Re-enable use of BAR_PATRON and UNBAR_PATRON perms

If you aren't allowed to bar/unbar at the patron's home library then:

1 - Disable the checkbox as appropriate
2 - Disallow on the backend too

The frontend only checks on page load. The backend checks the old patron on
update and the new patron on create.

This does not stop "change home library to me, bar/unbar, change back" if
otherwise able to change the patron's home library.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Bill Erickson <berick@esilibrary.com>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
index 42ff3bf..60118d3 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
@@ -376,6 +376,10 @@ sub update_patron {
        if($patron->isnew()) {
                ( $new_patron, $evt ) = _add_patron($session, _clone_patron($patron), $user_obj);
                return $evt if $evt;
+               if($U->is_true($patron->barred)) {
+                       $evt = $U->check_perms($user_obj->id, $patron->home_ou, 'BAR_PATRON');
+                       return $evt if $evt;
+               }
        } else {
         $new_patron = $patron;
 
@@ -384,6 +388,10 @@ sub update_patron {
         $old_patron = $e->retrieve_actor_user($patron->id) or
             return $e->die_event;
         $e->disconnect;
+        if($U->is_true($old_patron->barred) != $U->is_true($new_patron->barred)) {
+            $evt = $U->check_perms($user_obj->id, $patron->home_ou, $U->is_true($old_patron->barred) ? 'UNBAR_PATRON' : 'BAR_PATRON');
+            return $evt if $evt;
+        }
     }
 
        ( $new_patron, $evt ) = _add_update_addresses($session, $patron, $new_patron, $user_obj);

diff --git a/Open-ILS/web/js/ui/default/actor/user/register.js b/Open-ILS/web/js/ui/default/actor/user/register.js
index eb84ec4..0f23877 100644 (file)
--- a/Open-ILS/web/js/ui/default/actor/user/register.js
+++ b/Open-ILS/web/js/ui/default/actor/user/register.js
@@ -850,7 +850,27 @@ function fleshFMRow(row, fmcls, args) {
 
     var fmObject = null;
     switch(fmcls) {
-        case 'au' : fmObject = patron; break;
+        case 'au' :
+            fmObject = patron;
+            if(fmfield == 'barred') {
+                // Are we allowed to touch the barred state?
+                var permission = 'BAR_PATRON';
+                if(fmObject.barred() == 't') {
+                    permission = 'UNBAR_PATRON';
+                }
+                var ou = staff.ws_ou();
+                if(fmObject.home_ou() != null) {
+                    ou = fmObject.home_ou();
+                }
+                var resp = fieldmapper.standardRequest(
+                    ['open-ils.actor', 'open-ils.actor.user.perm.check'],
+                    { params : [openils.User.authtoken, staff.id(), ou, [permission] ] }
+                );
+                if(resp[0]) { // No permission to adjust barred state from current
+                    disabled = true;
+                }
+            }
+            break;
         case 'ac' : if(!editCard) editCard = patron.card(); fmObject = editCard; break;
         case 'aua' : 
             fmObject = patron.addresses().filter(