[open-ils-commits] [GIT] Evergreen ILS branch rel_3_1 updated. 7ba28101b1f7fa40027becc39699915345d31a02

Evergreen Git git at git.evergreen-ils.org
Fri May 25 14:04:14 EDT 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_3_1 has been updated
       via  7ba28101b1f7fa40027becc39699915345d31a02 (commit)
      from  04de0dd34479ea36bcd18b5da67171e648346ccb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7ba28101b1f7fa40027becc39699915345d31a02
Author: Bill Erickson <berickxx at gmail.com>
Date:   Tue Oct 17 12:40:11 2017 -0400

    LP#1693035 Login timeout honors workstation org
    
    Use the org unit linked to the provided workstation to collect the
    login timeout org unit setting value during login.  Previously, all
    checks defaulted to the global org unit.
    
    This patch solidifies the precedence order for OUS lookups during login
    like so:
    
    1. Workstation org unit.
    2. API org unit value.
    3. Users' home org unit.
    
    Signed-off-by: Bill Erickson <berickxx at gmail.com>
    Signed-off-by: Michele Morgan <mmorgan at noblenet.org>
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>

diff --git a/Open-ILS/src/c-apps/oils_auth_internal.c b/Open-ILS/src/c-apps/oils_auth_internal.c
index 96ad193..d0c46f8 100644
--- a/Open-ILS/src/c-apps/oils_auth_internal.c
+++ b/Open-ILS/src/c-apps/oils_auth_internal.c
@@ -287,10 +287,6 @@ int oilsAuthInternalCreateSession(osrfMethodContext* ctx) {
             "Missing parameters for method: %s", ctx->method->name );
     }
 
-    // default to the root org unit if none is provided.
-    if (org_unit < 1) 
-        org_unit = oilsUtilsGetRootOrgId();
-
     oilsEvent* response = NULL;
 
     // fetch the user object
@@ -307,18 +303,32 @@ int oilsAuthInternalCreateSession(osrfMethodContext* ctx) {
     // If a workstation is defined, add the workstation info
     if (workstation) {
         response = oilsAuthVerifyWorkstation(ctx, userObj, workstation);
-        if (response) {
+
+        if (response) { // invalid workstation.
             jsonObjectFree(userObj);
             osrfAppRespondComplete(ctx, oilsEventToJSON(response));
             oilsEventFree(response);
             return 0;
+
+        } else { // workstation OK.  
+
+            // The worksation org unit supersedes any org unit value 
+            // provided via the API.  oilsAuthVerifyWorkstation() sets the 
+            // ws_ou value to the WS owning lib.  A value is guaranteed.
+            org_unit = atoi(oilsFMGetStringConst(userObj, "ws_ou"));
         }
 
-    } else {
-        // Otherwise, use the home org as the workstation org on the user
-        char* orgid = oilsFMGetString(userObj, "home_ou");
+    } else { // no workstation
+
+        // For backwards compatibility, when no workstation is provided, use 
+        // the users's home org as its workstation org unit, regardless of 
+        // any API-level org unit value provided.
+        const char* orgid = oilsFMGetStringConst(userObj, "home_ou");
         oilsFMSetString(userObj, "ws_ou", orgid);
-        free(orgid);
+
+        // The context org unit defaults to the user's home library when
+        // no workstation is used and no API-level value is provided.
+        if (org_unit < 1) org_unit = atoi(orgid);
     }
 
     // determine the auth/cache timeout
@@ -380,10 +390,6 @@ int oilsAuthInternalValidate(osrfMethodContext* ctx) {
             "Missing parameters for method: %s", ctx->method->name );
     }
 
-    // default to the root org unit if none is provided.
-    if (org_unit < 1) 
-        org_unit = oilsUtilsGetRootOrgId();
-
     oilsEvent* response = NULL;
     jsonObject *userObj = NULL, *params = NULL;
     char* tmp_str = NULL;
@@ -446,6 +452,10 @@ int oilsAuthInternalValidate(osrfMethodContext* ctx) {
         }
     }
 
+    // XXX: login permission checks are always global (see 
+    // oilsAuthCheckLoginPerm()).  No need to extract the 
+    // workstation org unit here.
+
     if (!response) { // Still OK
         // Confirm user has permission to login w/ the requested type.
         response = oilsAuthCheckLoginPerm(

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/src/c-apps/oils_auth_internal.c |   36 +++++++++++++++++++----------
 1 files changed, 23 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list