From 6b900e1b5da091c09d0a4f668ca8618adfb4a260 Mon Sep 17 00:00:00 2001
From: Jason Etheridge <jason@esilibrary.com>
Date: Fri, 22 Jul 2011 01:47:15 -0400
Subject: [PATCH] use_perm column for config.z3950_source

The idea is that if a permission code is specified for a given source, then
staff will need that permission to use that source in the staff client z39.50
interface.

Signed-off-by: Jason Etheridge <jason@esilibrary.com>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
---
 Open-ILS/examples/fm_IDL.xml                       |  2 ++
 .../lib/OpenILS/Application/Search/Z3950.pm        | 22 ++++++++++++++++++++--
 Open-ILS/src/sql/Pg/002.schema.config.sql          |  7 ++++++-
 Open-ILS/src/sql/Pg/800.fkeys.sql                  |  2 ++
 .../Pg/upgrade/XXXX.schema.czs_use_perm_column.sql | 21 +++++++++++++++++++++
 5 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 Open-ILS/src/sql/Pg/upgrade/XXXX.schema.czs_use_perm_column.sql

diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml
index 7b621a9f96..36046370b6 100644
--- a/Open-ILS/examples/fm_IDL.xml
+++ b/Open-ILS/examples/fm_IDL.xml
@@ -819,9 +819,11 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
             <field reporter:label="Transmission Format" name="transmission_format"  reporter:datatype="text"/>
             <field reporter:label="Auth" name="auth"  reporter:datatype="bool"/>
             <field reporter:label="Attrs" name="attrs" oils_persist:virtual="true"  reporter:datatype="link"/>
+            <field reporter:label="Use Permission" name="use_perm"  reporter:datatype="link"/>
         </fields>
         <links>
             <link field="attrs" reltype="has_many" key="source" map="" class="cza"/>
+            <link field="use_perm" reltype="has_a" key="id" map="" class="ppl"/>
         </links>
         <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
             <actions>
diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm
index a5cd5ca478..6a095290e1 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm
@@ -73,6 +73,7 @@ __PACKAGE__->register_method(
     method    => "query_services",
     api_name  => "open-ils.search.z3950.retrieve_services",
     signature => q/
+        @param auth The login session key
         Returns a list of service names that we have config
         data for
     /
@@ -89,7 +90,7 @@ sub query_services {
     return $e->event unless $e->checkauth;
     return $e->event unless $e->allowed('REMOTE_Z3950_QUERY');
 
-    return fetch_service_defs();
+    return fetch_service_defs($e);
 }
 
 # -------------------------------------------------------------------
@@ -97,10 +98,12 @@ sub query_services {
 # -------------------------------------------------------------------
 sub fetch_service_defs {
 
+    my $editor_with_authtoken = shift;
+
     my $hash = $sclient->config_value('z3950', 'services');
 
     # overlay config file values with in-db values
-    my $e = new_editor();
+    my $e = $editor_with_authtoken || new_editor();
     if($e->can('search_config_z3950_source')) {
 
         my $sources = $e->search_config_z3950_source(
@@ -118,6 +121,8 @@ sub fetch_service_defs {
                 record_format => $s->record_format,
                 transmission_format => $s->transmission_format,
                 auth => $s->auth,
+                use_perm => ($s->use_perm) ? 
+                    $e->retrieve_permission_perm_list($s->use_perm)->code : ''
             };
 
             for my $a ( @{ $s->attrs } ) {
@@ -151,6 +156,19 @@ sub fetch_service_defs {
         }
     };
 
+    # then filter out any services which the requestor lacks the perm for
+    foreach my $s (keys %{ $hash }) {
+        if ($$hash{$s}{use_perm}) {
+            if ($U->check_perms(
+                $e->requestor->id,
+                $e->requestor->ws_ou,
+                $$hash{$s}{use_perm}
+            )) {
+                delete $$hash{$s};
+            }
+        };
+    }
+
     %services = %$hash; # cache these internally so we can actually use the db-configured sources
     return $hash;
 }
diff --git a/Open-ILS/src/sql/Pg/002.schema.config.sql b/Open-ILS/src/sql/Pg/002.schema.config.sql
index a08f61b71f..1e14f289f6 100644
--- a/Open-ILS/src/sql/Pg/002.schema.config.sql
+++ b/Open-ILS/src/sql/Pg/002.schema.config.sql
@@ -440,7 +440,8 @@ CREATE TABLE config.z3950_source (
     db                  TEXT    NOT NULL,
     record_format       TEXT    NOT NULL DEFAULT 'FI',
     transmission_format TEXT    NOT NULL DEFAULT 'usmarc',
-    auth                BOOL    NOT NULL DEFAULT TRUE
+    auth                BOOL    NOT NULL DEFAULT TRUE,
+    use_perm            INT     -- REFERENCES permission.perm_list (id)
 );
 
 COMMENT ON TABLE config.z3950_source IS $$
@@ -457,6 +458,10 @@ COMMENT ON COLUMN config.z3950_source.transmission_format IS $$
 Z39.50 preferred record syntax..
 $$;
 
+COMMENT ON COLUMN config.z3950_source.use_perm IS $$
+If set, this permission is required for the source to be listed in the staff
+client Z39.50 interface.  Similar to permission.grp_tree.application_perm.
+$$;
 
 CREATE TABLE config.z3950_attr (
     id          SERIAL  PRIMARY KEY,
diff --git a/Open-ILS/src/sql/Pg/800.fkeys.sql b/Open-ILS/src/sql/Pg/800.fkeys.sql
index 4395c6421c..3777df3c39 100644
--- a/Open-ILS/src/sql/Pg/800.fkeys.sql
+++ b/Open-ILS/src/sql/Pg/800.fkeys.sql
@@ -122,4 +122,6 @@ ALTER TABLE config.barcode_completion ADD CONSTRAINT config_barcode_completion_o
 CREATE INDEX by_heading_and_thesaurus ON authority.record_entry (authority.normalize_heading(marc)) WHERE deleted IS FALSE or deleted = FALSE;
 CREATE INDEX by_heading ON authority.record_entry (authority.simple_normalize_heading(marc)) WHERE deleted IS FALSE or deleted = FALSE;
 
+ALTER TABLE config.z3950_source ADD CONSTRAINT use_perm_fkey FOREIGN KEY (use_perm) REFERENCES permission.perm_list (id) ON UPDATE CASCADE ON DELETE RESTRICT DEFERRABLE INITIALLY DEFERRED;
+
 COMMIT;
diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.schema.czs_use_perm_column.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.schema.czs_use_perm_column.sql
new file mode 100644
index 0000000000..db1f077d8a
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.schema.czs_use_perm_column.sql
@@ -0,0 +1,21 @@
+-- Evergreen DB patch XXXX.schema.czs_use_perm_column.sql
+--
+-- This adds a column to config.z3950_source called use_perm.
+-- The idea is that if a permission is set for a given source,
+-- then staff will need the referenced permission to use that
+-- source.
+--
+BEGIN;
+
+-- check whether patch can be applied
+SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+ALTER TABLE config.z3950_source 
+    ADD COLUMN use_perm INT REFERENCES permission.perm_list (id) ON DELETE SET NULL DEFERRABLE INITIALLY DEFERRED;
+
+COMMENT ON COLUMN config.z3950_source.use_perm IS $$
+If set, this permission is required for the source to be listed in the staff
+client Z39.50 interface.  Similar to permission.grp_tree.application_perm.
+$$;
+
+COMMIT;
-- 
2.11.0