From: Ben Shum Date: Fri, 12 Oct 2012 02:04:30 +0000 (-0400) Subject: LP#1066141: add authtoken check and related permission for age to lost function X-Git-Tag: sprint4-merge-nov22~2599 X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=adf0af2ffb2b1d05b966af999a6ed53af16b8aef;p=working%2FEvergreen.git LP#1066141: add authtoken check and related permission for age to lost function The SET_CIRC_LOST permission is now required in order to invoke the open-ils.circ.circulation.age_to_lost method. Signed-off-by: Ben Shum Signed-off-by: Galen Charlton Signed-off-by: Bill Erickson --- diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ.pm index e07f173142..76f1cb0674 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ.pm @@ -259,6 +259,9 @@ __PACKAGE__->register_method( sub staff_age_to_lost { my( $self, $conn, $auth, $args ) = @_; + my $e = new_editor(authtoken=>$auth); + return $e->event unless $e->checkauth; + return $e->event unless $e->allowed('SET_CIRC_LOST', $args->{'circ_lib'}); my $orgs = $U->get_org_descendants($args->{'circ_lib'}); my $profiles = $U->fetch_permission_group_descendants($args->{'user_profile'});