From: erickson Date: Tue, 11 Mar 2008 15:15:25 +0000 (+0000) Subject: ported object-specific perm checks from acq-experiment branch to trunk, since it... X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=015315209fbbfcc9d6af54e58a2d4a515c9833b2;p=Evergreen.git ported object-specific perm checks from acq-experiment branch to trunk, since it is globally applicable git-svn-id: svn://svn.open-ils.org/ILS/trunk@8964 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- diff --git a/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm b/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm index 8c7b33824a..a27196765e 100644 --- a/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm +++ b/Open-ILS/src/perlmods/OpenILS/Utils/CStoreEditor.pm @@ -392,8 +392,21 @@ my $PERM_QUERY = { where => {}, }; +my $OBJECT_PERM_QUERY = { + select => { + au => [ { + transform => 'permission.usr_has_object_perm', + alias => 'has_perm', + column => 'id', + params => [] + } ] + }, + from => 'au', + where => {}, +}; + sub allowed { - my( $self, $perm, $org ) = @_; + my( $self, $perm, $org, $object ) = @_; my $uid = $self->requestor->id; $org ||= $self->requestor->ws_ou; @@ -402,11 +415,19 @@ sub allowed { for $perm (@$perms) { $self->log(I, "checking perms user=$uid, org=$org, perm=$perm"); - # fill in the search hash - $PERM_QUERY->{select}->{au}->[0]->{params} = [$perm, $org]; - $PERM_QUERY->{where}->{id} = $uid; - - return 1 if $U->is_true($self->json_query($PERM_QUERY)->[0]->{has_perm}); + if($object) { + my $id_field = $object->Identity; + my $params = [$perm, $object->json_hint, $object->$id_field]; + push(@$params, $org) if $org; + $OBJECT_PERM_QUERY->{select}->{au}->[0]->{params} = $params; + $OBJECT_PERM_QUERY->{where}->{id} = $uid; + return 1 if $U->is_true($self->json_query($OBJECT_PERM_QUERY)->[0]->{has_perm}); + + } else { + $PERM_QUERY->{select}->{au}->[0]->{params} = [$perm, $org]; + $PERM_QUERY->{where}->{id} = $uid; + return 1 if $U->is_true($self->json_query($PERM_QUERY)->[0]->{has_perm}); + } } # set the perm failure event if the permission check returned false @@ -417,6 +438,39 @@ sub allowed { # ----------------------------------------------------------------------------- +# Returns the list of object IDs this user has object-specific permissions for +# ----------------------------------------------------------------------------- +sub objects_allowed { + my($self, $perm, $obj_type) = @_; + + my $perms = (ref($perm) eq 'ARRAY') ? $perm : [$perm]; + my @ids; + + for $perm (@$perms) { + my $query = { + select => {puopm => ['object_id']}, + from => { + puopm => { + ppl => {field => 'id',fkey => 'perm'} + } + }, + where => { + '+puopm' => {usr => $self->requestor->id, object_type => $obj_type}, + '+ppl' => {code => $perm} + } + }; + + my $list = $self->json_query($query); + push(@ids, 0+$_->{object_id}) for @$list; + } + + my %trim; + $trim{$_} = 1 for @ids; + return [ keys %trim ]; +} + + +# ----------------------------------------------------------------------------- # checks the appropriate perm for the operation # ----------------------------------------------------------------------------- sub _checkperm {