1 /* Core Sevice - egAuth
3 * Manages login and auth session retrieval.
6 angular.module('egCoreMod')
9 ['$q','$timeout','$rootScope','egNet','egHatch',
10 function($q , $timeout , $rootScope , egNet , egHatch) {
13 // the currently active user (au) object
18 // the currently active auth token string
20 return egHatch.getLocalItem('eg.auth.token');
23 // authtime in seconds
24 authtime : function() {
25 return egHatch.getLocalItem('eg.auth.time');
28 // the currently active workstation name
29 // For ws_ou or wsid(), see egAuth.user().ws_ou(), etc.
30 workstation : function() {
35 /* Returns a promise, which is resolved if valid
36 * authtoken is found, otherwise rejected */
37 service.testAuthToken = function() {
38 var deferred = $q.defer();
39 var token = service.token();
45 'open-ils.auth.session.retrieve', token)
47 .then(function(user) {
48 if (user && user.classname) {
49 // authtoken test succeeded
54 // user previously logged in with a workstation.
55 // Find the workstation name from the list
56 // of configured workstations
57 egHatch.getItem('eg.workstation.all')
61 function(w) {return w.id == user.wsid()})[0];
62 if (ws) service.ws = ws.name;
64 deferred.resolve(); // found WS
67 deferred.resolve(); // no WS
70 // authtoken test failed
71 egHatch.removeLocalItem('eg.auth.token');
77 // no authtoken to test
81 return deferred.promise;
85 * Returns a promise, which is resolved on successful
86 * login and rejected on failed login.
88 service.login = function(args) {
89 var deferred = $q.defer();
92 'open-ils.auth.authenticate.init', args.username).then(
94 args.password = hex_md5(seed + hex_md5(args.password))
97 'open-ils.auth.authenticate.complete', args).then(
99 if (evt.textcode == 'SUCCESS') {
100 service.ws = args.workstation;
102 egHatch.setLocalItem(
103 'eg.auth.token', evt.payload.authtoken);
104 egHatch.setLocalItem(
105 'eg.auth.time', evt.payload.authtime);
108 // note: the likely outcome here is a NO_SESION
109 // server event, which results in broadcasting an
110 // egInvalidAuth by egNet.
111 console.error('login failed ' + js2JSON(evt));
119 return deferred.promise;
123 * Force-check the validity of the authtoken on occasion.
124 * This allows us to redirect an idle staff client back to the login
125 * page after the session times out. Otherwise, the UI would stay
126 * open with potentially sensitive data visible.
127 * TODO: What is the practical difference (for a browser) between
128 * checking auth validity and the ui.general.idle_timeout setting?
129 * Does that setting serve a purpose in a browser environment?
131 service.poll = function() {
132 if (!service.authtime()) return;
136 if (!service.authtime()) return;
139 'open-ils.auth.session.retrieve', service.token())
140 .then(function(user) {
141 if (user && user.classname) { // all good
144 $rootScope.$broadcast('egAuthExpired')
148 // add a 5 second delay to give the token plenty of time
149 // to expire on the server.
150 service.authtime() * 1000 + 5000
154 service.logout = function() {
155 if (service.token()) {
158 'open-ils.auth.session.delete',
159 service.token()); // fire and forget
160 egHatch.removeLocalItem('eg.auth.token');
161 egHatch.removeLocalItem('eg.auth.time');
163 service._user = null;
171 * Service for testing user permissions.
172 * Note: this cannot live within egAuth, because it creates a circular
173 * dependency of egOrg -> egEnv -> egAuth -> egOrg
176 ['$q','egNet','egAuth','egOrg',
177 function($q , egNet , egAuth , egOrg) {
181 * Returns the full list of org unit objects at which the currently
182 * logged in user has the selected permissions.
183 * @permList - list or string. If a list, the response object is a
184 * hash of perm => orgList maps. If a string, the response is the
185 * org list for the requested perm.
187 service.hasPermAt = function(permList, asId) {
188 var deferred = $q.defer();
190 if (!angular.isArray(permList)) {
192 permList = [permList];
194 // as called, this method will return the top-most org unit of the
195 // sub-tree at which this user has the selected permission.
196 // From there, flesh the descendant orgs locally.
199 'open-ils.actor.user.has_work_perm_at.batch',
200 egAuth.token(), permList
201 ).then(function(resp) {
203 angular.forEach(permList, function(perm) {
205 angular.forEach(resp[perm], function(oneOrg) {
206 all = all.concat(egOrg.descendants(oneOrg, asId));
210 if (!isArray) answer = answer[permList[0]];
211 deferred.resolve(answer);
213 return deferred.promise;
218 * Returns a hash of perm => hasPermBool for each requested permission.
219 * If the authenticated user has no workstation, no checks are made
220 * and all permissions return false.
222 service.hasPermHere = function(permList) {
226 if (!angular.isArray(permList)) {
228 permList = [permList];
231 // no workstation, all are false
232 if (egAuth.user().wsid() === null) {
233 console.warn("egPerm.hasPermHere() called with no workstation");
235 response = permList.map(function(perm) {
236 return response[perm] = false;
241 return $q.when(response);
244 ws_ou = Number(egAuth.user().ws_ou()); // from string
246 return service.hasPermAt(permList, true)
247 .then(function(orgMap) {
248 angular.forEach(orgMap, function(orgIds, perm) {
249 // each permission is mapped to a flat list of org unit ids,
250 // including descendants. See if our workstation org unit
252 response[perm] = orgIds.indexOf(ws_ou) > -1;
254 if (!isArray) response = response[permList[0]];