[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb: [1928] trunk
- Subject: SF.net SVN: ledger-smb: [1928] trunk
- From: ..hidden..
- Date: Sun, 02 Dec 2007 15:24:28 -0800
Revision: 1928
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=1928&view=rev
Author: einhverfr
Date: 2007-12-02 15:24:27 -0800 (Sun, 02 Dec 2007)
Log Message:
-----------
Correcting behavior of session timeout to release locks and create new session.
Modified Paths:
--------------
trunk/LedgerSMB/Auth/DB.pm
trunk/scripts/payment.pl
trunk/sql/modules/Payment.sql
trunk/sql/modules/Roles.sql
Added Paths:
-----------
trunk/sql/modules/Session.sql
Modified: trunk/LedgerSMB/Auth/DB.pm
===================================================================
--- trunk/LedgerSMB/Auth/DB.pm 2007-11-30 08:21:03 UTC (rev 1927)
+++ trunk/LedgerSMB/Auth/DB.pm 2007-12-02 23:24:27 UTC (rev 1928)
@@ -47,20 +47,8 @@
my $dbh = $form->{dbh};
my $checkQuery = $dbh->prepare(
- "SELECT u.username, s.transaction_id
- FROM session as s
- JOIN users as u ON (s.users_id = u.id)
- WHERE s.session_id = ?
- AND token = ?
- AND s.last_used > now() - ?::interval"
- );
+ "SELECT * FROM session_check(?, ?)");
- my $updateAge = $dbh->prepare(
- "UPDATE session
- SET last_used = now()
- WHERE session_id = ?;"
- );
-
my ($sessionID, $token, $company) = split(/:/, $cookie);
$form->{company} ||= $company;
@@ -77,7 +65,7 @@
$timeout = "$form->{timeout} seconds";
}
- $checkQuery->execute( $sessionID, $token, $timeout )
+ $checkQuery->execute( $sessionID, $token)
|| $form->dberror(
__FILE__ . ':' . __LINE__ . ': Looking for session: ' );
my $sessionValid = $checkQuery->rows;
@@ -85,22 +73,19 @@
if ($sessionValid) {
#user has a valid session cookie, now check the user
- my ( $sessionLogin, $sessionTransaction ) = $checkQuery->fetchrow_array;
+ my ( $session_ref) = $checkQuery->fetchrow_hashref('NAME_lc');
my $login = $form->{login};
$login =~ s/[^a-zA-Z0-9._+\@'-]//g;
- if (( $sessionLogin eq $login ))
+ if (( $session_ref ))
{
- $updateAge->execute( $sessionID )
- || $form->dberror(
- __FILE__ . ':' . __LINE__ . ': Updating session age: ' );
my $newCookieValue =
- $sessionID . ':' . $token . ':' . $form->{company};
+ $session_ref->{session_id} . ':' . $session_ref->{token} . ':' . $form->{company};
#now update the cookie in the browser
print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=$path;\n|;
Modified: trunk/scripts/payment.pl
===================================================================
--- trunk/scripts/payment.pl 2007-11-30 08:21:03 UTC (rev 1927)
+++ trunk/scripts/payment.pl 2007-12-02 23:24:27 UTC (rev 1928)
@@ -69,7 +69,7 @@
=cut
sub payments {
- my ($request) = @_;
+ my ($request) = @_;
my $payment = LedgerSMB::DBObject::Payment->new({'base' => $request});
$payment->get_metadata();
my $template = LedgerSMB::Template->new(
@@ -81,6 +81,20 @@
);
$template->render($payment);
}
+
+sub display_payments {
+ my ($request) = @_;
+ my $payment = LedgerSMB::DBObject::Payment->new({'base' => $request});
+ $payment->get_payment_detail_data();
+ my $template = LedgerSMB::Template->new(
+ user => $request->{_user},
+ locale => $request->{_locale},
+ path => 'UI/payments',
+ template => 'payments_filter',
+ format => 'HTML',
+ );
+ $template->render($payment);
+}
sub payment {
Modified: trunk/sql/modules/Payment.sql
===================================================================
--- trunk/sql/modules/Payment.sql 2007-11-30 08:21:03 UTC (rev 1927)
+++ trunk/sql/modules/Payment.sql 2007-12-02 23:24:27 UTC (rev 1928)
@@ -316,7 +316,7 @@
DECLARE resultrow record;
BEGIN
FOR resultrow IN
- SELECT curr FROM ar
+ SELECT curr AS curr FROM ar
WHERE amount <> paid
OR paid IS NULL
AND in_account_class=2
Modified: trunk/sql/modules/Roles.sql
===================================================================
--- trunk/sql/modules/Roles.sql 2007-11-30 08:21:03 UTC (rev 1927)
+++ trunk/sql/modules/Roles.sql 2007-12-02 23:24:27 UTC (rev 1928)
@@ -1,3 +1,4 @@
+GRANT ALL ON SCHEMA public TO public; -- required for Pg 8.2
-- Contacts
CREATE ROLE lsmb_<?lsmb dbname ?>__read_contact
WITH INHERIT NOLOGIN;
@@ -1382,5 +1383,6 @@
GRANT select on chart, gifi, country to public;
grant select on employee to public;
GRANT SELECT ON parts, partsgroup TO public;
- GRANT SELECT ON language TO public;
-GRANT SELECT ON business, exchangerate, shipto, tax TO public;
+ GRANT SELECT ON language, project TO public;
+GRANT SELECT ON business, exchangerate, department, shipto, tax TO public;
+
Added: trunk/sql/modules/Session.sql
===================================================================
--- trunk/sql/modules/Session.sql (rev 0)
+++ trunk/sql/modules/Session.sql 2007-12-02 23:24:27 UTC (rev 1928)
@@ -0,0 +1,43 @@
+CREATE OR REPLACE FUNCTION session_check(in_session_id int, in_token text)
+RETURNS session AS
+$$
+DECLARE out_row session%ROWTYPE;
+BEGIN
+ UPDATE session
+ SET last_used = now()
+ WHERE session_id = in_session_id
+ AND token = in_token
+ AND last_used > now() - (SELECT value FROM defaults
+ WHERE setting_key = 'timeout')::interval
+ AND users_id = (select id from users
+ where username = SESSION_USER);
+ IF FOUND THEN
+ SELECT * INTO out_row WHERE session_id = in_session_id;
+ ELSE
+ DELETE FROM SESSION
+ WHERE users_id IN (select id from users
+ where username = SESSION_USER);
+ -- the above query also releases all discretionary locks by the
+ -- session
+
+ IF NOT FOUND THEN
+ SELECT id FROM users WHERE username = SESSION_USER;
+ IF NOT FOUND THEN
+ RAISE EXCEPTION 'User Not Known';
+ END IF;
+
+ END IF;
+ INSERT INTO session(users_id, token, last_used, transaction_id)
+ SELECT id, md5(random()), now(), 0
+ FROM users WHERE username = SESSION_USER;
+ -- TODO-- remove transaction_id field from session table
+
+ SELECT * INTO out_row FROM session
+ WHERE session_id = currval('session_session_id_seq');
+ END IF;
+ RETURN out_row;
+END;
+$$ LANGUAGE PLPGSQL;
+
+COMMENT ON FUNCTION session_check(int, text) IS
+$$ Return code is 0 for failure, 1 for success. $$;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.