check for session ownership and for previous searchitude

Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>

diff --git a/Open-ILS/src/extras/ils_events.xml b/Open-ILS/src/extras/ils_events.xml
index 1be90e9..1c458ad 100644 (file)
--- a/Open-ILS/src/extras/ils_events.xml
+++ b/Open-ILS/src/extras/ils_events.xml
@@ -753,6 +753,13 @@
                <desc xml:lang="en-US">Attempt to suspend a hold after it has been captured.</desc>
        </event>
 
+       <event code='1900' textcode='URL_VERIFY_NOT_SESSION_CREATOR'>
+               <desc xml:lang="en-US">You did not create this URL Verify session, so you cannot change it.  You may be able to clone it.</desc>
+       </event>
+
+       <event code='1901' textcode='URL_VERIFY_SESSION_ALREADY_SEARCHED'>
+               <desc xml:lang="en-US">This session has already been searched.</desc>
+       </event>
 
        <event code='2000' textcode='BAD_PARAMS'>
                <desc xml:lang="en-US">Invalid parameters were encountered in a method</desc>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/URLVerify.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/URLVerify.pm
index 67f1a31..fbaf342 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/URLVerify.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/URLVerify.pm
@@ -641,38 +641,31 @@ sub create_session {
     return $e->data->id;
 }
 
+# _check_for_existing_bucket_items() is used later by session_perform_search()
+sub _check_for_existing_bucket_items {
+    my ($e, $session) = @_;
 
-__PACKAGE__->register_method(
-    method => "session_perform_search",
-    api_name => "open-ils.url_verify.session_perform_search",
-    signature => {
-        desc => q/
-            Perform the search contained in the session, populating the linked bucket
-        /,
-        params => [
-            {desc => "Authentication token", type => "string"},
-            {desc => "url_verify.session id", type => "number"},
-        ],
-        return => {desc => "1 for success, event on failure", type => "number"}
-    }
-);
-
-# XXX TODO send progress updates?
-# XXX TODO either blow away old search results or refuse to start (consider)
-sub session_perform_search {
-    my ($self, $client, $auth, $ses_id) = @_;
+    my $items = $e->json_query(
+        {
+            select => {cbrebi => ['id']},
+            from => {cbrebi => {}},
+            where => {bucket => $session->container},
+            limit => 1
+        }
+    ) or return $e->die_event;
 
-    my $e = new_editor(authtoken => $auth);
-    return $e->die_event unless $e->checkauth;
+    return new OpenILS::Event("URL_VERIFY_SESSION_ALREADY_SEARCHED") if @$items;
 
-    my $session = $e->retrieve_url_verify_session(int($ses_id));
+    return;
+}
 
-    return $e->die_event unless
-        $session and $e->allowed("VERIFY_URL", $session->owning_lib);
+# _get_all_search_results() is used later by session_perform_search()
+sub _get_all_search_results {
+    my ($client, $session) = @_;
 
     my @result_ids;
 
-    # Don't loop if the user has specific their own offset.
+    # Don't loop if the user has specified their own offset.
     if ($session->search =~ /offset\(\d+\)/) {
         my $res = $U->simplereq(
             "open-ils.search",
@@ -689,8 +682,7 @@ sub session_perform_search {
         my $so_far = 0;
 
         do {
-            my $search = $session->search .
-                " offset(" . scalar(@result_ids) . ")";
+            my $search = $session->search . " offset(".scalar(@result_ids).")";
 
             my $res = $U->simplereq(
                 "open-ils.search",
@@ -718,6 +710,61 @@ sub session_perform_search {
         } while ($count - scalar(@result_ids) > 0);
     }
 
+    return (undef, @result_ids);
+}
+
+
+__PACKAGE__->register_method(
+    method => "session_perform_search",
+    api_name => "open-ils.url_verify.session_perform_search",
+    signature => {
+        desc => q/
+            Perform the search contained in the session,
+            populating the linked bucket /,
+        params => [
+            {desc => "Authentication token", type => "string"},
+            {desc => "url_verify.session id", type => "number"},
+        ],
+        return => {
+            desc => "Number of search results on success, event on failure",
+            type => "number"
+        }
+    }
+);
+
+# XXX TODO send progress updates?
+sub session_perform_search {
+    my ($self, $client, $auth, $ses_id) = @_;
+
+    my $e = new_editor(authtoken => $auth);
+    return $e->die_event unless $e->checkauth;
+
+    my $session = $e->retrieve_url_verify_session(int($ses_id));
+
+    return $e->die_event unless
+        $session and $e->allowed("VERIFY_URL", $session->owning_lib);
+
+    if ($session->creator != $e->requestor->id) {
+        $e->disconnect;
+        return new OpenILS::Event("URL_VERIFY_NOT_SESSION_CREATOR");
+    }
+
+    my $delete_error =
+        _check_for_existing_bucket_items($e, $session);
+
+    if ($delete_error) {
+        $e->disconnect;
+        return $delete_error;
+    }
+
+    my ($search_error, @result_ids) =
+        _get_all_search_results($client, $session);
+
+    if ($search_error) {
+        $e->disconnect;
+        return $search_error;
+    }
+
     $e->xact_begin;
 
     # Make and save a bucket item for each search result.
@@ -729,14 +776,14 @@ sub session_perform_search {
 
         $bucket_item->bucket($session->container);
         $bucket_item->target_biblio_record_entry($bre_id);
-        $bucket_item->pos($pos++); # we don't actually care
+        $bucket_item->pos($pos++);
 
         $e->create_container_biblio_record_entry_bucket_item($bucket_item) or
             return $e->die_event;
     }
     $e->xact_commit;
 
-    return 1;
+    return $pos;
 }
 
 1;