projects / Evergreen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fba8af)
ported object-specific perm checks from acq-experiment branch to trunk, since it...
authorerickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Tue, 11 Mar 2008 15:15:25 +0000 (15:15 +0000)
committererickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Tue, 11 Mar 2008 15:15:25 +0000 (15:15 +0000)
git-svn-id: svn://svn.open-ils.org/ILS/trunk@8964 dcc99617-32d9-48b4-a31d-7c20da2025e4

Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm patch | blob | history

diff --git a/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm b/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm
index 8c7b338..a271967 100644 (file)
--- a/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm
@@ -392,8 +392,21 @@ my $PERM_QUERY = {
     where => {},
 };
 
+my $OBJECT_PERM_QUERY = {
+    select => {
+        au => [ {
+            transform => 'permission.usr_has_object_perm',
+            alias => 'has_perm',
+            column => 'id',
+            params => []
+        } ]
+    },
+    from => 'au',
+    where => {},
+};
+
 sub allowed {
-       my( $self, $perm, $org ) = @_;
+       my( $self, $perm, $org, $object ) = @_;
        my $uid = $self->requestor->id;
        $org ||= $self->requestor->ws_ou;
 
@@ -402,11 +415,19 @@ sub allowed {
     for $perm (@$perms) {
            $self->log(I, "checking perms user=$uid, org=$org, perm=$perm");
     
-        # fill in the search hash
-        $PERM_QUERY->{select}->{au}->[0]->{params} = [$perm, $org];
-        $PERM_QUERY->{where}->{id} = $uid;
-    
-        return 1 if $U->is_true($self->json_query($PERM_QUERY)->[0]->{has_perm});
+        if($object) {
+            my $id_field = $object->Identity;
+            my $params = [$perm, $object->json_hint, $object->$id_field];
+            push(@$params, $org) if $org;
+            $OBJECT_PERM_QUERY->{select}->{au}->[0]->{params} = $params;
+            $OBJECT_PERM_QUERY->{where}->{id} = $uid;
+            return 1 if $U->is_true($self->json_query($OBJECT_PERM_QUERY)->[0]->{has_perm});
+
+        } else {
+            $PERM_QUERY->{select}->{au}->[0]->{params} = [$perm, $org];
+            $PERM_QUERY->{where}->{id} = $uid;
+            return 1 if $U->is_true($self->json_query($PERM_QUERY)->[0]->{has_perm});
+        }
     }
 
     # set the perm failure event if the permission check returned false
@@ -417,6 +438,39 @@ sub allowed {
 
 
 # -----------------------------------------------------------------------------
+# Returns the list of object IDs this user has object-specific permissions for
+# -----------------------------------------------------------------------------
+sub objects_allowed {
+    my($self, $perm, $obj_type) = @_;
+
+    my $perms = (ref($perm) eq 'ARRAY') ? $perm : [$perm];
+    my @ids;
+
+    for $perm (@$perms) {
+        my $query = {
+            select => {puopm => ['object_id']},
+            from => {
+                puopm => {
+                    ppl => {field => 'id',fkey => 'perm'}
+                }
+            },
+            where => {
+                '+puopm' => {usr => $self->requestor->id, object_type => $obj_type},
+                '+ppl' => {code => $perm}
+            }
+        };
+    
+        my $list = $self->json_query($query);
+        push(@ids, 0+$_->{object_id}) for @$list;
+    }
+
+   my %trim;
+   $trim{$_} = 1 for @ids;
+   return [ keys %trim ];
+}
+
+
+# -----------------------------------------------------------------------------
 # checks the appropriate perm for the operation
 # -----------------------------------------------------------------------------
 sub _checkperm {
Evergreen ILS