Allow VIEW_REPORT_OUTPUT in reporter interface

Specifically, so that you can see the contents of shared output folders.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
index e268281..44590f0 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
@@ -64,7 +64,11 @@ sub retrieve_visible_folders {
        my( $self, $conn, $auth, $type ) = @_;
        my $e = new_rstore_editor(authtoken=>$auth);
        return $e->event unless $e->checkauth;
-       return $e->event unless $e->allowed('RUN_REPORTS');
+       if($type eq 'output') {
+               return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
+       } else {
+               return $e->event unless $e->allowed('RUN_REPORTS');
+       }
 
        my $class = 'rrf';
        $class = 'rtf' if $type eq 'template';
@@ -108,7 +112,11 @@ sub retrieve_folder_data {
        my( $self, $conn, $auth, $type, $folderid, $limit ) = @_;
        my $e = new_rstore_editor(authtoken=>$auth);
        return $e->event unless $e->checkauth;
-       return $e->event unless $e->allowed('RUN_REPORTS');
+       if($type eq 'output') {
+               return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
+       } else {
+               return $e->event unless $e->allowed('RUN_REPORTS');
+       }
        my $meth = "search_reporter_${type}";
        my $class = 'rr';
        $class = 'rt' if $type eq 'template';
@@ -128,7 +136,7 @@ sub retrieve_schedules {
        my( $self, $conn, $auth, $folderId, $limit, $complete ) = @_;
        my $e = new_rstore_editor(authtoken=>$auth);
        return $e->event unless $e->checkauth;
-       return $e->event unless $e->allowed('RUN_REPORTS');
+       return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
 
        my $search = { folder => $folderId };
        my $query = [
@@ -154,7 +162,7 @@ sub retrieve_schedule {
        my( $self, $conn, $auth, $sched_id ) = @_;
        my $e = new_rstore_editor(authtoken=>$auth);
        return $e->event unless $e->checkauth;
-       return $e->event unless $e->allowed('RUN_REPORTS');
+       return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
        my $s = $e->retrieve_reporter_schedule($sched_id)
                or return $e->event;
        return $s;
@@ -231,7 +239,7 @@ sub retrieve_template {
        my( $self, $conn, $auth, $id ) = @_;
        my $e = new_rstore_editor(authtoken=>$auth);
        return $e->event unless $e->checkauth;
-       return $e->event unless $e->allowed('RUN_REPORTS');
+       return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
        my $t = $e->retrieve_reporter_template($id)
                or return $e->event;
        return $t;
@@ -245,7 +253,7 @@ sub retrieve_report {
        my( $self, $conn, $auth, $id ) = @_;
        my $e = new_rstore_editor(authtoken=>$auth);
        return $e->event unless $e->checkauth;
-       return $e->event unless $e->allowed('RUN_REPORTS');
+       return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
        my $r = $e->retrieve_reporter_report($id)
                or return $e->event;
        return $r;

diff --git a/Open-ILS/web/reports/oils_rpt.js b/Open-ILS/web/reports/oils_rpt.js
index 835e06e..ef6e7e2 100644 (file)
--- a/Open-ILS/web/reports/oils_rpt.js
+++ b/Open-ILS/web/reports/oils_rpt.js
@@ -1,4 +1,4 @@
-var perms = [ 'RUN_REPORTS', 'SHARE_REPORT_FOLDER' ];
+var perms = [ 'RUN_REPORTS', 'SHARE_REPORT_FOLDER', 'VIEW_REPORT_OUTPUT' ];
 
 function oilsInitReports() {
        oilsRptIdObjects();
@@ -16,7 +16,7 @@ function oilsInitReports() {
        if( cgi.param('dbg') ) oilsRptDebugEnabled = true;
 
        fetchHighestPermOrgs(SESSION, USER.id(), perms);
-       if( PERMS.RUN_REPORTS == -1 ) {
+       if( PERMS.RUN_REPORTS == -1 && PERMS.VIEW_REPORT_OUTPUT == -1 ) {
                unHideMe(DOM.oils_rpt_permission_denied);
                hideMe(DOM.oils_rpt_tree_loading);
                return false;

diff --git a/Open-ILS/web/reports/oils_rpt_folders.js b/Open-ILS/web/reports/oils_rpt_folders.js
index 4b9346b..40c6465 100644 (file)
--- a/Open-ILS/web/reports/oils_rpt_folders.js
+++ b/Open-ILS/web/reports/oils_rpt_folders.js
@@ -169,13 +169,15 @@ oilsRptFolderManager.prototype.createTopFolder = function(type, orgsel) {
 
 oilsRptFolderManager.prototype.fetchFolders = function(auth) {
        var obj = this;
-       var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'template');
-       req.callback( function(r) { obj.drawFolders('template', r.getResultObject()); } );
-       req.send();
-
-       var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'report');
-       req.callback( function(r) { obj.drawFolders('report', r.getResultObject()); } );
-       req.send();
+       if(PERMS.RUN_REPORTS != -1) {
+               var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'template');
+               req.callback( function(r) { obj.drawFolders('template', r.getResultObject()); } );
+               req.send();
+
+               var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'report');
+               req.callback( function(r) { obj.drawFolders('report', r.getResultObject()); } );
+               req.send();
+       }
 
        var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'output');
        req.callback( function(r) { obj.drawFolders('output', r.getResultObject()); } );