From: miker <miker@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Tue, 24 Apr 2007 03:36:22 +0000 (+0000)
Subject: work_ou code, schema and IDL setup
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=cd4088a598733b3f8eb048f0ef5e695048e7a2d2;p=Evergreen.git

work_ou code, schema and IDL setup


git-svn-id: svn://svn.open-ils.org/ILS/trunk@7158 dcc99617-32d9-48b4-a31d-7c20da2025e4
---

diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml
index 84b3db46c2..a9e7ed27d3 100644
--- a/Open-ILS/examples/fm_IDL.xml
+++ b/Open-ILS/examples/fm_IDL.xml
@@ -1930,6 +1930,19 @@
 			<link field="items" reltype="has_many" key="bucket" map="" class="ccbi"/>
 		</links>
 	</class>
+	<class id="puwoum" controller="open-ils.cstore" oils_obj:fieldmapper="permission::usr_work_ou_map" oils_persist:tablename="permission.usr_work_ou_map">
+		<fields oils_persist:primary="id" oils_persist:sequence="permission.usr_work_ou_map_id_seq">
+			<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
+			<field name="ischanged" oils_obj:array_position="1" oils_persist:virtual="true" />
+			<field name="isdeleted" oils_obj:array_position="2" oils_persist:virtual="true" />
+			<field name="id" oils_obj:array_position="3" oils_persist:virtual="false" reporter:datatype="int" />
+			<field name="usr" oils_obj:array_position="4" oils_persist:virtual="false" />
+			<field name="work_ou" oils_obj:array_position="5" oils_persist:virtual="false" />
+		</fields>
+		<links>
+			<link field="usr" reltype="has_a" key="id" map="" class="au"/>
+			<link field="work_ou" reltype="has_a" key="id" map="" class="aou"/>
+		</links>
 	<class id="pupm" controller="open-ils.cstore" oils_obj:fieldmapper="permission::usr_perm_map" oils_persist:tablename="permission.usr_perm_map">
 		<fields oils_persist:primary="id" oils_persist:sequence="permission.usr_perm_map_id_seq">
 			<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Storage/Publisher/permission.pm b/Open-ILS/src/perlmods/OpenILS/Application/Storage/Publisher/permission.pm
index 1fb49a192d..5253627bc9 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Storage/Publisher/permission.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Storage/Publisher/permission.pm
@@ -54,6 +54,40 @@ __PACKAGE__->register_method(
 	argc		=> 3,
 );
 
+sub usr_has_home_perm {
+	my $self = shift;
+	my $client = shift;
+	my $usr = shift;
+	my $perm = shift;
+	my $target = shift;
+
+	return permission::usr_grp_map->db_Main->selectrow_arrayref(<<"	SQL",{}, "$usr", "$perm", "$target")->[0];
+		SELECT permission.usr_has_home_perm(?,?,?)
+	SQL
+}
+__PACKAGE__->register_method(
+	method		=> 'usr_has_home_perm',
+	api_name	=> 'open-ils.storage.permission.user_has_home_perm',
+	argc		=> 3,
+);
+
+sub usr_has_work_perm {
+	my $self = shift;
+	my $client = shift;
+	my $usr = shift;
+	my $perm = shift;
+	my $target = shift;
+
+	return permission::usr_grp_map->db_Main->selectrow_arrayref(<<"	SQL",{}, "$usr", "$perm", "$target")->[0];
+		SELECT permission.usr_has_work_perm(?,?,?)
+	SQL
+}
+__PACKAGE__->register_method(
+	method		=> 'usr_has_work_perm',
+	api_name	=> 'open-ils.storage.permission.user_has_work_perm',
+	argc		=> 3,
+);
+
 sub usr_perms {
 	my $self = shift;
 	my $client = shift;
diff --git a/Open-ILS/src/sql/Pg/006.schema.permissions.sql b/Open-ILS/src/sql/Pg/006.schema.permissions.sql
index 014c7a6507..37c5d2a3f2 100644
--- a/Open-ILS/src/sql/Pg/006.schema.permissions.sql
+++ b/Open-ILS/src/sql/Pg/006.schema.permissions.sql
@@ -79,6 +79,13 @@ CREATE OR REPLACE FUNCTION permission.usr_perms ( INT ) RETURNS SETOF permission
 	  ORDER BY 2, 3, 1 DESC, 5 DESC ;
 $$ LANGUAGE SQL STABLE;
 
+CREATE TABLE permission.usr_work_ou_map (
+	id	SERIAL	PRIMARY KEY,
+	usr	INT	NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
+	work_ou INT     NOT NULL REFERENCES actor.org_unit (id) ON DELETE CASCADE,
+		CONSTRAINT usr_work_ou_once UNIQUE (usr,work_ou)
+);
+
 CREATE OR REPLACE FUNCTION permission.usr_can_grant_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
 DECLARE
 	r_usr	actor.usr%ROWTYPE;
@@ -95,7 +102,6 @@ BEGIN
 		RETURN TRUE;
 	END IF;
 
-
 	FOR r_perm IN	SELECT	*
 			  FROM	permission.usr_perms(iuser) p
 				JOIN permission.perm_list l
@@ -118,7 +124,7 @@ BEGIN
 END;
 $$ LANGUAGE PLPGSQL;
 
-CREATE OR REPLACE FUNCTION permission.usr_has_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
+CREATE OR REPLACE FUNCTION permission.usr_has_home_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
 DECLARE
 	r_usr	actor.usr%ROWTYPE;
 	r_perm	permission.usr_perm_map%ROWTYPE;
@@ -134,7 +140,6 @@ BEGIN
 		RETURN TRUE;
 	END IF;
 
-
 	FOR r_perm IN	SELECT	*
 			  FROM	permission.usr_perms(iuser) p
 				JOIN permission.perm_list l
@@ -157,5 +162,59 @@ BEGIN
 END;
 $$ LANGUAGE PLPGSQL;
 
+CREATE OR REPLACE FUNCTION permission.usr_has_work_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
+DECLARE
+	r_woum	permission.usr_work_ou_map%ROWTYPE;
+	r_usr	actor.usr%ROWTYPE;
+	r_perm	permission.usr_perm_map%ROWTYPE;
+BEGIN
+
+	SELECT * INTO r_usr FROM actor.usr WHERE id = iuser;
+
+	IF r_usr.active = FALSE THEN
+		RETURN FALSE;
+	END IF;
+
+	IF r_usr.super_user = TRUE THEN
+		RETURN TRUE;
+	END IF;
+
+	FOR r_perm IN	SELECT	*
+			  FROM	permission.usr_perms(iuser) p
+				JOIN permission.perm_list l
+					ON (l.id = p.perm)
+			  WHERE	l.code = tperm
+			  	OR p.perm = -1
+		LOOP
+
+		FOR r_woum IN	SELECT	*
+				  FROM	permission.usr_work_ou_map
+				  WHERE	usr = iuser
+			LOOP
+
+			PERFORM	*
+			  FROM	actor.org_unit_descendants(target_ou,r_perm.depth)
+			  WHERE	id = r_woum.work_ou;
+
+			IF FOUND THEN
+				RETURN TRUE;
+			END IF;
+
+		END LOOP;
+
+	END LOOP;
+
+	RETURN FALSE;
+END;
+$$ LANGUAGE PLPGSQL;
+
+CREATE OR REPLACE FUNCTION permission.usr_has_perm ( INT, TEXT, INT ) RETURNS BOOL AS $$
+	SELECT	CASE
+			WHEN permission.usr_has_home_perm( $1, $2, $3 ) THEN TRUE
+			WHEN permission.usr_has_work_perm( $1, $2, $3 ) THEN TRUE
+			ELSE FALSE
+		END;
+$$ LANGUAGE SQL;
+
 COMMIT;