From: Mike Rylander Date: Thu, 5 Sep 2019 15:34:51 +0000 (-0400) Subject: LP#1842940: Don't allow self-edit or perm-restricted edit X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=401dce885e6b23294533b2fb840a67758ed90b38;p=evergreen%2Fmasslnc.git LP#1842940: Don't allow self-edit or perm-restricted edit Pre-webstaff, we disallowed editing of ones own record, an of records that have a group application permission that the staff do not possess. This commit brings back those restrictions. Signed-off-by: Mike Rylander Signed-off-by: Jane Sandberg --- diff --git a/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js b/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js index bcfbab817d..1d34476fef 100644 --- a/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js +++ b/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js @@ -1564,6 +1564,8 @@ function($scope , $routeParams , $q , $uibModal , $window , egCore , // grp is the pgt object $scope.set_profile = function(grp) { + // If we can't save because of group perms or create/update perms + if ($scope.edit_passthru.hide_save_actions()) return; $scope.patron.profile = grp; $scope.set_expire_date(); $scope.field_modified(); @@ -2065,6 +2067,18 @@ function($scope , $routeParams , $q , $uibModal , $window , egCore , // Returns true if the Save and Save & Clone buttons should be disabled. $scope.edit_passthru.hide_save_actions = function() { + if ($scope.patron.id + && $scope.patron.id == egCore.auth.user().id() + ) return true; + + if ( $scope.patron.profile + && patronRegSvc + .edit_profiles + .filter(function(p) { + return $scope.patron.profile.id() == p.id(); + }).length == 0 + ) return true; + return $scope.patron.isnew ? !$scope.perms.CREATE_USER : !$scope.perms.UPDATE_USER;