Commit fb22a457 authored by Benjamin Rokseth's avatar Benjamin Rokseth
Browse files

koha: auth template params

parent 8bc73d5d
......@@ -176,13 +176,7 @@ sub templateAndPermissions {
return $template;
}
my $template = C4::Templates::gettemplate(
$name,
$in->{type}, $self,
$in->{is_plugin},
);
$template->param( LoginBranchname => $branch );
my $template = C4::Templates::gettemplate( $name, $in->{type}, $self, $in->{is_plugin} ); # this is weird...
#if ( $in->{'template_name'} !~ m/maintenance/ ) {
# ( $user, $cookie, $sessionID, $flags ) = checkauth(
......@@ -193,38 +187,27 @@ sub templateAndPermissions {
# );
#}
# TODO permissions, SHOULD BE HANDLED BY various AUTH MODULES
# E.g: without staffaccess logout?
#my $capabilities = {};
# HERE
# my $capabilities = $self->getPermissions();
try {
my $id = $self->{session}->param("id");
if ($self->{session}->param("admin")) {
# Admin user login should be removed!
warn "TEMPLATE CALLED WITH ADMINUSER - BETTER REMOVE THIS";
$auth->{permissions} = { superlibrarian => 1 };
#$capabilities = { superlibrarian => 1 };
$template->param(loggedinusername => $id);
} else {
#my $p = Deichman::Patron->new()->GetByUserId($userid);
#$template->param( "USER_INFO" => $p->{patron} );
#$capabilities = $self->getUserFlags($p->{patron}->{flags}, $userid);
# my $borrowernumber = C4::Auth::getborrowernumber($userid); #???
#$template->param(loggedinusername => $id);
#$template->param(loggedinusernumber => $p->{patron}->{borrowernumber});
$template->param("USER_INFO" => $auth->{user});
$template->param(loggedinusername => $auth->{user}->{userid});
$template->param(loggedinusernumber => $auth->{user}->{borrowernumber}); # for legacy?
}
} catch {
# patron not found
warn $_->description;
};
#warn Dumper($capabilities)." FLAGS";
$self->setTemplatePermissions( $template, $auth, $branch );
return $template;
}
# set template permissions from auth object
sub setTemplatePermissions {
my ($self, $template, $auth, $branch) = @_;
$template->param( LoginBranchname => $branch );
my $id = $self->{session}->param("id");
if ($self->{session}->param("admin")) {
# Admin user login should be removed!
warn "TEMPLATE CALLED WITH ADMINUSER - BETTER REMOVE THIS";
$auth->{permissions} = { superlibrarian => 1 };
$template->param(loggedinusername => $id);
} else {
$template->param("USER_INFO" => $auth->{user});
$template->param(loggedinusername => $auth->{user}->{userid});
$template->param(loggedinusernumber => $auth->{user}->{borrowernumber}); # for legacy?
}
# iterates permissions for any template
# TODO: rewrite this?
my $all_perms = $self->getAllPermissions();
for my $name (keys %$all_perms ) {
my $value = $auth->{permissions}->{superlibrarian} ? 1 : $auth->{permissions}->{$name};
......@@ -236,12 +219,14 @@ sub templateAndPermissions {
$value = $all_perms->{$name} unless ref $value;
$template->param( "CAN_user_${name}" => 1 );
$template->param( "CAN_user_management" => 1 ) if $name eq "parameters";
# subpermissions
for my $subname ( keys %$value ) {
$template->param( "CAN_user_${name}_${subname}" => 1 );
}
# deviations
$template->param( "CAN_user_management" => 1 ) if $name eq "parameters";
$template->param( "CAN_user_catalogue" => 1 ) if $name eq "editcatalogue";
}
return $template;
}
1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment