LP#1873048: add scoped retrieve perms for booking resource types and resources

In the XUL client, when selecting a resource type, the list was limited
by owning library.  But in the web client, the list would show all
resource types across all libraries.  This commit addresses that
regression by adding a new VIEW_BOOKING_RESOURCE_TYPE permission with
context_field in the IDL.  That way, users only see resource types owned
by org units where they have the permission.

While we're at it, a new VIEW_BOOKING_RESOURCE perm is also added for
resources.

Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>

diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml
index e849f66..00f7129 100644 (file)
--- a/Open-ILS/examples/fm_IDL.xml
+++ b/Open-ILS/examples/fm_IDL.xml
@@ -5011,7 +5011,7 @@ SELECT  usr,
                <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
                        <actions>
                                <create permission="ADMIN_BOOKING_RESOURCE_TYPE" context_field='owner'/>
-                               <retrieve/>
+                               <retrieve permission="VIEW_BOOKING_RESOURCE_TYPE" context_field='owner'/>
                                <update permission="ADMIN_BOOKING_RESOURCE_TYPE" context_field='owner'/>
                                <delete permission="ADMIN_BOOKING_RESOURCE_TYPE" context_field='owner'/>
                        </actions>
@@ -5043,7 +5043,7 @@ SELECT  usr,
                <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
                        <actions>
                                <create permission="ADMIN_BOOKING_RESOURCE" context_field='owner'/>
-                               <retrieve/>
+                               <retrieve permission="VIEW_BOOKING_RESOURCE" context_field='owner'/>
                                <update permission="ADMIN_BOOKING_RESOURCE" context_field='owner'/>
                                <delete permission="ADMIN_BOOKING_RESOURCE" context_field='owner'/>
                        </actions>

diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index a757345..9d8b6e2 100644 (file)
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1935,7 +1935,11 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES
  ( 619, 'EDIT_SELF_IN_CLIENT', oils_i18n_gettext(619,
     'Allow a user to edit their own account in the staff client', 'ppl', 'description')),
  ( 620, 'UPDATE_ORG_UNIT_SETTING.opac.patron.custom_css', oils_i18n_gettext(620,
-    'Update CSS setting for the OPAC', 'ppl', 'description'))
+    'Update CSS setting for the OPAC', 'ppl', 'description')),
+ ( 621, 'VIEW_BOOKING_RESOURCE_TYPE', oils_i18n_gettext(621,
+    'View booking resource types', 'ppl', 'description')),
+ ( 622, 'VIEW_BOOKING_RESOURCE', oils_i18n_gettext(622,
+    'View booking resources', 'ppl', 'description'))
 ;
 
 
@@ -2369,6 +2373,8 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'UPDATE_PAYMENT_NOTE',
                        'UPDATE_PICKUP_LIB FROM_TRANSIT',
                        'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF',
+                       'VIEW_BOOKING_RESOURCE',
+                       'VIEW_BOOKING_RESOURCE_TYPE',
                        'VIEW_GROUP_PENALTY_THRESHOLD',
                        'VIEW_STANDING_PENALTY',
                        'VOID_BILLING',
@@ -2529,6 +2535,8 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF',
                        'UPDATE_PICKUP_LIB_FROM_TRANSIT',
                        'UPDATE_USER',
+                       'VIEW_BOOKING_RESOURCE',
+                       'VIEW_BOOKING_RESOURCE_TYPE',
                        'VIEW_REPORT_OUTPUT',
                        'VIEW_STANDING_PENALTY',
                        'VOID_BILLING',

diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.booking_resource.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.booking_resource.sql
new file mode 100644 (file)
index 0000000..2bbdce6
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.booking_resource.sql
@@ -0,0 +1,11 @@
+BEGIN;
+SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+INSERT INTO permission.perm_list ( id, code, description ) VALUES
+ ( 621, 'VIEW_BOOKING_RESOURCE_TYPE', oils_i18n_gettext(621,
+    'View booking resource types', 'ppl', 'description')),
+ ( 622, 'VIEW_BOOKING_RESOURCE', oils_i18n_gettext(622,
+    'View booking resources', 'ppl', 'description'))
+;
+
+COMMIT;