interface.vala
+++ b/src/database/db-interface.vala
@@ -115,6 +115,9 @@ public struct UserAuth {
 	public int id;
 	public bool disabled;
 	public bool superuser;
+	public bool auth_cashbox;
+	public bool auth_products;
+	public bool auth_users;
 }
 
 public struct Product {
diff --git a/src/web/template.vala b/src/web/template.vala
index 690de00..b5265d8 100644
--- a/src/web/template.vala
+++ b/src/web/template.vala
@@ -66,7 +66,8 @@ public class WebTemplate {
 		this.template = this.template.replace("{{{CONTENT}}}", ((string) template));
 		this.template = this.template.replace("{{{USERNAME}}}", login.name);
 		this.template = this.template.replace("{{{USERID}}}", "%d".printf(login.user));
-		this.template = this.template.replace("{{{SUPERUSER}}}", login.superuser ? "" : "hidden");
+		this.template = this.template.replace("{{{AUTH_USERS}}}", (login.superuser || login.auth_users) ? "" : "hidden");
+		this.template = this.template.replace("{{{AUTH_CASHBOX}}}", (login.superuser || login.auth_cashbox) ? "" : "hidden");
 	}
 
 	public WebTemplate.DATA(string file) throws TemplateError {
diff --git a/src/web/web.vala b/src/web/web.vala
index aa00586..db32974 100644
--- a/src/web/web.vala
+++ b/src/web/web.vala
@@ -87,7 +87,7 @@ public class WebServer {
 	void handler_user_list(Soup.Server server, Soup.Message msg, string path, GLib.HashTable<string,string>? query, Soup.ClientContext client) {
 		try {
 			var session = new WebSession(server, msg, path, query, client);
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_users) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
@@ -122,7 +122,7 @@ public class WebServer {
 	void handler_user_pgp_import(Soup.Server server, Soup.Message msg, string path, GLib.HashTable<string,string>? query, Soup.ClientContext client) {
 		try {
 			var session = new WebSession(server, msg, path, query, client);
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_users) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
@@ -175,7 +175,7 @@ public class WebServer {
 	void handler_user_import(Soup.Server server, Soup.Message msg, string path, GLib.HashTable<string,string>? query, Soup.ClientContext client) {
 		try {
 			var session = new WebSession(server, msg, path, query, client);
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_users) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
@@ -302,6 +302,9 @@ public class WebServer {
 			var userauth = db.get_user_auth(id);
 			t.replace("DISABLED", userauth.disabled ? "true" : "false");
 			t.replace("ISSUPERUSER", userauth.superuser ? "true" : "false");
+			t.replace("HAS_AUTH_PRODUCTS", userauth.auth_products ? "true" : "false");
+			t.replace("HAS_AUTH_CASHBOX", userauth.auth_cashbox ? "true" : "false");
+			t.replace("HAS_AUTH_USERS", userauth.auth_users ? "true" : "false");
 
 			var postdata = Soup.Form.decode_multipart(msg, null, null, null, null);
 			if(postdata != null && postdata.contains("password1") && postdata.contains("password2")) {
@@ -488,7 +491,7 @@ public class WebServer {
 
 			t.replace("DATA", table);
 
-			if(l.superuser)
+			if(l.superuser || l.auth_products)
 				t.replace("NEWPRODUCT", "block");
 			else
 				t.replace("NEWPRODUCT", "none");
@@ -523,7 +526,7 @@ public class WebServer {
 			/* amount */
 			t.replace("AMOUNT", "%d".printf(db.get_product_amount(id)));
 
-			if(l.superuser)
+			if(l.superuser || l.auth_products)
 				t.replace("ISADMIN", "block");
 			else
 				t.replace("ISADMIN", "none");
@@ -583,7 +586,7 @@ public class WebServer {
 			template.replace("TITLE", "KtT Shop System: New Product");
 			template.menu_set_active("products");
 
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_products) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
@@ -630,7 +633,7 @@ public class WebServer {
 		try {
 			var session = new WebSession(server, msg, path, query, client);
 
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_products) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
@@ -688,7 +691,7 @@ public class WebServer {
 			var session = new WebSession(server, msg, path, query, client);
 			int64 timestamp = (new DateTime.now_utc()).to_unix();
 
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_products) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
@@ -913,7 +916,7 @@ public class WebServer {
 		try {
 			var session = new WebSession(server, msg, path, query, client);
 
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_cashbox) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
@@ -939,7 +942,7 @@ public class WebServer {
 		try {
 			var session = new WebSession(server, msg, path, query, client);
 
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_cashbox) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
diff --git a/src/web/websession.vala b/src/web/websession.vala
index 1dc6319..a3bf973 100644
--- a/src/web/websession.vala
+++ b/src/web/websession.vala
@@ -44,6 +44,21 @@ public class WebSession {
 		private set;
 		default = false;
 	}
+	public bool auth_cashbox {
+		get;
+		private set;
+		default = false;
+	}
+	public bool auth_products {
+		get;
+		private set;
+		default = false;
+	}
+	public bool auth_users {
+		get;
+		private set;
+		default = false;
+	}
 	public bool disabled {
 		get;
 		private set;
@@ -71,6 +86,9 @@ public class WebSession {
 		var auth = db.get_user_auth(user);
 		this.disabled  = auth.disabled;
 		this.superuser = auth.superuser;
+		this.auth_cashbox = auth.auth_cashbox;
+		this.auth_products = auth.auth_products;
+		this.auth_users = auth.auth_users;
 		this.logged_in = true;
 	}
 
@@ -78,6 +96,9 @@ public class WebSession {
 		if(logged_in) {
 			db.set_sessionid(user, "");
 			superuser = false;
+			auth_cashbox = false;
+			auth_products = false;
+			auth_users = false;
 			logged_in = false;
 		}
 	}
diff --git a/templates/menu.html b/templates/menu.html
index 138cc23..d92d778 100644
--- a/templates/menu.html
+++ b/templates/menu.html
@@ -4,7 +4,7 @@
 	<ul class="nav">
 		<li class="{{{MENU.home}}}"><a href="/">Home</a></li>
 		<li class="{{{MENU.products}}}"><a href="/products">Products</a></li>
-		<li class="{{{MENU.cashbox}}} {{{SUPERUSER}}}"><a href="/cashbox">Cashbox</a></li>
+		<li class="{{{MENU.cashbox}}} {{{AUTH_CASHBOX}}}"><a href="/cashbox">Cashbox</a></li>
 <!--
 		<li class="{{{MENU.stats}}} dropdown">
 			<a href="#" id="statsmenu" class="dropdown-toggle" data-toggle="dropdown">Statistics <b class="caret"></b></a>
@@ -17,7 +17,7 @@
 			</ul>
 		</li>
 -->
-		<li class="{{{MENU.users}}} {{{SUPERUSER}}} dropdown">
+		<li class="{{{MENU.users}}} {{{AUTH_USERS}}} dropdown">
 			<a href="#" id="usersmenu" class="dropdown-toggle" data-toggle="dropdown">Users <b class="caret"></b></a>
 			<ul class="dropdown-menu">
 				<li><a href="/users">List</a></li>
diff --git a/templates/users/entry.html b/templates/users/entry.html
index ee1959c..9ff0239 100644
--- a/templates/users/entry.html
+++ b/templates/users/entry.html
@@ -23,6 +23,9 @@
 		<tr><th colspan="2">Administrative Information</th></tr>
 		<tr><th>Disabled</th><td>{{{DISABLED}}}</td></tr>
 		<tr><th>Superuser</th><td>{{{ISSUPERUSER}}}</td></tr>
+		<tr><th>Auth Products</th><td>{{{HAS_AUTH_PRODUCTS}}}</td></tr>
+		<tr><th>Auth Cashbox</th><td>{{{HAS_AUTH_CASHBOX}}}</td></tr>
+		<tr><th>Auth Users</th><td>{{{HAS_AUTH_USERS}}}</td></tr>
 		<tr><th rowspan="3">Password</th><td><input name="password1" placeholder="New Password" type="password" /></td></tr>
 		<tr><td><input name="password2" placeholder="New Password (again)" type="password" /></td></tr>
 		<tr><td><input type="submit" value="Change Password" /></td></tr>
author	Sebastian Reichel <sre@ring0.de>	2015-02-14 22:53:22 +0100
committer	Sebastian Reichel <sre@ring0.de>	2015-02-14 23:42:09 +0100
commit	d2f7ccfd1bab830e7758b3af4a70dc31e64327f3 (patch)
tree	5c56e8082df85ddcaf009c1d20782d306e385acc
parent	06c4d13da6267d9c5698bec9521c76e3efdb1efa (diff)
download	serial-barcode-scanner-d2f7ccfd1bab830e7758b3af4a70dc31e64327f3.tar.bz2