projects / working / Evergreen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 69154c2)
LP#1979345: restrict access to holds pull list user/jeffdavis/lp1979345-scope-ang-pull-list-2
authorJeff Davis <jdavis@sitka.bclibraries.ca>
Wed, 6 Jul 2022 23:04:20 +0000 (16:04 -0700)
committerJeff Davis <jdavis@sitka.bclibraries.ca>
Wed, 12 Oct 2022 00:03:18 +0000 (17:03 -0700)
This commit adds a new VIEW_HOLD_PULL_LIST permission.  In order to view
a library's holds pull list, you need to have the new permission at that
library.

Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html patch | blob | history
Open-ILS/src/sql/Pg/950.data.seed-values.sql patch | blob | history
Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.hold_pull_list.sql [new file with mode: 0644] patch | blob
docs/RELEASE_NOTES_NEXT/Circulation/view_hold_pull_list.adoc [new file with mode: 0644] patch | blob

diff --git a/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html b/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html
index b25a446..cf31838 100644 (file)
--- a/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html
+++ b/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html
@@ -55,7 +55,7 @@
           <div class="input-group-prepend">
             <div class="input-group-text" i18n>View Pull List For:</div>
           </div>
-          <eg-org-select [initialOrgId]="pullListOrg"
+          <eg-org-select [initialOrgId]="pullListOrg" [limitPerms]="['VIEW_HOLD_PULL_LIST']"
             (onChange)="pullListOrgChanged($event)">
           </eg-org-select>
         </div>
diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index e662764..f7631b5 100644 (file)
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1972,7 +1972,9 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES
  ( 638, 'RUN_SIMPLE_REPORTS', oils_i18n_gettext(638,
     'Build and run simple reports', 'ppl', 'description')),
  ( 639, 'ADMIN_OPENATHENS', oils_i18n_gettext(639,
-    'Allow a user to administer OpenAthens authentication service', 'ppl', 'description'))
+    'Allow a user to administer OpenAthens authentication service', 'ppl', 'description')),
+ ( 640, 'VIEW_HOLD_PULL_LIST', oils_i18n_gettext(640,
+    'View hold pull list', 'ppl', 'description'))
 ;
 
 SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
@@ -2070,6 +2072,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'VIEW_CIRCULATIONS',
                        'VIEW_COPY_NOTES',
                        'VIEW_HOLD',
+                       'VIEW_HOLD_PULL_LIST',
                        'VIEW_ORG_SETTINGS',
                        'VIEW_TITLE_NOTES',
                        'VIEW_TRANSACTION',
@@ -2136,6 +2139,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'VIEW_HOLD',
                        'VIEW_HOLD_NOTIFICATION',
                        'VIEW_HOLD_PERMIT',
+                       'VIEW_HOLD_PULL_LIST',
                        'VIEW_PERM_GROUPS',
                        'VIEW_PERMISSION',
                        'VIEW_TITLE_NOTES',
@@ -2868,6 +2872,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'VIEW_CIRCS',
                        'VIEW_COPY_CHECKOUT',
                        'VIEW_HOLD',
+                       'VIEW_HOLD_PULL_LIST',
                        'VIEW_TITLE_HOLDS',
                        'VIEW_TRANSACTION',
                        'VIEW_USER',
diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.hold_pull_list.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.hold_pull_list.sql
new file mode 100644 (file)
index 0000000..e55e033
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.hold_pull_list.sql
@@ -0,0 +1,21 @@
+BEGIN;
+
+SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+INSERT INTO permission.perm_list (id, code, description) VALUES
+ ( 640, 'VIEW_HOLD_PULL_LIST', oils_i18n_gettext(640,
+    'View hold pull list', 'ppl', 'description'));
+
+-- by default, assign VIEW_HOLD_PULL_LIST to everyone who has VIEW_HOLDS
+INSERT INTO permission.grp_perm_map (perm, grp, depth, grantable)
+    SELECT 640, grp, depth, grantable
+    FROM permission.grp_perm_map
+    WHERE perm = 9;
+
+INSERT INTO permission.usr_perm_map (perm, usr, depth, grantable)
+    SELECT 640, usr, depth, grantable
+    FROM permission.usr_perm_map
+    WHERE perm = 9;
+
+COMMIT;
+
diff --git a/docs/RELEASE_NOTES_NEXT/Circulation/view_hold_pull_list.adoc b/docs/RELEASE_NOTES_NEXT/Circulation/view_hold_pull_list.adoc
new file mode 100644 (file)
index 0000000..c783f64
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/Circulation/view_hold_pull_list.adoc
@@ -0,0 +1,6 @@
+== New Permission for Viewing Holds Pull List ==
+
+Access to the holds pull list is now restricted to users with the
+VIEW_HOLD_PULL_LIST permission.  By default, this new permission is granted to
+all users with the VIEW_HOLDS permission.
+
Evergreen ILS