From 401dce885e6b23294533b2fb840a67758ed90b38 Mon Sep 17 00:00:00 2001
From: Mike Rylander <mrylander@gmail.com>
Date: Thu, 5 Sep 2019 11:34:51 -0400
Subject: [PATCH] LP#1842940: Don't allow self-edit or perm-restricted edit
Pre-webstaff, we disallowed editing of ones own record, an of records
that have a group application permission that the staff do not possess.
This commit brings back those restrictions.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
---
Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js b/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js
index bcfbab817d..1d34476fef 100644
--- a/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js
+++ b/Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js
@@ -1564,6 +1564,8 @@ function($scope , $routeParams , $q , $uibModal , $window , egCore ,
// grp is the pgt object
$scope.set_profile = function(grp) {
+ // If we can't save because of group perms or create/update perms
+ if ($scope.edit_passthru.hide_save_actions()) return;
$scope.patron.profile = grp;
$scope.set_expire_date();
$scope.field_modified();
@@ -2065,6 +2067,18 @@ function($scope , $routeParams , $q , $uibModal , $window , egCore ,
// Returns true if the Save and Save & Clone buttons should be disabled.
$scope.edit_passthru.hide_save_actions = function() {
+ if ($scope.patron.id
+ && $scope.patron.id == egCore.auth.user().id()
+ ) return true;
+
+ if ( $scope.patron.profile
+ && patronRegSvc
+ .edit_profiles
+ .filter(function(p) {
+ return $scope.patron.profile.id() == p.id();
+ }).length == 0
+ ) return true;
+
return $scope.patron.isnew ?
!$scope.perms.CREATE_USER :
!$scope.perms.UPDATE_USER;
--
2.11.0