From 232e4f6ada259f899a218a386c7039340350bd74 Mon Sep 17 00:00:00 2001 From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4> Date: Mon, 3 May 2010 14:02:50 +0000 Subject: [PATCH] flesh hold notes in the holds retrieve call, being mindful of who is requesting the hold and who can see staff/private notes git-svn-id: svn://svn.open-ils.org/ILS/trunk@16374 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- .../src/perlmods/OpenILS/Application/Circ/Holds.pm | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm index a8701ca937..a8dbb47dd9 100644 --- a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm +++ b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm @@ -361,13 +361,19 @@ sub retrieve_holds { return $e->event unless $e->checkauth; $user_id = $e->requestor->id unless defined $user_id; + my $notes_filter = {staff => 'f'}; + my $user = $e->retrieve_actor_user($user_id) or return $e->event; unless($user_id == $e->requestor->id) { - my $user = $e->retrieve_actor_user($user_id) or return $e->event; - unless($e->allowed('VIEW_HOLD', $user->home_ou)) { + if($e->allowed('VIEW_HOLD', $user->home_ou)) { + $notes_filter = {staff => 't'} + } else { my $allowed = OpenILS::Application::Actor::Friends->friend_perm_allowed( $e, $user_id, $e->requestor->id, 'hold.view'); return $e->event unless $allowed; } + } else { + # staff member looking at his/her own holds can see staff and non-staff notes + $notes_filter = {} if $e->allowed('VIEW_HOLD', $user->home_ou); } my $holds; @@ -424,8 +430,9 @@ sub retrieve_holds { } } - if( ! $self->api_name =~ /id_list/ ) { + if( $self->api_name !~ /id_list/ ) { for my $hold ( @$holds ) { + $hold->notes($e->search_action_hold_request_note({hold => $hold->id, %$notes_filter})); $hold->transit( $e->search_action_hold_transit_copy([ {hold => $hold->id}, @@ -2104,6 +2111,15 @@ sub uber_hold_impl { if($hold->usr->id ne $e->requestor->id) { # A user is allowed to see his/her own holds $e->allowed('VIEW_HOLD') or return $e->event; + $hold->notes( # filter out any non-staff ("private") notes + [ grep { !$U->is_true($_->staff) } @{$hold->notes} ] ); + + } else { + # caller is asking for own hold, but may not have permission to view staff notes + unless($e->allowed('VIEW_HOLD')) { + $hold->notes( # filter out any staff notes + [ grep { $U->is_true($_->staff) } @{$hold->notes} ] ); + } } my $user = $hold->usr; -- 2.11.0