[bse.git] / site / cgi-bin / modules / BSE / UI / AdminDispatch.pm

package BSE::UI::AdminDispatch;
use strict;
use base qw(BSE::UI::Dispatch);
use BSE::CfgInfo qw(admin_base_url);
use Carp qw(confess);

# checks we're coming from HTTPS
sub check_secure {
  my ($class, $req, $rresult) = @_;

  my $securl = admin_base_url($req->cfg);
  my ($protocol, $host) = $securl =~ m!^(\w+)://([-\w.]+)!
    or confess "Invalid [site].secureurl\n";
  
  $host = lc $host;

  my $curr_host = lc $ENV{SERVER_NAME};
  my $forward_from = $req->cfg->entry('site', 'forward_from');
  if ($forward_from) {
    $forward_from =~ s/\./\\./g;
    $forward_from =~ s/\*/.*/g;
    if ($ENV{REMOTE_ADDR} =~ /^(?:$forward_from)$/
	&& $ENV{HTTP_X_FORWARDED_SERVER}) {
      $curr_host = $ENV{HTTP_X_FORWARDED_SERVER};
    }
  }
  my $curr_https = exists $ENV{HTTPS} || exists $ENV{SSL_CIPHER};
  my $curr_proto = $curr_https ? 'https' : 'http';

  return 1 if $curr_host eq $host && $curr_proto eq $protocol;

  return 1 unless $req->cfg->entry('site', 'securl_redirect', 1);

  if ($req->cgi->param('did_admin_url_dispatch')) {
    $$rresult = $class->error($req, "Your admin URL '$securl' is probably misconfigured, we did a redirect to the admin URL and is still isn't correct - we appear to be on '$curr_proto://$curr_host'");
    return;
  }

  print STDERR "User is coming to use via a non-secure URL\n";
  print STDERR "curr host  >$curr_host< secure_host >$host<\n";
  print STDERR "curr proto >$curr_proto< secure_proto >$protocol<\n";

  # refresh back to the secure URL
  my $target = ($ENV{SCRIPT_NAME} =~ /(\w+)\.pl$/)[0] or die;
  my $action = $class->action_prefix . $class->default_action;
  my $url = $req->url($target => { $action => 1, did_admin_url_dispatch => 1 });
  $$rresult = BSE::Template->get_refresh($url, $req->cfg);

  return;
}

sub check_action {
  my ($class, $req, $action, $rresult) = @_;

  # this is admin, the user must be logged on
  unless ($req->check_admin_logon) {
    # time to logon
    # if this was a GET, try to refresh back to it after logon
    if ($req->is_ajax || $req->cgi->param("_")) {
      $$rresult = $req->json_content
	(
	 success => 0,
	 error_code => "LOGON",
	 message => "Access forbidden: user not logged on",
	 errors => {},
	);
    }
    else {
      my %extras =
	(
	 'm' => 'You must logon to use this function'
	);
      if ($ENV{REQUEST_METHOD} eq 'GET') {
	my $rurl = admin_base_url($req->cfg) . $ENV{SCRIPT_NAME};
	$rurl .= "?" . $ENV{QUERY_STRING} if $ENV{QUERY_STRING};
	$rurl .= $rurl =~ /\?/ ? '&' : '?';
	$rurl .= "refreshed=1";
	$extras{r} = $rurl;
      }
      my $url = $req->url(logon => \%extras);
      $$rresult = $req->get_refresh($url);
    }
    return;
  }

  my $security = $class->rights;

  return 1 unless $security->{$action};

  my $msg;
  my $rights = $security->{$action};
  ref $rights or $rights = [ split /,/, $rights ];
  for my $right (@$rights) {
    unless ($req->user_can($right, -1, \$msg)) {
      if ($req->is_ajax || $req->param("_")) {
	$$rresult = $req->json_content
	  (
	   success => 0,
	   error_code => "ACCESS",
	   message => "You do not have access to this function $msg",
	  );
      }
      else {
	my $url = $req->url(menu => 
			    { 'm' => 'You do not have access to this function '.$msg });
	$$rresult = $req->get_refresh($url);
      }
      return;
    }
  }

  return 1;
}

sub error {
  my ($class, $req, $errors, $template) = @_;

  $template ||= 'admin/error';

  return $class->SUPER::error($req, $errors, $template);
}

1;
Commit	Line	Data
0ec4ac8a TC	1	package BSE::UI::AdminDispatch;
	2	use strict;
	3	use base qw(BSE::UI::Dispatch);
	4	use BSE::CfgInfo qw(admin_base_url);
	5	use Carp qw(confess);
	6
	7	# checks we're coming from HTTPS
	8	sub check_secure {
	9	my ($class, $req, $rresult) = @_;
	10
	11	my $securl = admin_base_url($req->cfg);
	12	my ($protocol, $host) = $securl =~ m!^(\w+)://([-\w.]+)!
	13	or confess "Invalid [site].secureurl\n";
	14
	15	$host = lc $host;
	16
	17	my $curr_host = lc $ENV{SERVER_NAME};
c5f849c7 TC	18	my $forward_from = $req->cfg->entry('site', 'forward_from');
	19	if ($forward_from) {
	20	$forward_from =~ s/\./\\./g;
	21	$forward_from =~ s/\/./g;
	22	if ($ENV{REMOTE_ADDR} =~ /^(?:$forward_from)$/
	23	&& $ENV{HTTP_X_FORWARDED_SERVER}) {
	24	$curr_host = $ENV{HTTP_X_FORWARDED_SERVER};
	25	}
	26	}
0ec4ac8a TC	27	my $curr_https = exists $ENV{HTTPS} \|\| exists $ENV{SSL_CIPHER};
	28	my $curr_proto = $curr_https ? 'https' : 'http';
	29
	30	return 1 if $curr_host eq $host && $curr_proto eq $protocol;
	31
9dc9668f TC	32	return 1 unless $req->cfg->entry('site', 'securl_redirect', 1);
9dc9668f TC	33
7c877fd3 TC	34	if ($req->cgi->param('did_admin_url_dispatch')) {
	35	$$rresult = $class->error($req, "Your admin URL '$securl' is probably misconfigured, we did a redirect to the admin URL and is still isn't correct - we appear to be on '$curr_proto://$curr_host'");
	36	return;
	37	}
	38
0ec4ac8a TC	39	print STDERR "User is coming to use via a non-secure URL\n";
	40	print STDERR "curr host >$curr_host< secure_host >$host<\n";
	41	print STDERR "curr proto >$curr_proto< secure_proto >$protocol<\n";
	42
	43	# refresh back to the secure URL
	44	my $target = ($ENV{SCRIPT_NAME} =~ /(\w+)\.pl$/)[0] or die;
7c877fd3 TC	45	my $action = $class->action_prefix . $class->default_action;
7c877fd3 TC	46	my $url = $req->url($target => { $action => 1, did_admin_url_dispatch => 1 });
0ec4ac8a TC	47	$$rresult = BSE::Template->get_refresh($url, $req->cfg);
	48
	49	return;
	50	}
	51
	52	sub check_action {
	53	my ($class, $req, $action, $rresult) = @_;
	54
	55	# this is admin, the user must be logged on
	56	unless ($req->check_admin_logon) {
	57	# time to logon
	58	# if this was a GET, try to refresh back to it after logon
ebc63b18 TC	59	if ($req->is_ajax \|\| $req->cgi->param("_")) {
	60	$$rresult = $req->json_content
	61	(
	62	success => 0,
	63	error_code => "LOGON",
	64	message => "Access forbidden: user not logged on",
	65	errors => {},
	66	);
	67	}
	68	else {
	69	my %extras =
	70	(
	71	'm' => 'You must logon to use this function'
	72	);
	73	if ($ENV{REQUEST_METHOD} eq 'GET') {
	74	my $rurl = admin_base_url($req->cfg) . $ENV{SCRIPT_NAME};
	75	$rurl .= "?" . $ENV{QUERY_STRING} if $ENV{QUERY_STRING};
	76	$rurl .= $rurl =~ /\?/ ? '&' : '?';
	77	$rurl .= "refreshed=1";
	78	$extras{r} = $rurl;
	79	}
	80	my $url = $req->url(logon => \%extras);
	81	$$rresult = $req->get_refresh($url);
0ec4ac8a	82	}
0ec4ac8a TC	83	return;
	84	}
	85
	86	my $security = $class->rights;
	87
	88	return 1 unless $security->{$action};
	89
	90	my $msg;
	91	my $rights = $security->{$action};
	92	ref $rights or $rights = [ split /,/, $rights ];
	93	for my $right (@$rights) {
	94	unless ($req->user_can($right, -1, \$msg)) {
ea88a18a TC	95	if ($req->is_ajax \|\| $req->param("_")) {
	96	$$rresult = $req->json_content
	97	(
	98	success => 0,
	99	error_code => "ACCESS",
	100	message => "You do not have access to this function $msg",
	101	);
	102	}
	103	else {
	104	my $url = $req->url(menu =>
	105	{ 'm' => 'You do not have access to this function '.$msg });
	106	$$rresult = $req->get_refresh($url);
	107	}
0ec4ac8a TC	108	return;
	109	}
	110	}
	111
	112	return 1;
	113	}
	114
20d6805f TC	115	sub error {
	116	my ($class, $req, $errors, $template) = @_;
	117
	118	$template \|\|= 'admin/error';
	119
	120	return $class->SUPER::error($req, $errors, $template);
	121	}
	122
0ec4ac8a	123	1;