protecting other users items from delete calls directly in the UI (to prevent confusion)

git-svn-id: svn://svn.open-ils.org/ILS/trunk@6372 dcc99617-32d9-48b4-a31d-7c20da2025e4

diff --git a/Open-ILS/web/reports/oils_rpt_folder_window.js b/Open-ILS/web/reports/oils_rpt_folder_window.js
index 0467337..2a56a6d 100644 (file)
--- a/Open-ILS/web/reports/oils_rpt_folder_window.js
+++ b/Open-ILS/web/reports/oils_rpt_folder_window.js
@@ -207,6 +207,10 @@ oilsRptFolderWindow.prototype.doFolderAction = function() {
                        this.showOutput(objs[0]);
                        break;
                case 'delete_output':
+                       for( var i = 0; i < objs.length; i++ ) {
+                               if( objs[i].runner()  != USER.id() )
+                                       return alertId('oils_rpt_folder_contents_no_delete');
+                       }
                        this.deleteOutputs(objs,0, 
                                function(){
                                        oilsRptAlertSuccess();
@@ -238,6 +242,8 @@ oilsRptFolderWindow.prototype.showOutput = function(sched) {
 
 
 oilsRptFolderWindow.prototype.deleteReport = function(report) {
+       if( report.owner() != USER.id() )
+               return alertId('oils_rpt_folder_contents_no_delete');
        if(!confirmId('oils_rpt_folder_contents_confirm_report_delete')) return;
        var req = new Request(OILS_RPT_DELETE_REPORT, SESSION, report.id());
        req.callback(
@@ -253,6 +259,8 @@ oilsRptFolderWindow.prototype.deleteReport = function(report) {
 }
 
 oilsRptFolderWindow.prototype.deleteTemplate = function(tmpl) {
+       if( tmpl.owner() != USER.id() )
+               return alertId('oils_rpt_folder_contents_no_delete');
        var req0 = new Request( OILS_RPT_TEMPLATE_HAS_RPTS, SESSION, tmpl.id() );
        req0.callback(
                function(r0) {

diff --git a/Open-ILS/web/reports/oils_rpt_folder_window.xhtml b/Open-ILS/web/reports/oils_rpt_folder_window.xhtml
index 1f44dac..9ec7c19 100644 (file)
--- a/Open-ILS/web/reports/oils_rpt_folder_window.xhtml
+++ b/Open-ILS/web/reports/oils_rpt_folder_window.xhtml
@@ -59,5 +59,9 @@
                that depend on it.
        </span>
 
+       <span class='hide_me' id='oils_rpt_folder_contents_no_delete'>
+               You may not delete another user's items
+       </span>
+
 </div>
 

diff --git a/Open-ILS/web/reports/oils_rpt_folders.js b/Open-ILS/web/reports/oils_rpt_folders.js
index 998e5bb..fadbfce 100644 (file)
--- a/Open-ILS/web/reports/oils_rpt_folders.js
+++ b/Open-ILS/web/reports/oils_rpt_folders.js
@@ -321,7 +321,7 @@ function oilsRptBuildFolder(type, node, treeVar, rootName, action, shared) {
                var pid = this.treeId;
                var f = cache[c].folder;
 
-               if( !shared && f.owner() != USER.id() ) continue;
+               if( !shared && (f.owner().id() != USER.id()) ) continue;
 
                if(f.parent()) {
                        /* find the parent's tree id so we can latch on to it */