<link field="items" reltype="has_many" key="bucket" map="" class="ccbi"/>
</links>
</class>
+ <class id="puwoum" controller="open-ils.cstore" oils_obj:fieldmapper="permission::usr_work_ou_map" oils_persist:tablename="permission.usr_work_ou_map">
+ <fields oils_persist:primary="id" oils_persist:sequence="permission.usr_work_ou_map_id_seq">
+ <field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
+ <field name="ischanged" oils_obj:array_position="1" oils_persist:virtual="true" />
+ <field name="isdeleted" oils_obj:array_position="2" oils_persist:virtual="true" />
+ <field name="id" oils_obj:array_position="3" oils_persist:virtual="false" reporter:datatype="int" />
+ <field name="usr" oils_obj:array_position="4" oils_persist:virtual="false" />
+ <field name="work_ou" oils_obj:array_position="5" oils_persist:virtual="false" />
+ </fields>
+ <links>
+ <link field="usr" reltype="has_a" key="id" map="" class="au"/>
+ <link field="work_ou" reltype="has_a" key="id" map="" class="aou"/>
+ </links>
<class id="pupm" controller="open-ils.cstore" oils_obj:fieldmapper="permission::usr_perm_map" oils_persist:tablename="permission.usr_perm_map">
<fields oils_persist:primary="id" oils_persist:sequence="permission.usr_perm_map_id_seq">
<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
argc => 3,
);
+sub usr_has_home_perm {
+ my $self = shift;
+ my $client = shift;
+ my $usr = shift;
+ my $perm = shift;
+ my $target = shift;
+
+ return permission::usr_grp_map->db_Main->selectrow_arrayref(<<" SQL",{}, "$usr", "$perm", "$target")->[0];
+ SELECT permission.usr_has_home_perm(?,?,?)
+ SQL
+}
+__PACKAGE__->register_method(
+ method => 'usr_has_home_perm',
+ api_name => 'open-ils.storage.permission.user_has_home_perm',
+ argc => 3,
+);
+
+sub usr_has_work_perm {
+ my $self = shift;
+ my $client = shift;
+ my $usr = shift;
+ my $perm = shift;
+ my $target = shift;
+
+ return permission::usr_grp_map->db_Main->selectrow_arrayref(<<" SQL",{}, "$usr", "$perm", "$target")->[0];
+ SELECT permission.usr_has_work_perm(?,?,?)
+ SQL
+}
+__PACKAGE__->register_method(
+ method => 'usr_has_work_perm',
+ api_name => 'open-ils.storage.permission.user_has_work_perm',
+ argc => 3,
+);
+
sub usr_perms {
my $self = shift;
my $client = shift;
ORDER BY 2, 3, 1 DESC, 5 DESC ;
$$ LANGUAGE SQL STABLE;
+CREATE TABLE permission.usr_work_ou_map (
+ id SERIAL PRIMARY KEY,
+ usr INT NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
+ work_ou INT NOT NULL REFERENCES actor.org_unit (id) ON DELETE CASCADE,
+ CONSTRAINT usr_work_ou_once UNIQUE (usr,work_ou)
+);
+
CREATE OR REPLACE FUNCTION permission.usr_can_grant_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
DECLARE
r_usr actor.usr%ROWTYPE;
RETURN TRUE;
END IF;
-
FOR r_perm IN SELECT *
FROM permission.usr_perms(iuser) p
JOIN permission.perm_list l
END;
$$ LANGUAGE PLPGSQL;
-CREATE OR REPLACE FUNCTION permission.usr_has_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
+CREATE OR REPLACE FUNCTION permission.usr_has_home_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
DECLARE
r_usr actor.usr%ROWTYPE;
r_perm permission.usr_perm_map%ROWTYPE;
RETURN TRUE;
END IF;
-
FOR r_perm IN SELECT *
FROM permission.usr_perms(iuser) p
JOIN permission.perm_list l
END;
$$ LANGUAGE PLPGSQL;
+CREATE OR REPLACE FUNCTION permission.usr_has_work_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
+DECLARE
+ r_woum permission.usr_work_ou_map%ROWTYPE;
+ r_usr actor.usr%ROWTYPE;
+ r_perm permission.usr_perm_map%ROWTYPE;
+BEGIN
+
+ SELECT * INTO r_usr FROM actor.usr WHERE id = iuser;
+
+ IF r_usr.active = FALSE THEN
+ RETURN FALSE;
+ END IF;
+
+ IF r_usr.super_user = TRUE THEN
+ RETURN TRUE;
+ END IF;
+
+ FOR r_perm IN SELECT *
+ FROM permission.usr_perms(iuser) p
+ JOIN permission.perm_list l
+ ON (l.id = p.perm)
+ WHERE l.code = tperm
+ OR p.perm = -1
+ LOOP
+
+ FOR r_woum IN SELECT *
+ FROM permission.usr_work_ou_map
+ WHERE usr = iuser
+ LOOP
+
+ PERFORM *
+ FROM actor.org_unit_descendants(target_ou,r_perm.depth)
+ WHERE id = r_woum.work_ou;
+
+ IF FOUND THEN
+ RETURN TRUE;
+ END IF;
+
+ END LOOP;
+
+ END LOOP;
+
+ RETURN FALSE;
+END;
+$$ LANGUAGE PLPGSQL;
+
+CREATE OR REPLACE FUNCTION permission.usr_has_perm ( INT, TEXT, INT ) RETURNS BOOL AS $$
+ SELECT CASE
+ WHEN permission.usr_has_home_perm( $1, $2, $3 ) THEN TRUE
+ WHEN permission.usr_has_work_perm( $1, $2, $3 ) THEN TRUE
+ ELSE FALSE
+ END;
+$$ LANGUAGE SQL;
+
COMMIT;
projects / Evergreen.git / commitdiff