Merge branch 'instance/fid' into instance/fid_adlr

7a9ca3da · Dorian Merz · f741ca9e · 7dee7054 · 7a9ca3da · 7a9ca3da
Commit 7a9ca3da authored 5 years ago by Dorian Merz
--- a/fid/config/vufind/fid.ini
+++ b/fid/config/vufind/fid.ini
@@ -2,14 +2,16 @@
 baseUrl = http://172.18.113.133/bbi-alpha.3

 [Security]
+access_levels[] = basic_access
 access_levels[] = limited_access
 access_levels[] = full_access

 [UserProfile]
 role_display[] = "full_access"
 role_display[] = "limited_access"
-role_display_priority[] = "full_access>limited_access"
-role_display_order = "full_access>limited_access"
+role_display[] = "basic_access"
+role_display_priority[] = "full_access>limited_access>basic_access"
+role_display_order = "full_access>limited_access>basic_access"

 [Admin]
 ; Whitelist of all fields that admins shall be able
@@ -25,5 +27,6 @@ overview_fields[] = 'Lastname'
 overview_fields[] = 'Permissions'

 ; List of all available user permissions
+permission_options[] = 'basic_access'
 permission_options[] = 'limited_access'
 permission_options[] = 'full_access'
\ No newline at end of file
--- a/module/fid/src/Service/Client.php
+++ b/module/fid/src/Service/Client.php
@@ -462,11 +462,17 @@ class Client
        }
    }

+    /**
+     * @param String $permission
+     *
+     * @return bool
+     * @throws ClientException
+     */
    public function isAuthorized(String $permission) {

        try {
            $this->authorize($permission);
-        } catch (\Exception $ex) {
+        } catch (UserNotAuthorizedException $exception) {
            return FALSE;
        }
        return TRUE;

--- a/module/fid/src/VuFind/Auth/Authenticator.php
+++ b/module/fid/src/VuFind/Auth/Authenticator.php
@@ -25,7 +25,7 @@ use fid\Service\Client;
 use fid\Service\ClientException;
 use fid\VuFind\Db\Row\User as VuFindUser;
 use VuFind\Auth\AbstractBase;
-use VuFind\Exception\Auth;
+use VuFind\Db\Row\User as UserRow;
 use VuFind\Exception\Auth as AuthException;
 use Zend\Http\PhpEnvironment\Request;

@@ -37,6 +37,9 @@ class Authenticator extends AbstractBase
    protected const AUTH_ERROR_UNKNOWN_REASON
        = 'fid::auth_error_unknown_reason';

+    protected const AUTH_ERROR_ACCOUNT_BLOCKED
+        = 'fid::auth_error_account_blocked';
+
    /**
     * @var Client
     */
@@ -47,6 +50,13 @@ class Authenticator extends AbstractBase
        $this->client = $client;
    }

+    /**
+     * @param Request $request
+     *
+     * @return VuFindUser|UserRow
+     * @throws AuthException
+     * @throws ClientException
+     */
    public function create($request)
    {
        return $this->authenticate($request);
@@ -56,8 +66,9 @@ class Authenticator extends AbstractBase
    /**
     * @param Request $request
     *
-     * @return VuFindUser
+     * @return VuFindUser|UserRow
     * @throws AuthException
+     * @throws ClientException
     */
    public function authenticate($request)
    {
@@ -76,6 +87,11 @@ class Authenticator extends AbstractBase
            }
        }

+        if (!$this->client->isAuthorized('basic_access')) {
+            $this->client->logoff();
+            throw new AuthException(self::AUTH_ERROR_ACCOUNT_BLOCKED);
+        }
+
        if ($ownerId = $logon->getOwnerId()) {
            /** @var VuFindUser $userRow */
            $userRow = $this->getUserTable()->getByUsername($ownerId);

--- a/themes/fid/languages/fid/de.ini
+++ b/themes/fid/languages/fid/de.ini
 auth_error_bad_credentials = Nutzername oder Passwort falsch.
 auth_error_unknown_reason = Anmeldung derzeit nicht möglich.
+auth_error_account_blocked = Ihr Konto wurde aus Sicherheitsgründen gesperrt. Bitte kontaktieren Sie uns unter info@adlr.link, um eine Entsperrung vorzunehmen.

 user_init_form_title = "Registrierung"
 user_create_form_title = "Registrierung abschließen"
@@ -116,5 +117,6 @@ permission_read_user_list = "Liste aller Nutzer einsehen"
 permission_edit_user = "Daten anderer Nutzer bearbeiten"
 permission_full_access = "Zugriff auf FID-Lizenzen"
 permission_limited_access = "Einfacher Zugriff"
+permission_basic_access = "aktiviert"

 admin_section = "Nutzerverwaltung"
--- a/themes/fid/languages/fid/en.ini
+++ b/themes/fid/languages/fid/en.ini
 auth_error_bad_credentials = Invalid username or password.
 auth_error_unknown_reason = Login currently impossible.
+auth_error_account_blocked = Your account has been disabled due to security reasons. Please contact us at info@adlr.link for more details.

 user_init_form_title = "Registration"
 user_create_form_title = "Complete registration"
@@ -115,5 +116,6 @@ permission_read_user_list = "Read list of all users"
 permission_edit_user = "Edit other user's data"
 permission_full_access = "privileged access"
 permission_limited_access = "basic access"
+permission_basic_access = "enabled"

 admin_section = "User Administration"