not requiring perm for retrieving your own transaction data

git-svn-id: svn://svn.open-ils.org/ILS/trunk@6560 dcc99617-32d9-48b4-a31d-7c20da2025e4

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
index ca0e3d5..92879eb 100644 (file)
--- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
@@ -2038,7 +2038,11 @@ sub user_transaction_history {
        # run inside of a transaction to prevent replication delays
        my $e = new_editor(xact=>1, authtoken=>$auth);
        return $e->die_event unless $e->checkauth;
-       return $e->die_event unless $e->allowed('VIEW_USER_TRANSACTIONS');
+
+       if( $e->requestor->id ne $userid ) {
+               return $e->die_event 
+                       unless $e->allowed('VIEW_USER_TRANSACTIONS');
+       }
 
        my $api = $self->api_name;
        my @xact_finish  = (xact_finish => undef ) if ($api =~ /history.still_open$/);