Add permission for creating report templates

Because we would like people to be able to run them, but not create them.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
index 6e9468a..e268281 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
@@ -20,6 +20,7 @@ sub create_folder {
        my $e = new_rstore_editor(xact=>1, authtoken=>$auth);
        return $e->die_event unless $e->checkauth;
        return $e->die_event unless $e->allowed('RUN_REPORTS');
+       return $e->die_event unless ($type ne 'template' || $e->allowed('CREATE_REPORT_TEMPLATE'));
 
        return 0 if $folder->owner ne $e->requestor->id;
 
@@ -168,6 +169,7 @@ sub create_template {
        my $e = new_rstore_editor(authtoken=>$auth, xact=>1);
        return $e->die_event unless $e->checkauth;
        return $e->die_event unless $e->allowed('RUN_REPORTS');
+       return $e->die_event unless $e->allowed('CREATE_REPORT_TEMPLATE');
        $template->owner($e->requestor->id);
 
        my $existing = $e->search_reporter_template( {owner=>$template->owner,
@@ -258,6 +260,7 @@ sub update_template {
        my $e = new_rstore_editor(authtoken=>$auth, xact=>1);
        return $e->die_event unless $e->checkauth;
        return $e->die_event unless $e->allowed('RUN_REPORTS');
+       return $e->die_event unless $e->allowed('CREATE_REPORT_TEMPLATE');
        my $t = $e->retrieve_reporter_template($tmpl->id)
                or return $e->die_event;
        return 0 if $t->owner ne $e->requestor->id;

diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index 628856f..b2cbfb2 100644 (file)
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1447,6 +1447,9 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES
     'Allows a user to manually adjust a patron''s active cards', 'ppl', 'description')),
  ( 515, 'UPDATE_PATRON_PRIMARY_CARD', oils_i18n_gettext( 515,
     'Allows a user to manually adjust a patron''s primary card', 'ppl', 'description'));
+    'Allows a user to use debug functions in the staff client', 'ppl', 'description' ));
+ ( 516, 'CREATE_REPORT_TEMPLATE', oils_i18n_gettext( 516,
+    'Allows a user to create report templates', 'ppl', 'description' ));
 
 SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
 
@@ -1795,6 +1798,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'CREATE_COPY_STAT_CAT_ENTRY',
                        'CREATE_COPY_STAT_CAT_ENTRY_MAP',
                        'RUN_REPORTS',
+            'CREATE_REPORT_TEMPLATE',
                        'SHARE_REPORT_FOLDER',
                        'UPDATE_COPY_LOCATION',
                        'UPDATE_COPY_STAT_CAT',
@@ -2195,6 +2199,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'DELETE_INVOICE_METHOD',
                        'DELETE_PROVIDER',
                        'RUN_REPORTS',
+            'CREATE_REPORT_TEMPLATE',
                        'SHARE_REPORT_FOLDER',
                        'UPDATE_ACQ_FUNDING_SOURCE',
                        'UPDATE_INVOICE_ITEM_TYPE',