From 4d1cb47c383e1686f4b2a55c1f3e906db1d8c4a4 Mon Sep 17 00:00:00 2001 From: Galen Charlton <gmc@equinoxinitiative.org> Date: Thu, 13 Feb 2020 16:49:46 -0500 Subject: [PATCH] LP#1863386: link ADMIN_CAROUSEL permission to appropriate OU context This patch restricts prcrud retrieval and modification of templates to users who have ADMIN_CAROUSEL in the relevant carousel owner OU rather than requiring global_required. To test ------- [1] Apply the patch. [2] Ensure that a user with ADMIN_CAROUSEL privileges at a depth lower than "Consortium" can only view and edit carousel definitions at OUs applicable to their working libraries. Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org> Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jennifer Weston <jennifer.weston@equinoxinitiative.org> --- Open-ILS/examples/fm_IDL.xml | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml index b32557a9a5..9d537631fe 100644 --- a/Open-ILS/examples/fm_IDL.xml +++ b/Open-ILS/examples/fm_IDL.xml @@ -13020,10 +13020,10 @@ SELECT usr, </links> <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1"> <actions> - <create permission="ADMIN_CAROUSEL" global_required="true"/> - <retrieve/> - <update permission="ADMIN_CAROUSEL" global_required="true"/> - <delete permission="ADMIN_CAROUSEL" global_required="true"/> + <create permission="ADMIN_CAROUSEL" context_field="owner"/> + <retrieve permission="ADMIN_CAROUSEL" context_field="owner"/> + <update permission="ADMIN_CAROUSEL" context_field="owner"/> + <delete permission="ADMIN_CAROUSEL" context_field="owner"/> </actions> </permacrud> </class> @@ -13046,10 +13046,18 @@ SELECT usr, </links> <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1"> <actions> - <create permission="ADMIN_CAROUSEL" global_required="true"/> - <retrieve/> - <update permission="ADMIN_CAROUSEL" global_required="true"/> - <delete permission="ADMIN_CAROUSEL" global_required="true"/> + <create permission="ADMIN_CAROUSEL"> + <context link="carousel" field="owner" /> + </create> + <retrieve permission="ADMIN_CAROUSEL"> + <context link="carousel" field="owner" /> + </retrieve> + <update permission="ADMIN_CAROUSEL"> + <context link="carousel" field="owner" /> + </update> + <delete permission="ADMIN_CAROUSEL"> + <context link="carousel" field="owner" /> + </delete> </actions> </permacrud> </class> -- 2.11.0