my $e = new_rstore_editor(xact=>1, authtoken=>$auth);
return $e->die_event unless $e->checkauth;
return $e->die_event unless $e->allowed('RUN_REPORTS');
+ return $e->die_event unless ($type ne 'template' || $e->allowed('CREATE_REPORT_TEMPLATE'));
return 0 if $folder->owner ne $e->requestor->id;
my( $self, $conn, $auth, $type ) = @_;
my $e = new_rstore_editor(authtoken=>$auth);
return $e->event unless $e->checkauth;
- return $e->event unless $e->allowed('RUN_REPORTS');
+ if($type eq 'output') {
+ return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
+ } else {
+ return $e->event unless $e->allowed('RUN_REPORTS');
+ }
my $class = 'rrf';
$class = 'rtf' if $type eq 'template';
my( $self, $conn, $auth, $type, $folderid, $limit ) = @_;
my $e = new_rstore_editor(authtoken=>$auth);
return $e->event unless $e->checkauth;
- return $e->event unless $e->allowed('RUN_REPORTS');
+ if($type eq 'output') {
+ return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
+ } else {
+ return $e->event unless $e->allowed('RUN_REPORTS');
+ }
my $meth = "search_reporter_${type}";
my $class = 'rr';
$class = 'rt' if $type eq 'template';
my( $self, $conn, $auth, $folderId, $limit, $complete ) = @_;
my $e = new_rstore_editor(authtoken=>$auth);
return $e->event unless $e->checkauth;
- return $e->event unless $e->allowed('RUN_REPORTS');
+ return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
my $search = { folder => $folderId };
my $query = [
my( $self, $conn, $auth, $sched_id ) = @_;
my $e = new_rstore_editor(authtoken=>$auth);
return $e->event unless $e->checkauth;
- return $e->event unless $e->allowed('RUN_REPORTS');
+ return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
my $s = $e->retrieve_reporter_schedule($sched_id)
or return $e->event;
return $s;
my $e = new_rstore_editor(authtoken=>$auth, xact=>1);
return $e->die_event unless $e->checkauth;
return $e->die_event unless $e->allowed('RUN_REPORTS');
+ return $e->die_event unless $e->allowed('CREATE_REPORT_TEMPLATE');
$template->owner($e->requestor->id);
my $existing = $e->search_reporter_template( {owner=>$template->owner,
my( $self, $conn, $auth, $id ) = @_;
my $e = new_rstore_editor(authtoken=>$auth);
return $e->event unless $e->checkauth;
- return $e->event unless $e->allowed('RUN_REPORTS');
+ return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
my $t = $e->retrieve_reporter_template($id)
or return $e->event;
return $t;
my( $self, $conn, $auth, $id ) = @_;
my $e = new_rstore_editor(authtoken=>$auth);
return $e->event unless $e->checkauth;
- return $e->event unless $e->allowed('RUN_REPORTS');
+ return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
my $r = $e->retrieve_reporter_report($id)
or return $e->event;
return $r;
my $e = new_rstore_editor(authtoken=>$auth, xact=>1);
return $e->die_event unless $e->checkauth;
return $e->die_event unless $e->allowed('RUN_REPORTS');
+ return $e->die_event unless $e->allowed('CREATE_REPORT_TEMPLATE');
my $t = $e->retrieve_reporter_template($tmpl->id)
or return $e->die_event;
return 0 if $t->owner ne $e->requestor->id;
( 514, 'UPDATE_PATRON_ACTIVE_CARD', oils_i18n_gettext( 514,
'Allows a user to manually adjust a patron''s active cards', 'ppl', 'description')),
( 515, 'UPDATE_PATRON_PRIMARY_CARD', oils_i18n_gettext( 515,
- 'Allows a user to manually adjust a patron''s primary card', 'ppl', 'description'));
+ 'Allows a user to manually adjust a patron''s primary card', 'ppl', 'description')),
+ ( 516, 'CREATE_REPORT_TEMPLATE', oils_i18n_gettext( 516,
+ 'Allows a user to create report templates', 'ppl', 'description' ));
SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
'CREATE_COPY_STAT_CAT_ENTRY',
'CREATE_COPY_STAT_CAT_ENTRY_MAP',
'RUN_REPORTS',
+ 'CREATE_REPORT_TEMPLATE',
'SHARE_REPORT_FOLDER',
'UPDATE_COPY_LOCATION',
'UPDATE_COPY_STAT_CAT',
'DELETE_INVOICE_METHOD',
'DELETE_PROVIDER',
'RUN_REPORTS',
+ 'CREATE_REPORT_TEMPLATE',
'SHARE_REPORT_FOLDER',
'UPDATE_ACQ_FUNDING_SOURCE',
'UPDATE_INVOICE_ITEM_TYPE',
oilsRptFolderManager.prototype.fetchFolders = function(auth) {
var obj = this;
- var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'template');
- req.callback( function(r) { obj.drawFolders('template', r.getResultObject()); } );
- req.send();
-
- var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'report');
- req.callback( function(r) { obj.drawFolders('report', r.getResultObject()); } );
- req.send();
+ if(PERMS.RUN_REPORTS != -1) {
+ var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'template');
+ req.callback( function(r) { obj.drawFolders('template', r.getResultObject()); } );
+ req.send();
+
+ var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'report');
+ req.callback( function(r) { obj.drawFolders('report', r.getResultObject()); } );
+ req.send();
+ }
var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'output');
req.callback( function(r) { obj.drawFolders('output', r.getResultObject()); } );
projects / evergreen / masslnc.git / commitdiff