From 4e54e70a0e31d3f10e15aa9b2670d672572a6bc7 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Wed, 13 Feb 2008 18:14:59 +0000
Subject: [PATCH] added some finer grained perms for viewing certain objects. 
 fleshed out some provider api calls

git-svn-id: svn://svn.open-ils.org/ILS/branches/acq-experiment@8745 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 .../perlmods/OpenILS/Application/Acq/Financials.pm |  9 +++--
 .../perlmods/OpenILS/Application/Acq/Provider.pm   | 41 ++++++++++++++++++++--
 2 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm b/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm
index 780ef44bbd..9c5c342f33 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm
@@ -89,8 +89,11 @@ sub retrieve_funding_source {
     push(@{$flesh->{flesh_fields}->{acqfs}}, 'allocations') if $$options{flesh_allocations};
 
     my $funding_source = $e->retrieve_acq_funding_source([$funding_source_id, $flesh]) or return $e->event;
+
     return $e->event unless $e->allowed(
-        ['ADMIN_FUNDING_SOURCE','MANAGE_FUNDING_SOURCE'], $funding_source->owner, $funding_source); 
+        ['ADMIN_FUNDING_SOURCE','MANAGE_FUNDING_SOURCE', 'VIEW_FUNDING_SOURCE'], 
+        $funding_source->owner, $funding_source); 
+
     $funding_source->summary(retrieve_funding_source_summary_impl($e, $funding_source))
         if $$options{flesh_summary};
     return $funding_source;
@@ -119,6 +122,7 @@ sub retrieve_org_funding_sources {
     return $e->event unless $e->checkauth;
 
     my $limit_perm = ($$options{limit_perm}) ? $$options{limit_perm} : 'ADMIN_FUNDING_SOURCE';
+    return $BAD_PARAMS unless $limit_perm =~ /(ADMIN|MANAGE|VIEW)_FUNDING_SOURCE/;
 
     my $org_ids = ($org_id_list and @$org_id_list) ? $org_id_list :
         $U->find_highest_work_orgs($e, $limit_perm, {descendants =>1});
@@ -252,7 +256,7 @@ sub retrieve_fund {
     push(@{$flesh->{flesh_fields}->{acqfa}}, 'funding_source') if $$options{flesh_allocation_sources};
 
     my $fund = $e->retrieve_acq_fund([$fund_id, $flesh]) or return $e->event;
-    return $e->event unless $e->allowed(['ADMIN_FUND','MANAGE_FUND'], $fund->org, $fund);
+    return $e->event unless $e->allowed(['ADMIN_FUND','MANAGE_FUND', 'VIEW_FUND'], $fund->org, $fund);
     $fund->summary(retrieve_fund_summary_impl($e, $fund))
         if $$options{flesh_summary};
     return $fund;
@@ -283,6 +287,7 @@ sub retrieve_org_funds {
     return $e->event unless $e->checkauth;
 
     my $limit_perm = ($$options{limit_perm}) ? $$options{limit_perm} : 'ADMIN_FUND';
+    return $BAD_PARAMS unless $limit_perm =~ /(ADMIN|MANAGE|VIEW)_FUND/;
 
     my $org_ids = ($org_id_list and @$org_id_list) ? $org_id_list :
         $U->find_highest_work_orgs($e, $limit_perm, {descendants =>1});
diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Acq/Provider.pm b/Open-ILS/src/perlmods/OpenILS/Application/Acq/Provider.pm
index 291f9922d6..27b5fd3ec4 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Acq/Provider.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Acq/Provider.pm
@@ -31,7 +31,7 @@ sub create_provider {
     my($self, $conn, $auth, $provider) = @_;
     my $e = new_editor(authtoken=>$auth, xact=>1);
     return $e->die_event unless $e->checkauth;
-    return $e->die_event unless $e->allowed('CREATE_PROVIDER', $provider->owner, $provider);
+    return $e->die_event unless $e->allowed('ADMIN_PROVIDER', $provider->owner);
     $e->create_acq_provider($provider) or return $e->die_event;
     $e->commit;
     return $provider->id;
@@ -57,9 +57,46 @@ sub retrieve_provider {
     my $e = new_editor(authtoken=>$auth);
     return $e->event unless $e->checkauth;
     my $provider = $e->retrieve_acq_provider($provider_id) or return $e->event;
-    return $e->event unless $e->allowed('VIEW_PROVIDER', $provider->owner, $provider);
+    return $e->event unless $e->allowed(
+        ['ADMIN_PROVIDER', 'MANAGE_PROVIDER', 'VIEW_PROVIDER'], $provider->owner, $provider);
     return $provider;
 }
 
 
+__PACKAGE__->register_method(
+	method => 'retrieve_org_providers',
+	api_name	=> 'open-ils.acq.provider.org.retrieve',
+	signature => {
+        desc => 'Retrieves all the providers associated with an org unit that the requestor has access to see',
+        params => [
+            {desc => 'Authentication token', type => 'string'},
+            {desc => 'List of org Unit IDs.  If no IDs are provided, this method returns the 
+                full set of funding sources this user has permission to view', type => 'number'},
+            {desc => q/Limiting permission.  this permission is used find the work-org tree from which  
+                the list of orgs is generated if no org ids are provided.  
+                The default is ADMIN_PROVIDER/, type => 'string'},
+        ],
+        return => {desc => 'The provider objects on success, empty array otherwise'}
+    }
+);
+
+sub retrieve_org_providers {
+    my($self, $conn, $auth, $org_id_list, $options) = @_;
+    my $e = new_editor(authtoken=>$auth);
+    return $e->event unless $e->checkauth;
+
+    my $limit_perm = ($$options{limit_perm}) ? $$options{limit_perm} : 'ADMIN_PROVIDER';
+
+    return $BAD_PARAMS unless $limit_perm =~ /(ADMIN|MANAGE|VIEW)_PROVIDER/;
+
+    my $org_ids = ($org_id_list and @$org_id_list) ? $org_id_list :
+        $U->find_highest_work_orgs($e, $limit_perm, {descendants =>1});
+
+    return [] unless @$org_ids;
+    my $sources = $e->search_acq_provider({owner => $org_ids});
+
+    return $sources;
+}
+
+
 1;
-- 
2.11.0