LP#1979345: restrict access to holds pull list

This commit adds a new VIEW_HOLD_PULL_LIST permission.  In order to view
a library's holds pull list, you need to have the new permission at that
library.

Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>

diff --git a/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html b/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html
index f3bad0b..d7f46a6 100644 (file)
--- a/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html
+++ b/Open-ILS/src/eg2/src/app/staff/share/holds/grid.component.html
@@ -55,7 +55,7 @@
           <div class="input-group-prepend">
             <div class="input-group-text" i18n>View Pull List For:</div>
           </div>
-          <eg-org-select [initialOrgId]="pullListOrg"
+          <eg-org-select [initialOrgId]="pullListOrg" [limitPerms]="['VIEW_HOLD_PULL_LIST']"
             (onChange)="pullListOrgChanged($event)">
           </eg-org-select>
         </div>

diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index efcf20a..7ae2f94 100644 (file)
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1970,7 +1970,9 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES
  ( 637, 'UPLOAD_COVER_IMAGE', oils_i18n_gettext(637,
     'Upload local cover images for added content.', 'ppl', 'description')),
  ( 638, 'RUN_SIMPLE_REPORTS', oils_i18n_gettext(638,
-    'Build and run simple reports', 'ppl', 'description'))
+    'Build and run simple reports', 'ppl', 'description')),
+ ( 639, 'VIEW_HOLD_PULL_LIST', oils_i18n_gettext(639,
+    'View hold pull list', 'ppl', 'description'))
 ;
 
 SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
@@ -2068,6 +2070,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'VIEW_CIRCULATIONS',
                        'VIEW_COPY_NOTES',
                        'VIEW_HOLD',
+                       'VIEW_HOLD_PULL_LIST',
                        'VIEW_ORG_SETTINGS',
                        'VIEW_TITLE_NOTES',
                        'VIEW_TRANSACTION',
@@ -2134,6 +2137,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'VIEW_HOLD',
                        'VIEW_HOLD_NOTIFICATION',
                        'VIEW_HOLD_PERMIT',
+                       'VIEW_HOLD_PULL_LIST',
                        'VIEW_PERM_GROUPS',
                        'VIEW_PERMISSION',
                        'VIEW_TITLE_NOTES',
@@ -2866,6 +2870,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
                        'VIEW_CIRCS',
                        'VIEW_COPY_CHECKOUT',
                        'VIEW_HOLD',
+                       'VIEW_HOLD_PULL_LIST',
                        'VIEW_TITLE_HOLDS',
                        'VIEW_TRANSACTION',
                        'VIEW_USER',

diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.hold_pull_list.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.hold_pull_list.sql
new file mode 100644 (file)
index 0000000..b8c444f
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.permission.hold_pull_list.sql
@@ -0,0 +1,25 @@
+BEGIN;
+
+SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+INSERT INTO permission.perm_list (id, code, description) VALUES
+ ( 639, 'VIEW_HOLD_PULL_LIST', oils_i18n_gettext(639,
+    'View hold pull list', 'ppl', 'description'));
+
+COMMIT;
+
+\qecho ''
+\qecho 'Access to hold pull lists is now restricted to users with the new'
+\qecho 'VIEW_HOLD_PULL_LIST permission.  If you wish to grant this perm'
+\qecho 'to all users with the VIEW_HOLD permission, you can run the'
+\qecho 'following SQL commands:'
+\qecho ''
+\qecho 'INSERT INTO permission.grp_perm_map (perm, grp, depth, grantable)'
+\qecho '    SELECT 639, grp, depth, grantable'
+\qecho '    FROM permission.grp_perm_map'
+\qecho '    WHERE perm = 9;'
+\qecho ''
+\qecho 'INSERT INTO permission.usr_perm_map (perm, usr, depth, grantable)'
+\qecho '    SELECT 639, usr, depth, grantable'
+\qecho '    FROM permission.usr_perm_map'
+\qecho '    WHERE perm = 9;'