projects / evergreen / masslnc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 79b3a3f)
LP#1479107 Move VOID_BILLING perm check to top-level API
authorDan Wells <dbw2@calvin.edu>
Tue, 18 Aug 2015 14:42:27 +0000 (10:42 -0400)
committerJason Stephenson <jstephenson@mvlc.org>
Wed, 19 Aug 2015 18:32:52 +0000 (14:32 -0400)
Pemission checks are needed at entry points, but can lead to
undesirable consequences if checked during automated processing.  In
the case of voids, let's move the perm check up to make sure our
automated processing can complete.

Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm patch | blob | history
Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm patch | blob | history

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
index 113e47c..62b5b57 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
@@ -849,8 +849,6 @@ sub bill_payment_map_for_xact {
 # CStoreEditor, an arrayref of bill ids or bills, and an optional note.
 sub void_bills {
     my ($class, $e, $billids, $note) = @_;
-    return $e->die_event unless $e->checkauth;
-    return $e->die_event unless $e->allowed('VOID_BILLING');
 
     my %users;
     my $bills;
@@ -904,10 +902,6 @@ sub void_bills {
 sub adjust_bills_to_zero {
     my ($class, $e, $billids, $note) = @_;
 
-    # Get with the editor to see if we have permission to void bills.
-    return $e->die_event unless $e->checkauth;
-    return $e->die_event unless $e->allowed('VOID_BILLING');
-
     my %users;
 
     # Let's get all the billing objects and handle them by
diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm
index 30e0ca9..038761d 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm
@@ -907,6 +907,8 @@ __PACKAGE__->register_method(
 sub void_bill {
     my( $s, $c, $authtoken, @billids ) = @_;
     my $editor = new_editor(authtoken=>$authtoken, xact=>1);
+    return $editor->die_event unless $editor->checkauth;
+    return $editor->die_event unless $editor->allowed('VOID_BILLING');
     my $rv = $CC->void_bills($editor, \@billids);
     if (ref($rv) eq 'HASH') {
         # We got an event.
Evergreen working repo (MassLNC)