From d2f7ccfd1bab830e7758b3af4a70dc31e64327f3 Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Sat, 14 Feb 2015 22:53:22 +0100 Subject: web: more detailed authentication system --- src/web/template.vala | 3 ++- src/web/web.vala | 23 +++++++++++++---------- src/web/websession.vala | 21 +++++++++++++++++++++ 3 files changed, 36 insertions(+), 11 deletions(-) (limited to 'src/web') diff --git a/src/web/template.vala b/src/web/template.vala index 690de00..b5265d8 100644 --- a/src/web/template.vala +++ b/src/web/template.vala @@ -66,7 +66,8 @@ public class WebTemplate { this.template = this.template.replace("{{{CONTENT}}}", ((string) template)); this.template = this.template.replace("{{{USERNAME}}}", login.name); this.template = this.template.replace("{{{USERID}}}", "%d".printf(login.user)); - this.template = this.template.replace("{{{SUPERUSER}}}", login.superuser ? "" : "hidden"); + this.template = this.template.replace("{{{AUTH_USERS}}}", (login.superuser || login.auth_users) ? "" : "hidden"); + this.template = this.template.replace("{{{AUTH_CASHBOX}}}", (login.superuser || login.auth_cashbox) ? "" : "hidden"); } public WebTemplate.DATA(string file) throws TemplateError { diff --git a/src/web/web.vala b/src/web/web.vala index aa00586..db32974 100644 --- a/src/web/web.vala +++ b/src/web/web.vala @@ -87,7 +87,7 @@ public class WebServer { void handler_user_list(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client) { try { var session = new WebSession(server, msg, path, query, client); - if(!session.superuser) { + if(!session.superuser && !session.auth_users) { handler_403(server, msg, path, query, client); return; } @@ -122,7 +122,7 @@ public class WebServer { void handler_user_pgp_import(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client) { try { var session = new WebSession(server, msg, path, query, client); - if(!session.superuser) { + if(!session.superuser && !session.auth_users) { handler_403(server, msg, path, query, client); return; } @@ -175,7 +175,7 @@ public class WebServer { void handler_user_import(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client) { try { var session = new WebSession(server, msg, path, query, client); - if(!session.superuser) { + if(!session.superuser && !session.auth_users) { handler_403(server, msg, path, query, client); return; } @@ -302,6 +302,9 @@ public class WebServer { var userauth = db.get_user_auth(id); t.replace("DISABLED", userauth.disabled ? "true" : "false"); t.replace("ISSUPERUSER", userauth.superuser ? "true" : "false"); + t.replace("HAS_AUTH_PRODUCTS", userauth.auth_products ? "true" : "false"); + t.replace("HAS_AUTH_CASHBOX", userauth.auth_cashbox ? "true" : "false"); + t.replace("HAS_AUTH_USERS", userauth.auth_users ? "true" : "false"); var postdata = Soup.Form.decode_multipart(msg, null, null, null, null); if(postdata != null && postdata.contains("password1") && postdata.contains("password2")) { @@ -488,7 +491,7 @@ public class WebServer { t.replace("DATA", table); - if(l.superuser) + if(l.superuser || l.auth_products) t.replace("NEWPRODUCT", "block"); else t.replace("NEWPRODUCT", "none"); @@ -523,7 +526,7 @@ public class WebServer { /* amount */ t.replace("AMOUNT", "%d".printf(db.get_product_amount(id))); - if(l.superuser) + if(l.superuser || l.auth_products) t.replace("ISADMIN", "block"); else t.replace("ISADMIN", "none"); @@ -583,7 +586,7 @@ public class WebServer { template.replace("TITLE", "KtT Shop System: New Product"); template.menu_set_active("products"); - if(!session.superuser) { + if(!session.superuser && !session.auth_products) { handler_403(server, msg, path, query, client); return; } @@ -630,7 +633,7 @@ public class WebServer { try { var session = new WebSession(server, msg, path, query, client); - if(!session.superuser) { + if(!session.superuser && !session.auth_products) { handler_403(server, msg, path, query, client); return; } @@ -688,7 +691,7 @@ public class WebServer { var session = new WebSession(server, msg, path, query, client); int64 timestamp = (new DateTime.now_utc()).to_unix(); - if(!session.superuser) { + if(!session.superuser && !session.auth_products) { handler_403(server, msg, path, query, client); return; } @@ -913,7 +916,7 @@ public class WebServer { try { var session = new WebSession(server, msg, path, query, client); - if(!session.superuser) { + if(!session.superuser && !session.auth_cashbox) { handler_403(server, msg, path, query, client); return; } @@ -939,7 +942,7 @@ public class WebServer { try { var session = new WebSession(server, msg, path, query, client); - if(!session.superuser) { + if(!session.superuser && !session.auth_cashbox) { handler_403(server, msg, path, query, client); return; } diff --git a/src/web/websession.vala b/src/web/websession.vala index 1dc6319..a3bf973 100644 --- a/src/web/websession.vala +++ b/src/web/websession.vala @@ -44,6 +44,21 @@ public class WebSession { private set; default = false; } + public bool auth_cashbox { + get; + private set; + default = false; + } + public bool auth_products { + get; + private set; + default = false; + } + public bool auth_users { + get; + private set; + default = false; + } public bool disabled { get; private set; @@ -71,6 +86,9 @@ public class WebSession { var auth = db.get_user_auth(user); this.disabled = auth.disabled; this.superuser = auth.superuser; + this.auth_cashbox = auth.auth_cashbox; + this.auth_products = auth.auth_products; + this.auth_users = auth.auth_users; this.logged_in = true; } @@ -78,6 +96,9 @@ public class WebSession { if(logged_in) { db.set_sessionid(user, ""); superuser = false; + auth_cashbox = false; + auth_products = false; + auth_users = false; logged_in = false; } } -- cgit v1.2.3