[interchange-cvs] interchange - heins modified 14 files
interchange-core@interchange.redhat.com
interchange-core@interchange.redhat.com
Tue Feb 5 15:58:01 2002
User: heins
Date: 2002-02-05 20:57:04 GMT
Modified: code/UI_Tag read_page.coretag read_ui_template.coretag
Modified: write_page.coretag
Modified: code/UserTag fedex_query.tag
Modified: dist/lib/UI/pages/admin customer.html
Modified: db_metaconfig_spread.html dbconfig.html login.html
Modified: dist/lib/UI/pages/include page_save
Modified: dist/lib/UI/profiles login
Modified: extensions/quickbooks/usertag get_quicken_orders.tag
Modified: lib/Vend Order.pm
Modified: scripts interchange.PL
Added: code/UI_Tag su.coretag
Log:
* Add su facility for catalog superuser to switch users to
another user id.
New UI_Tag su with following:
[su username=miltonbear]
1. Stringifies current session after checking that su user is valid
2. Writes a random string to "$Global::ConfDir/tmp/$Session->{id}"
3. Issues a cookie hashing the above two
4. Inits a new session, putting in the login info
5. Writes $Session->{su} with session string
[su exit=1]
1. Reads random string from "$Global::ConfDir/tmp/$Session->{id}"
2. Hashes that with session and verifies with cookie
3. Safe evals session string
4. Retrieves session username/admin info
MMsu profile is called on admin/customer.html to run the switch
* Remove a bunch of debug from various files.
Revision Changes Path
1.3 +9 -9 interchange/code/UI_Tag/read_page.coretag
rev 1.3, prev_rev 1.2
Index: read_page.coretag
===================================================================
RCS file: /anon_cvs/repository/interchange/code/UI_Tag/read_page.coretag,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- read_page.coretag 2 Feb 2002 08:57:11 -0000 1.2
+++ read_page.coretag 5 Feb 2002 20:57:03 -0000 1.3
@@ -65,7 +65,7 @@
sub {
my ($pn, $opt) = @_;
use vars qw/$Tag $Session $Variable/;
-::logDebug("read_ui_page pn=$pn");
+#::logDebug("read_ui_page pn=$pn");
my $suffix = $Vend::Cfg->{HTMLsuffix} || '.html';
my $tmpdir = $Vend::Cfg->{ScratchDir} || 'tmp';
my $pagedir = $Vend::Cfg->{PageDir} || 'pages';
@@ -112,9 +112,9 @@
my $tref;
my ($ary) = $Tag->read_ui_template( { passed => $data } );
-Debug("ary from read_ui_template: $ary");
+#Debug("ary from read_ui_template: $ary");
$tref = $ary->[0] if $ary;
-Debug("tref from read_ui_template: $tref");
+#Debug("tref from read_ui_template: $tref");
$tref ||= {};
# Read external template if not in page
@@ -122,10 +122,10 @@
my $tdir = $Variable->{UI_TEMPLATE_DIR} || 'templates';
my $template = $tref->{ui_template_name};
undef $tref;
-Debug("tref read from $tdir/$template");
+#Debug("tref read from $tdir/$template");
($ary) = $Tag->read_ui_template("$tdir/$template");
$tref = shift @$ary if $ary;
-Debug("tref $template again from read_ui_template: $tref (no ui_template_elements)");
+#Debug("tref $template again from read_ui_template: $tref (no ui_template_elements)");
}
if(! $tref) {
@@ -259,12 +259,12 @@
$ref->{ui_page_setting} = $tref;
#Log("page reference: " . uneval($ref) );
-Debug("read_page found pref=$ref tref=$tref" );
+#Debug("read_page found pref=$ref tref=$tref" );
return uneval_it($ref) if $opt->{textref};
-Debug("not textref" );
+#Debug("not textref" );
return $ref unless wantarray;
-Debug("wants array");
-Debug("return from read_page, pref=$ref tref=$tref" );
+#Debug("wants array");
+#Debug("return from read_page, pref=$ref tref=$tref" );
return ($ref, $tref);
}
1.2 +1 -1 interchange/code/UI_Tag/read_ui_template.coretag
rev 1.2, prev_rev 1.1
Index: read_ui_template.coretag
===================================================================
RCS file: /anon_cvs/repository/interchange/code/UI_Tag/read_ui_template.coretag,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- read_ui_template.coretag 29 Jan 2002 05:52:40 -0000 1.1
+++ read_ui_template.coretag 5 Feb 2002 20:57:03 -0000 1.2
@@ -80,7 +80,7 @@
my $tmp = "$tmpdir/$name";
#::logDebug("looking for inprocess file $tmp");
if(! $name and $data = $opt->{passed}) {
-::logDebug("found passed data, no name");
+#::logDebug("found passed data, no name");
# do nothing
}
elsif(-f $tmp) {
1.2 +4 -4 interchange/code/UI_Tag/write_page.coretag
rev 1.2, prev_rev 1.1
Index: write_page.coretag
===================================================================
RCS file: /anon_cvs/repository/interchange/code/UI_Tag/write_page.coretag,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- write_page.coretag 29 Jan 2002 05:52:40 -0000 1.1
+++ write_page.coretag 5 Feb 2002 20:57:03 -0000 1.2
@@ -33,7 +33,7 @@
$page .= $Vend::Cfg->{HTMLsuffix}
unless $page =~ /$Vend::Cfg->{HTMLsuffix}$/;
-Debug("final page=$page page_id=$page_id");
+#Debug("final page=$page page_id=$page_id");
my $ptab = $Vend::Cfg->{PageTables};
my $db;
@@ -88,14 +88,14 @@
}
if(! $ok) {
-Debug("failed to write page=$page dbwrite=$wrote_db");
+#Debug("failed to write page=$page dbwrite=$wrote_db");
$::Scratch->{ui_error} = errmsg("Couldn't save page %s.", $page);
}
elsif($opt->{publish}) {
my $unlink = $Tag->unlink_file("$tmpdir/$page");
-Debug("unlink=$unlink file=$tmpdir/$page");
+#Debug("unlink=$unlink file=$tmpdir/$page");
}
-::logDebug("wrote page=$page page_id=$page_id db=$wrote_db");
+#::logDebug("wrote page=$page page_id=$page_id db=$wrote_db");
return $ok;
}
1.1 interchange/code/UI_Tag/su.coretag
rev 1.1, prev_rev 1.0
Index: su.coretag
===================================================================
UserTag su Description Switch User Tag for catalog superuser
UserTag su Order username
UserTag su attrAlias user username
UserTag su addAttr
UserTag su Routine <<EOR
sub {
my ($user, $opt) = @_;
use vars qw/$Session $Tag $ready_safe $Scratch/;
if($user and ! $Tag->if_mm('super')) {
::logError("attempt to su to user %s", $user);
return undef;
}
my $dir = "$Global::ConfDir/tmp";
if (! -d $dir) {
if(-e $dir) {
logGlobal("Global tmp directory exists as file, aborting su");
return undef;
}
File::Path::mkpath($dir);
}
if($opt->{exit}) {
if(! $Session->{su}) {
logError("attempt to return to superuser without saved session.");
return;
}
my $string = delete $Session->{su};
my $key = $Tag->read_cookie({ name => 'MV_SU_KEY'})
or do {
logError("no session key in cookie, cannot exit");
return;
};
my $fn = "$dir/$Session->{id}";
open(MDCHECK, "< $fn")
or do {
logError("no saved session key in %s, cannot exit", $fn);
return;
};
my $rand = <MDCHECK>;
close MDCHECK;
if(generate_key($rand . $string) ne $key) {
logError("mismatched session key with saved session, cannot exit");
return;
}
my $former = $Session->{username};
## Authenticated
undef $Vend::Session;
undef $Session;
$Vend::Session = $ready_safe->reval($string);
$Session = $Vend::Session;
delete $Session->{su};
$Vend::admin = $Vend::Session->{admin};
$Vend::username = $Vend::Session->{username};
$Vend::logged_in = $Vend::Session->{logged_in};
$Tag->if_mm('super')
and logError(
"Superuser %s returned from login as %s",
$Session->{username},
$former,
)
and return 1;
return;
}
elsif ($user) {
my $u = $Vend::Cfg->{UserDB}{$opt->{profile} ||= 'default'};
my $table = $u->{login_table};
my $ufield = $u->{user_field};
#::logDebug("user table=$table ufield=$ufield");
$table ||= 'userdb';
$ufield ||= 'username';
#::logDebug("user table=$table ufield=$ufield");
if(! $Tag->data($table, $ufield, $user) ) {
$Scratch->{ui_error} = errmsg("attempt to su to non-existent user %s", $user);
return undef;
}
my $rand = random_string();
my $sess = uneval_it($Session);
#::logDebug("sess is $sess");
my $sesskey = generate_key($rand . $sess);
open(MDIT, "> $dir/$Session->{id}")
or die errmsg("Can't create check file for su: %s\n", $!);
print MDIT $rand;
close MDIT;
$Tag->set_cookie( { name => 'MV_SU_KEY', value => $sesskey } );
my $former = $Session->{username};
undef $Vend::admin;
undef $Vend::superuser;
Vend::Session::init_session();
$Session = $Vend::Session;
$Vend::username = $user;
$Session->{username} = $user;
$Session->{su} = $sess;
$Session->{logged_in} = 1;
$Tag->userdb('load');
logError("superuser %s switched user to %s", $former, $Session->{username});
return 1;
}
else {
::logError("unknown su operation");
return undef;
}
}
EOR
1.2 +4 -4 interchange/code/UserTag/fedex_query.tag
rev 1.2, prev_rev 1.1
Index: fedex_query.tag
===================================================================
RCS file: /anon_cvs/repository/interchange/code/UserTag/fedex_query.tag,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fedex_query.tag 29 Jan 2002 05:52:42 -0000 1.1
+++ fedex_query.tag 5 Feb 2002 20:57:04 -0000 1.2
@@ -265,11 +265,11 @@
'FedEx International Economy' => 'FIE',
);
@fe_map{values %fe_map} = @fe_map{keys %fe_map};
-Debug("fed=" . ::uneval($fed));
+#Debug("fed=" . ::uneval($fed));
my @services;
-Debug("can_ground=$can_do_ground country=$opt->{country} orig_country=$opt->{origin_country}");
+#Debug("can_ground=$can_do_ground country=$opt->{country} orig_country=$opt->{origin_country}");
if($opt->{services}) {
-Debug("can_ground=$can_do_ground country=$opt->{country} orig_country=$opt->{origin_country}");
+#Debug("can_ground=$can_do_ground country=$opt->{country} orig_country=$opt->{origin_country}");
if(
$can_do_ground
and ($opt->{country} eq 'US' or $opt->{country} eq 'CA')
@@ -372,7 +372,7 @@
}
return $result{TransitTime} if $opt->{transit_time};
-Debug("mode=$opt->{mode} total=$result{TotalCharges}");
+#Debug("mode=$opt->{mode} total=$result{TotalCharges}");
return $result{TotalCharges};
}
EOR
2.10 +11 -0 interchange/dist/lib/UI/pages/admin/customer.html
rev 2.10, prev_rev 2.9
Index: customer.html
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/pages/admin/customer.html,v
retrieving revision 2.9
retrieving revision 2.10
diff -u -r2.9 -r2.10
--- customer.html 18 Oct 2001 13:05:29 -0000 2.9
+++ customer.html 5 Feb 2002 20:57:04 -0000 2.10
@@ -343,6 +343,17 @@
[scratch active_nm]=1[/button]
[/on-match]
</FORM>
+[if-mm super]
+ <form action="[area @@MV_PAGE@@]">
+ <input type=hidden name=mv_action value=refresh>
+ <input type=hidden name=mv_click value=MMsu>
+ Switch to a user: <select name=user>
+ [search-list]
+ <option>[item-code]
+ [/search-list]
+ </select><input type=submit value="[L]Switch[/L]">
+ </form>
+[/if-mm]
[/search-region]
2.2 +1 -1 interchange/dist/lib/UI/pages/admin/db_metaconfig_spread.html
rev 2.2, prev_rev 2.1
Index: db_metaconfig_spread.html
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/pages/admin/db_metaconfig_spread.html,v
retrieving revision 2.1
retrieving revision 2.2
diff -u -r2.1 -r2.2
--- db_metaconfig_spread.html 9 Oct 2001 22:32:52 -0000 2.1
+++ db_metaconfig_spread.html 5 Feb 2002 20:57:04 -0000 2.2
@@ -24,7 +24,7 @@
ui_meta_view=$view
},
});
-Debug("bounce page: $Scratch->{tmp_bpage}");
+#Debug("bounce page: $Scratch->{tmp_bpage}");
return;
[/calc]
[bounce href="[scratchd tmp_bpage]"]
2.3 +1 -1 interchange/dist/lib/UI/pages/admin/dbconfig.html
rev 2.3, prev_rev 2.2
Index: dbconfig.html
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/pages/admin/dbconfig.html,v
retrieving revision 2.2
retrieving revision 2.3
diff -u -r2.2 -r2.3
--- dbconfig.html 26 Jan 2002 17:53:51 -0000 2.2
+++ dbconfig.html 5 Feb 2002 20:57:04 -0000 2.3
@@ -759,7 +759,7 @@
EOF
my $create_sql = $ref->{CREATE_SQL} || $db->create_sql();
-Debug("create_sql=$create_sql");
+#Debug("create_sql=$create_sql");
if($current_sql or ($new and $base_sql) ) {
my @post;
if ($ref->{POSTCREATE}) {
2.3 +10 -1 interchange/dist/lib/UI/pages/admin/login.html
rev 2.3, prev_rev 2.2
Index: login.html
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/pages/admin/login.html,v
retrieving revision 2.2
retrieving revision 2.3
diff -u -r2.2 -r2.3
--- login.html 18 Sep 2001 21:57:39 -0000 2.2
+++ login.html 5 Feb 2002 20:57:04 -0000 2.3
@@ -1,4 +1,13 @@
-[if session logged_in][userdb function=logout clear=1 hide=1][/if]
+[if session logged_in]
+ [if session su]
+ [su exit=1]
+ [calc]delete $Session->{su}; return; [/calc]
+ [bounce page="__UI_BASE__/index"]
+ [else]
+ [userdb function=logout clear=1 hide=1]
+ [/else]
+ [/if]
+[/if]
[if !global Windows]
[index table=icmenu export_only=1]
[index table=ichelp export_only=1]
2.2 +1 -1 interchange/dist/lib/UI/pages/include/page_save
rev 2.2, prev_rev 2.1
Index: page_save
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/pages/include/page_save,v
retrieving revision 2.1
retrieving revision 2.2
diff -u -r2.1 -r2.2
--- page_save 6 Jan 2002 19:54:45 -0000 2.1
+++ page_save 5 Feb 2002 20:57:04 -0000 2.2
@@ -184,7 +184,7 @@
my $out = join "\n", @out;
unless ($Tag->write_relative_file($page, $out)) {
-Debug("failed to write page=$page");
+#Debug("failed to write page=$page");
$Scratch->{ui_error} = errmsg("Couldn't save page %s.", $page);
}
$Scratch->{ui_output_page} = $page;
2.1 +9 -0 interchange/dist/lib/UI/profiles/login
rev 2.1, prev_rev 2.0
Index: login
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/profiles/login,v
retrieving revision 2.0
retrieving revision 2.1
diff -u -r2.0 -r2.1
--- login 18 Jul 2001 02:22:13 -0000 2.0
+++ login 5 Feb 2002 20:57:04 -0000 2.1
@@ -18,3 +18,12 @@
[/else]
[/if]
__END__
+
+__NAME__ MMsu
+[if type=explicit compare="[su username='[cgi user]']"]
+mv_nextpage=[calc]$Config->{SpecialPage}{catalog}[/calc]
+[else]
+[calc]$Session->{ui_error} = "Failed to su to user $CGI->{user}"; return;[/calc]
+[/else]
+[/if]
+__END__
2.1 +1 -1 interchange/extensions/quickbooks/usertag/get_quicken_orders.tag
rev 2.1, prev_rev 2.0
Index: get_quicken_orders.tag
===================================================================
RCS file: /anon_cvs/repository/interchange/extensions/quickbooks/usertag/get_quicken_orders.tag,v
retrieving revision 2.0
retrieving revision 2.1
diff -u -r2.0 -r2.1
--- get_quicken_orders.tag 18 Jul 2001 02:22:54 -0000 2.0
+++ get_quicken_orders.tag 5 Feb 2002 20:57:04 -0000 2.1
@@ -26,7 +26,7 @@
my $bu = $fn;
$bu =~ s:.*/qb::;
$bu =~ s/\.iif$//;
-Log("gqo -- bu=$bu currdate=$currdate fn=$fn ofn=$ofn date=$date");
+#Log("gqo -- bu=$bu currdate=$currdate fn=$fn ofn=$ofn date=$date");
if($bu eq $currdate) {
$fn = "$dir/qb$date.iif";
rename $ofn, $fn;
2.16 +4 -4 interchange/lib/Vend/Order.pm
rev 2.16, prev_rev 2.15
Index: Order.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Order.pm,v
retrieving revision 2.15
retrieving revision 2.16
diff -u -r2.15 -r2.16
--- Order.pm 5 Feb 2002 01:33:11 -0000 2.15
+++ Order.pm 5 Feb 2002 20:57:04 -0000 2.16
@@ -1,6 +1,6 @@
# Vend::Order - Interchange order routing routines
#
-# $Id: Order.pm,v 2.15 2002/02/05 01:33:11 mheins Exp $
+# $Id: Order.pm,v 2.16 2002/02/05 20:57:04 mheins Exp $
#
# Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
#
@@ -28,7 +28,7 @@
package Vend::Order;
require Exporter;
-$VERSION = substr(q$Revision: 2.15 $, 10);
+$VERSION = substr(q$Revision: 2.16 $, 10);
@ISA = qw(Exporter);
@@ -230,7 +230,7 @@
my (@return);
-::logDebug("OrderCheck = $OrderCheck routine=$routine");
+#::logDebug("OrderCheck = $OrderCheck routine=$routine");
my $sub;
my @args;
if( $sub = $Parse{$routine}) {
@@ -238,7 +238,7 @@
undef $message;
}
elsif ($OrderCheck and $sub = $OrderCheck->{$routine}) {
-::logDebug("Using coderef OrderCheck = $sub");
+#::logDebug("Using coderef OrderCheck = $sub");
@args = ($ref,$var,$val);
}
elsif (defined &{"_$routine"}) {
2.22 +2 -2 interchange/scripts/interchange.PL
rev 2.22, prev_rev 2.21
Index: interchange.PL
===================================================================
RCS file: /anon_cvs/repository/interchange/scripts/interchange.PL,v
retrieving revision 2.21
retrieving revision 2.22
diff -u -r2.21 -r2.22
--- interchange.PL 4 Feb 2002 01:31:18 -0000 2.21
+++ interchange.PL 5 Feb 2002 20:57:04 -0000 2.22
@@ -50,7 +50,7 @@
#
# Interchange version 4.9.0
#
-# $Id: interchange.PL,v 2.21 2002/02/04 01:31:18 mheins Exp $
+# $Id: interchange.PL,v 2.22 2002/02/05 20:57:04 mheins Exp $
#
# Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
#
@@ -528,7 +528,7 @@
my($key,$value);
# Update a database record
# Check to see if this is allowed
-::logDebug("mv_data_enable=$::Scratch->{mv_data_enable}");
+#::logDebug("mv_data_enable=$::Scratch->{mv_data_enable}");
if(! $::Scratch->{mv_data_enable}) {
logError(
"Attempted database update without permission, table=%s key=%s.",