From 6984c1d9c7b945f8ccb4eedccd84b9e04a0e40d1 Mon Sep 17 00:00:00 2001 From: erickson Date: Wed, 19 Mar 2008 02:25:26 +0000 Subject: [PATCH] ported user prefs call to cstoreEditor, with finer grained perm checking git-svn-id: svn://svn.open-ils.org/ILS/branches/rel_1_2@9074 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- Open-ILS/src/perlmods/OpenILS/Application/Actor.pm | 26 +++++++++------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm index 9330f96af7..cdc78fb1d9 100644 --- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm +++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm @@ -119,21 +119,21 @@ __PACKAGE__->register_method( api_name => "open-ils.actor.patron.settings.retrieve", ); sub user_settings { - my( $self, $client, $user_session, $uid, $setting ) = @_; - - my( $staff, $user, $evt ) = - $apputils->checkses_requestor( $user_session, $uid, 'VIEW_USER' ); - return $evt if $evt; + my( $self, $client, $auth, $user_id, $setting ) = @_; - $logger->debug("User " . $staff->id . " fetching user $uid\n"); - my $s = $apputils->simplereq( - 'open-ils.cstore', - 'open-ils.cstore.direct.actor.user_setting.search.atomic', { usr => $uid } ); + my $e = new_editor(authtoken => $auth); + return $e->event unless $e->checkauth; + my $patron = $e->retrieve_actor_user($user_id) or return $e->event; + if($e->requestor->id != $user_id) { + return $e->event unless $e->allowed('VIEW_USER', $patron->home_ou); + } + + my $s = $e->search_actor_user_setting({usr => $user_id}); my $settings = { map { ( $_->name => OpenSRF::Utils::JSON->JSON2perl($_->value) ) } @$s }; - return $$settings{$setting} if $setting; - return $settings; + return $$settings{$setting} if $setting; + return $settings; } @@ -3048,9 +3048,5 @@ sub create_user_opt_in_at_org { } - - - - 1; -- 2.11.0