From 6a8022e82a17cba6137f700c59fd258a7fa7bca5 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Sun, 4 Nov 2007 19:26:22 +0000
Subject: [PATCH] repaired renewal permission check logic

git-svn-id: svn://svn.open-ils.org/ILS/trunk@7990 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/src/perlmods/OpenILS/Application/Circ/Circulate.pm | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Circulate.pm b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Circulate.pm
index abd8390fbc..f6383fbb43 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Circulate.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Circulate.pm
@@ -1942,11 +1942,6 @@ sub do_renew {
     $self->log_me("do_renew()");
     $self->is_renewal(1);
 
-    unless( $self->is_renewal ) {
-        return $self->bail_on_events($self->editor->events)
-            unless $self->editor->allowed('RENEW_CIRC');
-    }   
-
     # Make sure there is an open circ to renew that is not
     # marked as LOST, CLAIMSRETURNED, or LONGOVERDUE
     my $circ = $self->editor->search_action_circulation(
@@ -1964,6 +1959,12 @@ sub do_renew {
 
     return $self->bail_on_events($self->editor->event) unless $circ;
 
+    # A user is not allowed to renew another user's items without permission
+    unless( $circ->usr eq $self->editor->requestor->id ) {
+        return $self->bail_on_events($self->editor->events)
+            unless $self->editor->allowed('RENEW_CIRC', $circ->circ_lib);
+    }   
+
     $self->push_events(OpenILS::Event->new('MAX_RENEWALS_REACHED'))
         if $circ->renewal_remaining < 1;
 
-- 
2.11.0