From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Fri, 3 Nov 2006 19:37:58 +0000 (+0000)
Subject: not requiring perm for retrieving your own transaction data
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=c26bcea5d1a2392afe5a7a5884c0b2459b8089b7;p=evergreen%2Fpines.git

not requiring perm for retrieving your own transaction data


git-svn-id: svn://svn.open-ils.org/ILS/trunk@6560 dcc99617-32d9-48b4-a31d-7c20da2025e4
---

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
index ca0e3d5304..92879eb005 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
@@ -2038,7 +2038,11 @@ sub user_transaction_history {
 	# run inside of a transaction to prevent replication delays
 	my $e = new_editor(xact=>1, authtoken=>$auth);
 	return $e->die_event unless $e->checkauth;
-	return $e->die_event unless $e->allowed('VIEW_USER_TRANSACTIONS');
+
+	if( $e->requestor->id ne $userid ) {
+		return $e->die_event 
+			unless $e->allowed('VIEW_USER_TRANSACTIONS');
+	}
 
 	my $api = $self->api_name;
 	my @xact_finish  = (xact_finish => undef ) if ($api =~ /history.still_open$/);