unless $limit_perm =~ /(ADMIN|MANAGE|VIEW)_FUNDING_SOURCE/;
my $org_ids = ($org_id_list and @$org_id_list) ? $org_id_list :
- $U->find_highest_work_orgs($e, $limit_perm, {descendants =>1});
+ $U->user_has_work_perm_at($e, $limit_perm, {descendants =>1});
return [] unless @$org_ids;
my $sources = $e->search_acq_funding_source({owner => $org_ids});
unless $limit_perm =~ /(ADMIN|MANAGE|VIEW)_FUND/;
my $org_ids = ($org_id_list and @$org_id_list) ? $org_id_list :
- $U->find_highest_work_orgs($e, $limit_perm, {descendants =>1});
+ $U->user_has_work_perm_at($e, $limit_perm, {descendants =>1});
return undef unless @$org_ids;
my $funds = $e->search_acq_fund({org => $org_ids});
$options ||= {};
# grab purchase orders I have
- my $perm_orgs = $U->find_highest_work_orgs($e, 'MANAGE_PROVIDER', {descendants =>1});
+ my $perm_orgs = $U->user_has_work_perm_at($e, 'MANAGE_PROVIDER', {descendants =>1});
return OpenILS::Event->new('PERM_FAILURE', ilsperm => 'MANAGE_PROVIDER')
unless @$perm_orgs;
my $provider_ids = $e->search_acq_provider({owner => $perm_orgs}, {idlist=>1});
{owner=>$e->requestor->id, name=>{'!='=>''}}, {idlist=>1});
my $picklist_ids = $e->objects_allowed('VIEW_PICKLIST', 'acqpl');
- my $p_orgs = $U->find_highest_work_orgs($e, 'VIEW_PICKLIST', {descendants =>1});
+ my $p_orgs = $U->user_has_work_perm_at($e, 'VIEW_PICKLIST', {descendants =>1});
my $picklist_ids_2 = $e->search_acq_picklist(
{name=>{'!='=>''}, org_unit => $p_orgs}, {idlist=>1});
unless $limit_perm =~ /(ADMIN|MANAGE|VIEW)_PROVIDER/;
my $org_ids = ($org_id_list and @$org_id_list) ? $org_id_list :
- $U->find_highest_work_orgs($e, $limit_perm, {descendants =>1});
+ $U->user_has_work_perm_at($e, $limit_perm, {descendants =>1});
return [] unless @$org_ids;
$conn->respond($_) for @{$e->search_acq_provider({owner => $org_ids})};
return $U->find_highest_perm_org($perm, $user_id, $e->requestor->ws_ou, $tree);
}
-
__PACKAGE__->register_method(
- method => 'check_user_work_perms',
- api_name => 'open-ils.actor.user.work_perm.highest_org_set',
+ method => 'user_has_work_perm_at',
+ api_name => 'open-ils.actor.user.has_work_perm_at',
authoritative => 1,
signature => {
desc => q/
- Returns a set of org units which represent the highest orgs in
+ Returns a set of org unit IDs which represent the highest orgs in
the org tree where the user has the requested permission. The
purpose of this method is to return the smallest set of org units
which represent the full expanse of the user's ability to perform
params => [
{desc => 'authtoken', type => 'string'},
{desc => 'permission name', type => 'string'},
- {desc => 'options hash, including "descendants", which will include all child orgs of the found perm orgs', type => 'hash'}
],
return => {desc => 'An array of org IDs'}
}
);
-__PACKAGE__->register_method(
- method => 'check_user_work_perms',
- api_name => 'open-ils.actor.user.work_perm.org_tree_list',
- authoritative => 1,
- signature => q/
- @see open-ils.actor.user.work_perm.highest_org_set
- Returns a list of org trees. The root of each tree
- is the highest org in the organization hierarchy where the user has the
- requested permission. Below each tree root is its full tree of descendants.
- /
-);
-
-__PACKAGE__->register_method(
- method => 'check_user_work_perms',
- api_name => 'open-ils.actor.user.work_perm.org_unit_list',
- authoritative => 1,
- signature => q/
- @see open-ils.actor.user.work_perm.highest_org_set
- Returns a list of list of all of the org_units where the user
- has the requested permission. The first item in each list
- is the highest permission org for that section of the
- org tree. The remaining items in each sub-list are the
- descendants of that org.
-
- /
-);
+sub user_has_work_perm_at {
+ my($self, $conn, $auth, $perm) = @_;
+ my $e = new_editor(authtoken=>$auth);
+ return $e->event unless $e->checkauth;
+ return $U->user_has_work_perm_at($e, $perm);
+}
__PACKAGE__->register_method(
- method => 'check_user_work_perms',
- api_name => 'open-ils.actor.user.work_perm.org_id_list',
+ method => 'user_has_work_perm_at_batch',
+ api_name => 'open-ils.actor.user.has_work_perm_at.batch',
authoritative => 1,
- signature => q/
- @see open-ils.actor.user.work_perm.highest_org_set
- Returns a list of lists of all of the org_unit IDs where the user
- has the requested permission. The first item in each list
- is the highest permission org for that section of the
- org tree. The remaining items in each sub-list are the
- descendants of that org.
- /
);
-__PACKAGE__->register_method(
- method => 'check_user_work_perms_batch',
- api_name => 'open-ils.actor.user.work_perm.highest_org_set.batch',
- authoritative => 1,
-);
-__PACKAGE__->register_method(
- method => 'check_user_work_perms_batch',
- api_name => 'open-ils.actor.user.work_perm.org_tree_list.batch',
- authoritative => 1,
-);
-__PACKAGE__->register_method(
- method => 'check_user_work_perms_batch',
- api_name => 'open-ils.actor.user.work_perm.org_unit_list.batch',
- authoritative => 1,
-);
-__PACKAGE__->register_method(
- method => 'check_user_work_perms_batch',
- api_name => 'open-ils.actor.user.work_perm.org_id_list.batch',
- authoritative => 1,
-);
-
-
-sub check_user_work_perms {
- my($self, $conn, $auth, $perm, $options) = @_;
- my $e = new_editor(authtoken=>$auth);
- return $e->event unless $e->checkauth;
- return check_user_work_perms_impl($self, $conn, $e, $perm, $options);
-}
-
-sub check_user_work_perms_batch {
- my($self, $conn, $auth, $perm_list, $options) = @_;
+sub user_has_work_perm_at_batch {
+ my($self, $conn, $auth, $perms) = @_;
my $e = new_editor(authtoken=>$auth);
return $e->event unless $e->checkauth;
my $map = {};
- $map->{$_} = check_user_work_perms_impl($self, $conn, $e, $_, $options) for @$perm_list;
+ $map->{$_} = $U->user_has_work_perm_at($e, $_) for @$perms;
return $map;
}
-sub check_user_work_perms_impl {
- my($self, $conn, $e, $perm, $options) = @_;
- my $orglist = $U->find_highest_work_orgs($e, $perm, $options);
-
- return $orglist if $self->api_name =~ /highest_org_set/;
-
- # build a list of org trees
- return get_org_descendants($self, $conn, $orglist)
- if $self->api_name =~ /org_tree_list/;
-
- my @list;
- for my $orgid (@$orglist) {
- my @sublist = grep {$_ ne $orgid} @{$U->get_org_descendants($orgid)};
- unshift @sublist, $orgid; # make sure it's at the front of the list
- if($self->api_name =~ /org_id_list/) {
- push(@list, @sublist);
- } else {
- push(@list, @{$e->batch_retrieve_actor_org_unit(\@sublist)});
- }
- }
-
- return \@list;
-}
__PACKAGE__->register_method(
}
-sub find_highest_work_orgs {
+# returns the org_unit ID's
+sub user_has_work_perm_at {
my($self, $e, $perm, $options) = @_;
- my $work_orgs = $self->get_user_work_ou_ids($e, $e->requestor->id);
- $logger->debug("found work orgs @$work_orgs");
- $options ||= {};
+ $options ||= {};
- my @allowed_orgs;
- my $org_tree = $self->get_org_tree();
- my $org_types = $self->get_org_types();
+ my $func = 'permission.usr_has_perm_at';
+ $func = $func.'_all' if $$options{descendents};
- # use the first work org to determine the highest depth at which
- # the user has the requested permission
- my $first_org = shift @$work_orgs;
- my $high_org_id = $self->find_highest_perm_org($perm, $e->requestor->id, $first_org, $org_tree);
- $logger->debug("found highest work org $high_org_id");
+ my $orgs = $e->json_query({from => [$func, $e->requestor->id, $perm]});
+ $orgs = [map { $_->{'permission.usr_has_perm_at'} } @$orgs];
-
- return [] if $high_org_id == -1; # not allowed anywhere
-
- my $high_org = $self->find_org($org_tree, $high_org_id);
- my ($high_org_type) = grep { $_->id == $high_org->ou_type } @$org_types;
- my $org_depth = $high_org_type->depth;
-
- if($$options{descendants}) {
- push(@allowed_orgs, @{$self->get_org_descendants($high_org_id, $org_depth)});
- } else {
- push(@allowed_orgs, $high_org_id);
- }
+ return $orgs unless $$options{objects};
- return \@allowed_orgs if $org_depth == 0;
-
- for my $org (@$work_orgs) {
-
- $logger->debug("work org looking at $org");
- my $org_list = $self->get_org_full_path($org, $org_depth);
-
- my $found = 0;
- for my $sub_org (@$org_list) {
- if(not $found) {
- $logger->debug("work org looking at sub-org $sub_org");
- my $org_unit = $self->find_org($org_tree, $sub_org);
- my ($ou_type) = grep { $_->id == $org_unit->ou_type } @$org_types;
- if($ou_type->depth >= $org_depth) {
- push(@allowed_orgs, $sub_org);
- $found = 1;
- }
- } else {
- last unless $$options{descendants};
- push(@allowed_orgs, $sub_org);
- }
- }
- }
-
- my %de_dupe;
- $de_dupe{$_} = 1 for @allowed_orgs;
- return [keys %de_dupe];
+ return $e->search_actor_org_unit({id => $orgs});
}
-
sub get_user_work_ou_ids {
my($self, $e, $userid) = @_;
my $work_orgs = $e->json_query({
};
fieldmapper.standardRequest(
- ['open-ils.actor', 'open-ils.actor.user.work_perm.highest_org_set.batch'],
+ ['open-ils.actor', 'open-ils.actor.user.user_has_work_perm_at.batch'],
{ async: true,
params: [this.authtoken, permList],
oncomplete: oncomplete
/**
- * Builds a dijit.Tree using the orgs where the user has the requested permission
- * @param perm The permission to check
- * @param domId The DOM node where the tree widget should live
- * @param onClick If defined, this will be connected to the tree widget for
- * onClick events
- */
- buildPermOrgTreePicker : function(perm, domId, onClick) {
-
- dojo.require('dojo.data.ItemFileReadStore');
- dojo.require('dijit.Tree');
- function buildTreePicker(r) {
- var orgList = r.recv().content();
- var store = new dojo.data.ItemFileReadStore({data:aou.toStoreData(orgList)});
- var model = new dijit.tree.ForestStoreModel({
- store: store,
- query: {_top:'true'},
- childrenAttrs: ["children"],
- rootLabel : "Location" /* XXX i18n */
- });
-
- var tree = new dijit.Tree({model : model}, dojo.byId(domId));
- if(onClick)
- dojo.connect(tree, 'onClick', onClick);
- tree.startup()
- }
-
- fieldmapper.standardRequest(
- ['open-ils.actor', 'open-ils.actor.user.work_perm.org_unit_list'],
- { params: [this.authtoken, perm],
- oncomplete: buildTreePicker,
- async: true
- }
- )
- },
-
- /**
* Sets the store for an existing openils.widget.OrgUnitFilteringSelect
* using the orgs where the user has the requested permission.
* @param perm The permission to check
}
);
new openils.User().buildPermOrgSelector('CREATE_PURCHASE_ORDER', orderingAgencySelect);
- //new openils.User().buildPermOrgTreePicker('CREATE_PURCHAE_ORDER', 'treee');
</script>
<table class='dijitTooltipTable'>
<tr>
function fetchHighestWorkPermOrgs(session, userId, perms, onload) {
var req = new RemoteRequest(
'open-ils.actor',
- 'open-ils.actor.user.work_perm.highest_org_set.batch',
+ 'open-ils.actor.user.user_has_work_perm_at.batch',
session, perms);
if(onload) {
req.setCompleteCallback(function(r){
projects / working / Evergreen.git / commitdiff