Skip to content
Snippets Groups Projects
Commit 7a9ca3da authored by Dorian Merz's avatar Dorian Merz
Browse files

Merge branch 'instance/fid' into instance/fid_adlr

parents f741ca9e 7dee7054
No related merge requests found
Hide whitespace changes
Inline Side-by-side
fid/config/vufind/fid.ini
+ 5
2
View file @ 7a9ca3da
...@@ -2,14 +2,16 @@ ...@@ -2,14 +2,16 @@
baseUrl = http://172.18.113.133/bbi-alpha.3 baseUrl = http://172.18.113.133/bbi-alpha.3
[Security] [Security]
access_levels[] = basic_access
access_levels[] = limited_access access_levels[] = limited_access
access_levels[] = full_access access_levels[] = full_access
[UserProfile] [UserProfile]
role_display[] = "full_access" role_display[] = "full_access"
role_display[] = "limited_access" role_display[] = "limited_access"
role_display_priority[] = "full_access>limited_access" role_display[] = "basic_access"
role_display_order = "full_access>limited_access" role_display_priority[] = "full_access>limited_access>basic_access"
role_display_order = "full_access>limited_access>basic_access"
[Admin] [Admin]
; Whitelist of all fields that admins shall be able ; Whitelist of all fields that admins shall be able
...@@ -25,5 +27,6 @@ overview_fields[] = 'Lastname' ...@@ -25,5 +27,6 @@ overview_fields[] = 'Lastname'
overview_fields[] = 'Permissions' overview_fields[] = 'Permissions'
; List of all available user permissions ; List of all available user permissions
permission_options[] = 'basic_access'
permission_options[] = 'limited_access' permission_options[] = 'limited_access'
permission_options[] = 'full_access' permission_options[] = 'full_access'
\ No newline at end of file
module/fid/src/Service/Client.php
+ 7
1
View file @ 7a9ca3da
...@@ -462,11 +462,17 @@ class Client ...@@ -462,11 +462,17 @@ class Client
} }
} }
/**
* @param String $permission
*
* @return bool
* @throws ClientException
*/
public function isAuthorized(String $permission) { public function isAuthorized(String $permission) {
try { try {
$this->authorize($permission); $this->authorize($permission);
} catch (\Exception $ex) { } catch (UserNotAuthorizedException $exception) {
return FALSE; return FALSE;
} }
return TRUE; return TRUE;
......
module/fid/src/VuFind/Auth/Authenticator.php
+ 18
2
View file @ 7a9ca3da
...@@ -25,7 +25,7 @@ use fid\Service\Client; ...@@ -25,7 +25,7 @@ use fid\Service\Client;
use fid\Service\ClientException; use fid\Service\ClientException;
use fid\VuFind\Db\Row\User as VuFindUser; use fid\VuFind\Db\Row\User as VuFindUser;
use VuFind\Auth\AbstractBase; use VuFind\Auth\AbstractBase;
use VuFind\Exception\Auth; use VuFind\Db\Row\User as UserRow;
use VuFind\Exception\Auth as AuthException; use VuFind\Exception\Auth as AuthException;
use Zend\Http\PhpEnvironment\Request; use Zend\Http\PhpEnvironment\Request;
...@@ -37,6 +37,9 @@ class Authenticator extends AbstractBase ...@@ -37,6 +37,9 @@ class Authenticator extends AbstractBase
protected const AUTH_ERROR_UNKNOWN_REASON protected const AUTH_ERROR_UNKNOWN_REASON
= 'fid::auth_error_unknown_reason'; = 'fid::auth_error_unknown_reason';
protected const AUTH_ERROR_ACCOUNT_BLOCKED
= 'fid::auth_error_account_blocked';
/** /**
* @var Client * @var Client
*/ */
...@@ -47,6 +50,13 @@ class Authenticator extends AbstractBase ...@@ -47,6 +50,13 @@ class Authenticator extends AbstractBase
$this->client = $client; $this->client = $client;
} }
/**
* @param Request $request
*
* @return VuFindUser|UserRow
* @throws AuthException
* @throws ClientException
*/
public function create($request) public function create($request)
{ {
return $this->authenticate($request); return $this->authenticate($request);
...@@ -56,8 +66,9 @@ class Authenticator extends AbstractBase ...@@ -56,8 +66,9 @@ class Authenticator extends AbstractBase
/** /**
* @param Request $request * @param Request $request
* *
* @return VuFindUser * @return VuFindUser|UserRow
* @throws AuthException * @throws AuthException
* @throws ClientException
*/ */
public function authenticate($request) public function authenticate($request)
{ {
...@@ -76,6 +87,11 @@ class Authenticator extends AbstractBase ...@@ -76,6 +87,11 @@ class Authenticator extends AbstractBase
} }
} }
if (!$this->client->isAuthorized('basic_access')) {
$this->client->logoff();
throw new AuthException(self::AUTH_ERROR_ACCOUNT_BLOCKED);
}
if ($ownerId = $logon->getOwnerId()) { if ($ownerId = $logon->getOwnerId()) {
/** @var VuFindUser $userRow */ /** @var VuFindUser $userRow */
$userRow = $this->getUserTable()->getByUsername($ownerId); $userRow = $this->getUserTable()->getByUsername($ownerId);
......
themes/fid/languages/fid/de.ini
+ 2
0
View file @ 7a9ca3da
auth_error_bad_credentials = Nutzername oder Passwort falsch. auth_error_bad_credentials = Nutzername oder Passwort falsch.
auth_error_unknown_reason = Anmeldung derzeit nicht möglich. auth_error_unknown_reason = Anmeldung derzeit nicht möglich.
auth_error_account_blocked = Ihr Konto wurde aus Sicherheitsgründen gesperrt. Bitte kontaktieren Sie uns unter info@adlr.link, um eine Entsperrung vorzunehmen.
user_init_form_title = "Registrierung" user_init_form_title = "Registrierung"
user_create_form_title = "Registrierung abschließen" user_create_form_title = "Registrierung abschließen"
...@@ -116,5 +117,6 @@ permission_read_user_list = "Liste aller Nutzer einsehen" ...@@ -116,5 +117,6 @@ permission_read_user_list = "Liste aller Nutzer einsehen"
permission_edit_user = "Daten anderer Nutzer bearbeiten" permission_edit_user = "Daten anderer Nutzer bearbeiten"
permission_full_access = "Zugriff auf FID-Lizenzen" permission_full_access = "Zugriff auf FID-Lizenzen"
permission_limited_access = "Einfacher Zugriff" permission_limited_access = "Einfacher Zugriff"
permission_basic_access = "aktiviert"
admin_section = "Nutzerverwaltung" admin_section = "Nutzerverwaltung"
themes/fid/languages/fid/en.ini
+ 2
0
View file @ 7a9ca3da
auth_error_bad_credentials = Invalid username or password. auth_error_bad_credentials = Invalid username or password.
auth_error_unknown_reason = Login currently impossible. auth_error_unknown_reason = Login currently impossible.
auth_error_account_blocked = Your account has been disabled due to security reasons. Please contact us at info@adlr.link for more details.
user_init_form_title = "Registration" user_init_form_title = "Registration"
user_create_form_title = "Complete registration" user_create_form_title = "Complete registration"
...@@ -115,5 +116,6 @@ permission_read_user_list = "Read list of all users" ...@@ -115,5 +116,6 @@ permission_read_user_list = "Read list of all users"
permission_edit_user = "Edit other user's data" permission_edit_user = "Edit other user's data"
permission_full_access = "privileged access" permission_full_access = "privileged access"
permission_limited_access = "basic access" permission_limited_access = "basic access"
permission_basic_access = "enabled"
admin_section = "User Administration" admin_section = "User Administration"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment