From: Jason Stephenson <jason@sigio.com>
Date: Mon, 7 Oct 2013 00:28:14 +0000 (-0400)
Subject: Add an auth and permission check in CircCommon->unvoid_bill().
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=3029ae87b2b4492c9079a2692e78133215a34641;p=evergreen%2Fequinox.git

Add an auth and permission check in CircCommon->unvoid_bill().

Signed-off-by: Jason Stephenson <jason@sigio.com>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
index 0ba84c96ee..db0d8cec1f 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
@@ -108,7 +108,12 @@ sub void_bills_of_type {
 sub unvoid_bill {
     my ($class, $authtoken, $bill, $note) = @_;
 
+    # Get and editor, check for a session, and check that we can void
+    # bills.  (If we can void bills, we can unvoid them, too.)
     my $ed = new_editor (authtoken => $authtoken, xact => 1);
+    return $e->die_event unless $e->checkauth;
+    return $e->die_event unless $e->allowed('VOID_BILLING');
+
     my $voids = $ed->search_money_void_payment(
         {
             billing => $bill->id()