From: Galen Charlton <gmc@esilibrary.com>
Date: Thu, 19 Feb 2015 19:38:19 +0000 (+0000)
Subject: LP#1410369: add a new view to restrict arbitrary editing access
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=8125ece809a046715314d1c58c61f36feb66460c;p=evergreen%2Fmasslnc.git

LP#1410369: add a new view to restrict arbitrary editing access

The previous commit now allows owning_user in fm_IDL.xml to
specify that patrons can access their own messages, saving
the need to write some copy-and-paste middle-layer code.

However, we don't necessarily want a patron who figures
out how to use pcrud directly to change the content
of messages that are sent to them.  To avoid that, this
patch adds a new view, actor.usr_message_limited, that is
allows updates of the read_date and deleted columns in
the underlying table, but nothing else.

This patch also fixes a couple typos.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>
---

diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml
index 685dd51ad7..62eab6f734 100644
--- a/Open-ILS/examples/fm_IDL.xml
+++ b/Open-ILS/examples/fm_IDL.xml
@@ -2026,7 +2026,30 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
 		</links>
 	</class>
 	<class id="aum" controller="open-ils.cstore open-ils.pcrud" oils_obj:fieldmapper="actor::usr_message" oils_persist:tablename="actor.usr_message" reporter:label="User Message">
-		<fields oils_persist:primary="id" oils_persist:sequence="actor.usr_note_id_seq">
+		<fields oils_persist:primary="id" oils_persist:sequence="actor.usr_message_id_seq">
+			<field reporter:label="Creation Date/Time" name="create_date" reporter:datatype="timestamp"/>
+			<field reporter:label="Read Date/Time" name="read_date" reporter:datatype="timestamp"/>
+			<field reporter:label="Creating Library" name="sending_lib" reporter:datatype="link"/>
+			<field reporter:label="Message ID" name="id" reporter:datatype="id" />
+			<field reporter:label="Deleted?" name="deleted" reporter:datatype="bool"/>
+			<field reporter:label="Title" name="title" reporter:datatype="text"/>
+			<field reporter:label="User" name="usr" reporter:datatype="link" />
+			<field reporter:label="Message" name="message" reporter:datatype="text"/>
+		</fields>
+		<links>
+			<link field="usr" reltype="has_a" key="id" map="" class="au"/>
+			<link field="sending_lib" reltype="has_a" key="id" map="" class="aou"/>
+		</links>
+		<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
+			<actions> <!-- created magically, so no create action -->
+				<retrieve permission="VIEW_USER" context_field="sending_lib" />
+				<update permission="UPDATE_USER" context_field="sending_lib" />
+				<delete permission="UPDATE_USER" context_field="sending_lib" />
+			</actions>
+		</permacrud>
+	</class>
+	<class id="auml" controller="open-ils.cstore open-ils.pcrud" oils_obj:fieldmapper="actor::usr_message" oils_persist:tablename="actor.usr_message_limited" reporter:label="User Message (Limited Access)">
+		<fields oils_persist:primary="id" oils_persist:sequence="actor.usr_message_id_seq">
 			<field reporter:label="Creation Date/Time" name="create_date" reporter:datatype="timestamp"/>
 			<field reporter:label="Read Date/Time" name="read_date" reporter:datatype="timestamp"/>
 			<field reporter:label="Creating Library" name="sending_lib" reporter:datatype="link"/>
@@ -2042,9 +2065,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
 		</links>
 		<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
 			<actions> <!-- created magically, so no create action -->
-				<retrieve permission="VIEW_USER" context_field="sending_lib" owning_user="usr"/>
-				<update permission="UPDATE_USER" context_field="sending_lib" owning_user="usr"/>
-				<delete permission="UPDATE_USER" context_field="sending_lib" owning_user="usr"/>
+				<retrieve permission="UPDATE_USER" context_field="sending_lib" owning_user="usr"/>
+				<update   permission="UPDATE_USER" context_field="sending_lib" owning_user="usr"/>
 			</actions>
 		</permacrud>
 	</class>
diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
index 52675998f0..97364ed746 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
@@ -334,7 +334,7 @@ sub _fetch_and_mark_read_single_message {
 
     $pcrud->request('open-ils.pcrud.transaction.begin', $self->editor->authtoken)->gather(1);
     my $messages = $pcrud->request(
-        'open-ils.pcrud.search.aum.atomic',
+        'open-ils.pcrud.search.auml.atomic',
         $self->editor->authtoken,
         {
             usr     => $self->editor->requestor->id,
@@ -343,13 +343,13 @@ sub _fetch_and_mark_read_single_message {
         },
         {
             flesh => 1,
-            flesh_fields => { aum => ['sending_lib'] },
+            flesh_fields => { auml => ['sending_lib'] },
         }
     )->gather(1);
     if (@$messages) {
         $messages->[0]->read_date('now');
         $pcrud->request(
-            'open-ils.pcrud.update.aum',
+            'open-ils.pcrud.update.auml',
             $self->editor->authtoken,
             $messages->[0]
         )->gather(1);
@@ -370,7 +370,7 @@ sub _fetch_user_messages {
     my %paging = ($limit or $offset) ? (limit => $limit, offset => $offset) : ();
 
     my $all_messages = $pcrud->request(
-        'open-ils.pcrud.id_list.aum.atomic',
+        'open-ils.pcrud.id_list.auml.atomic',
         $self->editor->authtoken,
         {
             usr     => $self->editor->requestor->id,
@@ -380,7 +380,7 @@ sub _fetch_user_messages {
     )->gather(1);
 
     my $messages = $pcrud->request(
-        'open-ils.pcrud.search.aum.atomic',
+        'open-ils.pcrud.search.auml.atomic',
         $self->editor->authtoken,
         {
             usr     => $self->editor->requestor->id,
@@ -388,8 +388,8 @@ sub _fetch_user_messages {
         },
         {
             flesh => 1,
-            flesh_fields => { aum => ['sending_lib'] },
-            order_by => { aum => 'create_date DESC' },
+            flesh_fields => { auml => ['sending_lib'] },
+            order_by => { auml => 'create_date DESC' },
             %paging
         }
     )->gather(1);
@@ -411,7 +411,7 @@ sub _handle_message_action {
     $pcrud->request('open-ils.pcrud.transaction.begin', $self->editor->authtoken)->gather(1);
     for my $id (@ids) {
         my $aum = $pcrud->request(
-            'open-ils.pcrud.retrieve.aum',
+            'open-ils.pcrud.retrieve.auml',
             $self->editor->authtoken,
             $id
         )->gather(1);
@@ -423,7 +423,7 @@ sub _handle_message_action {
         } elsif ($action eq 'mark_deleted') {
             $aum->deleted('t');
         }
-        $pcrud->request('open-ils.pcrud.update.aum', $self->editor->authtoken, $aum)->gather(1) ?
+        $pcrud->request('open-ils.pcrud.update.auml', $self->editor->authtoken, $aum)->gather(1) ?
             $changed++ :
             $failed++;
     }
diff --git a/Open-ILS/src/sql/Pg/005.schema.actors.sql b/Open-ILS/src/sql/Pg/005.schema.actors.sql
index 398736acde..cced60c91a 100644
--- a/Open-ILS/src/sql/Pg/005.schema.actors.sql
+++ b/Open-ILS/src/sql/Pg/005.schema.actors.sql
@@ -171,12 +171,6 @@ CREATE RULE protect_usr_message_delete AS
 		  WHERE	OLD.id = actor.usr_message.id
 	);
 
-ALTER TALBE action_trigger.event_definition 
-	ADD COLUMN message_template TEXT,
-	ADD COLUMN message_usr_path TEXT,
-	ADD COLUMN message_library_path TEXT,
-	ADD COLUMN message_title TEXT;
-
 CREATE FUNCTION actor.convert_usr_note_to_message () RETURNS TRIGGER AS $$
 BEGIN
 	IF NEW.pub THEN
@@ -198,6 +192,29 @@ CREATE TRIGGER actor.convert_usr_note_to_message_tgr
 	AFTER INSERT OR UPDATE ON actor.usr_note
 	FOR EACH ROW EXECUTE PROCEDURE actor.convert_usr_note_to_message();
 
+-- limited view to ensure that a library user who somehow
+-- manages to figure out how to access pcrud cannot change
+-- the text of messages sent them
+CREATE VIEW actor.usr_message_limited
+AS SELECT * FROM actor.usr_message;
+
+CREATE FUNCTION actor.restrict_usr_message_limited () RETURNS TRIGGER AS $$
+BEGIN
+    IF TG_OP = 'UPDATE' THEN
+        UPDATE actor.usr_message
+        SET    read_date = NEW.read_date,
+               deleted   = NEW.deleted
+        WHERE  id = NEW.id;
+        RETURN NEW;
+    END IF;
+    RETURN NULL;
+END;
+$$ LANGUAGE PLPGSQL;
+
+CREATE TRIGGER restrict_usr_message_limited_tgr
+    INSTEAD OF UPDATE OR INSERT OR DELETE ON actor.usr_message_limited
+    FOR EACH ROW EXECUTE PROCEDURE actor.restrict_usr_message_limited();
+
 CREATE TABLE actor.usr_setting (
 	id	BIGSERIAL	PRIMARY KEY,
 	usr	INT		NOT NULL REFERENCES actor.usr ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.schema.message-center.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.schema.message-center.sql
index 3188441b57..7e47618a09 100644
--- a/Open-ILS/src/sql/Pg/upgrade/XXXX.schema.message-center.sql
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.schema.message-center.sql
@@ -48,6 +48,26 @@ CREATE TRIGGER convert_usr_note_to_message_tgr
     AFTER INSERT OR UPDATE ON actor.usr_note
     FOR EACH ROW EXECUTE PROCEDURE actor.convert_usr_note_to_message();
 
+CREATE VIEW actor.usr_message_limited
+AS SELECT * FROM actor.usr_message;
+
+CREATE FUNCTION actor.restrict_usr_message_limited () RETURNS TRIGGER AS $$
+BEGIN
+    IF TG_OP = 'UPDATE' THEN
+        UPDATE actor.usr_message
+        SET    read_date = NEW.read_date,
+               deleted   = NEW.deleted
+        WHERE  id = NEW.id;
+        RETURN NEW;
+    END IF;
+    RETURN NULL;
+END;
+$$ LANGUAGE PLPGSQL;
+
+CREATE TRIGGER restrict_usr_message_limited_tgr
+    INSTEAD OF UPDATE OR INSERT OR DELETE ON actor.usr_message_limited
+    FOR EACH ROW EXECUTE PROCEDURE actor.restrict_usr_message_limited();
+
 -- and copy over existing public user notes as (read) patron messages
 INSERT INTO actor.usr_message (usr, title, message, sending_lib, create_date, read_date)
 SELECT aun.usr, title, value, home_ou, aun.create_date, NOW()