my $picklist = $args->{picklist};
my $create_po = $args->{create_po};
my $activate_po = $args->{activate_po};
- my $ordering_agency = $args->{ordering_agency};
my $vandelay = $args->{vandelay};
+ my $ordering_agency = $args->{ordering_agency} || $e->requestor->ws_ou;
my $po;
my $evt;
}
if($create_po) {
+ return $e->die_event unless
+ $e->allowed('CREATE_PURCHASE_ORDER', $ordering_agency);
$po = create_purchase_order($mgr,
ordering_agency => $ordering_agency,
return $die_event if $die_event;
} elsif ($vandelay) {
+ $vandelay->{new_rec_perm} = 'IMPORT_ACQ_LINEITEM_BIB_RECORD_UPLOAD';
create_lineitem_list_assets($mgr, \@li_list, $vandelay) or return $e->die_event;
}
$rec_class = 'vqar';
}
+ my $new_rec_perm_cache;
my @success_rec_ids;
for my $rec_id (@$rec_ids) {
if(!$imported and !$error and $import_no_match and scalar(@{$rec->matches}) == 0) {
# No overlay / merge occurred. Do a traditional record import by creating a new record
-
- $logger->info("vl: creating new $type record for queued record $rec_id");
- if($type eq 'bib') {
- $record = OpenILS::Application::Cat::BibCommon->biblio_record_xml_import(
- $e, $rec->marc, $bib_sources{$rec->bib_source}, undef, 1);
- } else {
- $record = OpenILS::Application::Cat::AuthCommon->import_authority_record($e, $rec->marc); #$source);
+ if (!$new_rec_perm_cache) {
+ $new_rec_perm_cache = {};
+
+ # all users creating new records are required to have the basic permission.
+ # if the client requests, we can enforce extra permissions for creating new records.
+ # for speed, check the permissions the first time then cache the result.
+
+ my $perm = ($type eq 'bib') ? 'IMPORT_MARC' : 'IMPORT_AUTHORITY_MARC';
+ my $xperm = $$args{new_rec_perm};
+ my $rec_ou = $e->requestor->ws_ou;
+
+ $new_rec_perm_cache->{evt} = $e->die_event
+ if !$e->allowed($perm, $rec_ou) || ($xperm and !$e->allowed($xperm, $rec_ou));
}
- if($U->event_code($record)) {
- $$report_args{import_error} = 'import.duplicate.tcn'
- if $record->{textcode} eq 'OPEN_TCN_NOT_FOUND';
- $$report_args{evt} = $record;
+ if ($new_rec_perm_cache->{evt}) {
- } else {
+ # a cached event won't roll back the transaction (a la die_event), but
+ # the transaction will get rolled back in finish_rec_import_attempt() below
+ $$report_args{evt} = $new_rec_perm_cache->{evt};
+ $$report_args{import_error} = 'import.record.perm_failure';
- $logger->info("vl: successfully imported new $type record");
- $rec->imported_as($record->id);
- $imported = 1;
+ } else { # perm checks succeeded
+
+ $logger->info("vl: creating new $type record for queued record $rec_id");
+
+ if ($type eq 'bib') {
+
+ $record = OpenILS::Application::Cat::BibCommon->biblio_record_xml_import(
+ $e, $rec->marc, $bib_sources{$rec->bib_source}, undef, 1);
+
+ } else { # authority record
+
+ $record = OpenILS::Application::Cat::AuthCommon->import_authority_record($e, $rec->marc); #$source);
+ }
+
+ if($U->event_code($record)) {
+ $$report_args{import_error} = 'import.duplicate.tcn'
+ if $record->{textcode} eq 'OPEN_TCN_NOT_FOUND';
+ $$report_args{evt} = $record;
+
+ } else {
+
+ $logger->info("vl: successfully imported new $type record");
+ $rec->imported_as($record->id);
+ $imported = 1;
+ }
}
}
}
( 519, 'ADMIN_SMS_CARRIER', oils_i18n_gettext( 519,
'Allows a user to add/create/delete SMS Carrier entries.', 'ppl', 'description' )),
( 520, 'COPY_DELETE_WARNING.override', oils_i18n_gettext( 520,
- 'Allow a user to override warnings about deleting copies in problematic situations.', 'ppl', 'description' ));
+ 'Allow a user to override warnings about deleting copies in problematic situations.', 'ppl', 'description' )),
+ ( 521, 'IMPORT_ACQ_LINEITEM_BIB_RECORD_UPLOAD', oils_i18n_gettext( 521,
+ 'Allows a user to create new bibs directly from an ACQ MARC file upload', 'ppl', 'description' )),
+ ( 522, 'IMPORT_AUTHORITY_MARC', oils_i18n_gettext( 522,
+ 'Allows a user to create new authority records', 'ppl', 'description' ));
SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
'DELETE_TITLE_NOTE',
'IMPORT_ACQ_LINEITEM_BIB_RECORD',
'IMPORT_MARC',
+ 'IMPORT_AUTHORITY_MARC',
'MERGE_AUTH_RECORDS',
'MERGE_BIB_RECORDS',
'UPDATE_AUTHORITY_IMPORT_QUEUE',
'import.item.invalid.copy_number', oils_i18n_gettext('import.item.invalid.copy_number', 'Invalid value for "copy_number"', 'vie', 'description') );
INSERT INTO vandelay.import_error ( code, description ) VALUES (
'import.item.invalid.circ_as_type', oils_i18n_gettext('import.item.invalid.circ_as_type', 'Invalid value for "circ_as_type"', 'vie', 'description') );
+INSERT INTO vandelay.import_error ( code, description ) VALUES (
+ 'import.record.perm_failure', oils_i18n_gettext('import.record.perm_failure', 'Perm failure creating a record', 'vie', 'description') );
-- Event def for email notice for hold cancelled due to lack of target -----
REFERENCES vandelay.queued_bib_record (id)
ON DELETE SET NULL DEFERRABLE INITIALLY DEFERRED;
+-- seed data --
+
+INSERT INTO permission.perm_list ( id, code, description )
+ VALUES (
+ 521,
+ 'IMPORT_ACQ_LINEITEM_BIB_RECORD_UPLOAD',
+ oils_i18n_gettext(
+ 521,
+ 'Allows a user to create new bibs directly from an ACQ MARC file upload',
+ 'ppl',
+ 'description'
+ )
+ );
+
+
+INSERT INTO vandelay.import_error ( code, description )
+ VALUES (
+ 'import.record.perm_failure',
+ oils_i18n_gettext(
+ 'import.record.perm_failure',
+ 'Perm failure creating a record', 'vie', 'description')
+ );
+
+
COMMIT;
/* UNDO SQL
projects / contrib / Conifer.git / commitdiff