From 7d477c32174d72abf0195a37c88842c4c4c5fe5c Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Thu, 25 Mar 2010 21:27:04 +0000
Subject: [PATCH] Comment on undocumented interaction.

git-svn-id: svn://svn.open-ils.org/ILS/trunk@15996 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm b/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm
index 2a237576b1..238554c919 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm
@@ -1265,6 +1265,12 @@ sub ou_ancestor_setting_value {
 # that permission.  This means that if you call this method without an
 # authtoken param, you can get whatever org unit setting values you want.
 # API users beware.
+#
+# NOTE: If you supply an editor ($e) arg AND an auth token arg, the editor's
+# authtoken is checked, but the $auth arg is NOT checked.  To say that another
+# way, be sure NOT to pass an editor argument if you want your token checked.
+# Otherwise the auth arg is just a flag saying "check the editor".  
+
 sub ou_ancestor_setting {
     my( $self, $orgid, $name, $e, $auth ) = @_;
     $e = $e || OpenILS::Utils::CStoreEditor->new(
-- 
2.11.0