<link field="perm" reltype="has_a" key="id" map="" class="ppl"/>
</links>
</class>
+ <class id="puopm" controller="open-ils.cstore" oils_obj:fieldmapper="permission::usr_object_perm_map" oils_persist:tablename="permission.usr_object_perm_map">
+ <fields oils_persist:primary="id" oils_persist:sequence="permission.usr_object_perm_map_id_seq">
+ <field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
+ <field name="ischanged" oils_obj:array_position="1" oils_persist:virtual="true" />
+ <field name="isdeleted" oils_obj:array_position="2" oils_persist:virtual="true" />
+ <field name="object_id" oils_obj:array_position="3" oils_persist:virtual="false" reporter:datatype="text"/>
+ <field name="grantable" oils_obj:array_position="4" oils_persist:virtual="false" reporter:datatype="bool"/>
+ <field name="id" oils_obj:array_position="5" oils_persist:virtual="false" reporter:datatype="id" />
+ <field name="perm" oils_obj:array_position="6" oils_persist:virtual="false" reporter:datatype="link"/>
+ <field name="usr" oils_obj:array_position="7" oils_persist:virtual="false" reporter:datatype="link"/>
+ <field name="object_type" oils_obj:array_position="8" oils_persist:virtual="false" reporter:datatype="text"/>
+ </fields>
+ <links>
+ <link field="usr" reltype="has_a" key="id" map="" class="au"/>
+ <link field="perm" reltype="has_a" key="id" map="" class="ppl"/>
+ </links>
+ </class>
<class id="mp" controller="open-ils.cstore" oils_obj:fieldmapper="money::payment" oils_persist:tablename="money.payment_view" reporter:core="true" reporter:label="Payments: All">
<fields oils_persist:primary="id" oils_persist:sequence="">
<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
CONSTRAINT perm_usr_once UNIQUE (usr,perm)
);
+CREATE TABLE permission.usr_object_perm_map (
+ id SERIAL PRIMARY KEY,
+ usr INT NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
+ perm INT NOT NULL REFERENCES permission.perm_list (id) ON DELETE CASCADE,
+ object_type TEXT NOT NULL,
+ object_id TEXT NOT NULL,
+ grantable BOOL NOT NULL DEFAULT FALSE,
+ CONSTRAINT perm_usr_obj_once UNIQUE (usr,perm,object_type,object_id)
+);
+
CREATE TABLE permission.usr_grp_map (
id SERIAL PRIMARY KEY,
usr INT NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
END;
$$ LANGUAGE PLPGSQL;
+CREATE OR REPLACE FUNCTION permission.usr_has_object_perm ( iuser INT, tperm TEXT, obj_type TEXT, obj_id TEXT, target_ou INT ) RETURNS BOOL AS $$
+DECLARE
+ r_usr actor.usr%ROWTYPE;
+ res BOOL;
+BEGIN
+
+ SELECT * INTO r_usr FROM actor.usr WHERE id = iuser;
+
+ IF r_usr.active = FALSE THEN
+ RETURN FALSE;
+ END IF;
+
+ IF r_usr.super_user = TRUE THEN
+ RETURN TRUE;
+ END IF;
+
+ SELECT TRUE INTO res FROM permission.usr_object_perm_map WHERE usr = r_usr.id AND object_type = obj_type AND object_id = obj_id;
+
+ IF FOUND THEN
+ RETURN TRUE;
+ END IF;
+
+ IF target_ou > -1 THEN
+ RETURN permission.usr_has_perm( iuser, tperm, target_ou);
+ END IF;
+
+ RETURN FALSE;
+
+END;
+$$ LANGUAGE PLPGSQL;
+
+CREATE OR REPLACE FUNCTION permission.usr_has_object_perm ( INT, TEXT, TEXT, TEXT ) RETURNS BOOL AS $$
+ SELECT permission.usr_has_object_perm( $1, $2, $3, $4, -1 );
+$$ LANGUAGE SQL;
+
CREATE OR REPLACE FUNCTION permission.usr_has_perm ( INT, TEXT, INT ) RETURNS BOOL AS $$
SELECT CASE
WHEN permission.usr_has_home_perm( $1, $2, $3 ) THEN TRUE
projects / Evergreen.git / commitdiff