From 348838d37287fd7681887a1ffec1443a6b7d3462 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Thu, 15 Oct 2009 20:53:31 +0000
Subject: [PATCH] added support for tiered org unit setting permissions.  for
 example, if i have the UPDATE_ORG_UNIT_SETTING.foo.bar permission, I can
 update the foo.bar.baz setting

git-svn-id: svn://svn.open-ils.org/ILS/trunk@14456 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/src/perlmods/OpenILS/Application/Actor.pm | 29 +++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
index c6f9efe809..4575adfcb6 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
@@ -95,6 +95,23 @@ sub update_user_setting {
 __PACKAGE__->register_method(
 	method	=> "set_ou_settings",
 	api_name	=> "open-ils.actor.org_unit.settings.update",
+    signature => {
+        desc => q/
+            Updates the value for a given org unit setting.  The permission to update an org unit setting
+            is either the UPDATE_ORG_UNIT_SETTING_ALL, a specific UPDATE_ORG_UNIT_SETTING.<setting_name>
+            permission, or a permission the maps to a prefix of the setting name.  For example, if the setting
+            was called "foo.bar.baz" the user could update the setting if he\she had the following perms:
+            UPDATE_ORG_UNIT_SETTING.foo
+            UPDATE_ORG_UNIT_SETTING.foo.bar
+            UPDATE_ORG_UNIT_SETTING.foo.bar.baz/,
+        params => [
+		    {desc => 'authtoken', type => 'string'},
+            {desc => 'org unit id', type => 'number'},
+            {desc => q/Hash of setting name-value pairs/, type => 'hash'},
+        ],
+        return => {desc => '1 on success, Event on error'}
+    }
+
 );
 sub set_ou_settings {
 	my( $self, $client, $auth, $org_id, $settings ) = @_;
@@ -111,7 +128,17 @@ sub set_ou_settings {
         my $set = $e->search_actor_org_unit_setting({org_unit => $org_id, name => $name})->[0];
 
         unless($all_allowed) {
-            return $e->die_event unless $e->allowed("UPDATE_ORG_UNIT_SETTING.$name", $org_id);
+            my $allowed = 0;
+            my $perm = 'UPDATE_ORG_UNIT_SETTING';
+            for my $part (split(/\./, $name)) {
+                $perm = "$perm.$part";
+                if($e->allowed($perm, $org_id)) {
+                    $allowed = 1;
+                    last;
+                }
+            }
+
+            return $e->die_event unless $allowed;
         }
 
         if(defined $val) {
-- 
2.11.0