From 84cc8a18b0b516800915245dbdba87886f04202b Mon Sep 17 00:00:00 2001
From: Thomas Berezansky <tsbere@mvlc.org>
Date: Sun, 25 Sep 2011 15:00:08 -0400
Subject: [PATCH] Add permission for creating report templates

Because we would like people to be able to run them, but not create them.

Also, allow VIEW_REPORT_OUTPUT in reporter interface, so
that you can see the contents of shared output folders.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
---
 .../perlmods/lib/OpenILS/Application/Reporter.pm   | 23 ++++++++++++++++------
 Open-ILS/src/sql/Pg/950.data.seed-values.sql       |  6 +++++-
 Open-ILS/src/sql/Pg/upgrade/XXXX.report_perms.sql  | 12 +++++++++++
 Open-ILS/web/reports/oils_rpt.js                   |  4 ++--
 Open-ILS/web/reports/oils_rpt_folders.js           | 16 ++++++++-------
 5 files changed, 45 insertions(+), 16 deletions(-)
 create mode 100644 Open-ILS/src/sql/Pg/upgrade/XXXX.report_perms.sql

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
index 6e9468a5a9..44590f00cf 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Reporter.pm
@@ -20,6 +20,7 @@ sub create_folder {
 	my $e = new_rstore_editor(xact=>1, authtoken=>$auth);
 	return $e->die_event unless $e->checkauth;
 	return $e->die_event unless $e->allowed('RUN_REPORTS');
+	return $e->die_event unless ($type ne 'template' || $e->allowed('CREATE_REPORT_TEMPLATE'));
 
 	return 0 if $folder->owner ne $e->requestor->id;
 
@@ -63,7 +64,11 @@ sub retrieve_visible_folders {
 	my( $self, $conn, $auth, $type ) = @_;
 	my $e = new_rstore_editor(authtoken=>$auth);
 	return $e->event unless $e->checkauth;
-	return $e->event unless $e->allowed('RUN_REPORTS');
+	if($type eq 'output') {
+		return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
+	} else {
+		return $e->event unless $e->allowed('RUN_REPORTS');
+	}
 
 	my $class = 'rrf';
 	$class = 'rtf' if $type eq 'template';
@@ -107,7 +112,11 @@ sub retrieve_folder_data {
 	my( $self, $conn, $auth, $type, $folderid, $limit ) = @_;
 	my $e = new_rstore_editor(authtoken=>$auth);
 	return $e->event unless $e->checkauth;
-	return $e->event unless $e->allowed('RUN_REPORTS');
+	if($type eq 'output') {
+		return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
+	} else {
+		return $e->event unless $e->allowed('RUN_REPORTS');
+	}
 	my $meth = "search_reporter_${type}";
 	my $class = 'rr';
 	$class = 'rt' if $type eq 'template';
@@ -127,7 +136,7 @@ sub retrieve_schedules {
 	my( $self, $conn, $auth, $folderId, $limit, $complete ) = @_;
 	my $e = new_rstore_editor(authtoken=>$auth);
 	return $e->event unless $e->checkauth;
-	return $e->event unless $e->allowed('RUN_REPORTS');
+	return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
 
 	my $search = { folder => $folderId };
 	my $query = [
@@ -153,7 +162,7 @@ sub retrieve_schedule {
 	my( $self, $conn, $auth, $sched_id ) = @_;
 	my $e = new_rstore_editor(authtoken=>$auth);
 	return $e->event unless $e->checkauth;
-	return $e->event unless $e->allowed('RUN_REPORTS');
+	return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
 	my $s = $e->retrieve_reporter_schedule($sched_id)
 		or return $e->event;
 	return $s;
@@ -168,6 +177,7 @@ sub create_template {
 	my $e = new_rstore_editor(authtoken=>$auth, xact=>1);
 	return $e->die_event unless $e->checkauth;
 	return $e->die_event unless $e->allowed('RUN_REPORTS');
+	return $e->die_event unless $e->allowed('CREATE_REPORT_TEMPLATE');
 	$template->owner($e->requestor->id);
 
 	my $existing = $e->search_reporter_template( {owner=>$template->owner,
@@ -229,7 +239,7 @@ sub retrieve_template {
 	my( $self, $conn, $auth, $id ) = @_;
 	my $e = new_rstore_editor(authtoken=>$auth);
 	return $e->event unless $e->checkauth;
-	return $e->event unless $e->allowed('RUN_REPORTS');
+	return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
 	my $t = $e->retrieve_reporter_template($id)
 		or return $e->event;
 	return $t;
@@ -243,7 +253,7 @@ sub retrieve_report {
 	my( $self, $conn, $auth, $id ) = @_;
 	my $e = new_rstore_editor(authtoken=>$auth);
 	return $e->event unless $e->checkauth;
-	return $e->event unless $e->allowed('RUN_REPORTS');
+	return $e->event unless $e->allowed(['RUN_REPORTS','VIEW_REPORT_OUTPUT']);
 	my $r = $e->retrieve_reporter_report($id)
 		or return $e->event;
 	return $r;
@@ -258,6 +268,7 @@ sub update_template {
 	my $e = new_rstore_editor(authtoken=>$auth, xact=>1);
 	return $e->die_event unless $e->checkauth;
 	return $e->die_event unless $e->allowed('RUN_REPORTS');
+	return $e->die_event unless $e->allowed('CREATE_REPORT_TEMPLATE');
 	my $t = $e->retrieve_reporter_template($tmpl->id)
 		or return $e->die_event;
 	return 0 if $t->owner ne $e->requestor->id;
diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index 41e8d19353..eca99a4fc4 100644
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1446,7 +1446,9 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES
  ( 514, 'UPDATE_PATRON_ACTIVE_CARD', oils_i18n_gettext( 514,
     'Allows a user to manually adjust a patron''s active cards', 'ppl', 'description')),
  ( 515, 'UPDATE_PATRON_PRIMARY_CARD', oils_i18n_gettext( 515,
-    'Allows a user to manually adjust a patron''s primary card', 'ppl', 'description'));
+    'Allows a user to manually adjust a patron''s primary card', 'ppl', 'description')),
+ ( 516, 'CREATE_REPORT_TEMPLATE', oils_i18n_gettext( 516,
+    'Allows a user to create report templates', 'ppl', 'description' ));
 
 SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
 
@@ -1795,6 +1797,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 			'CREATE_COPY_STAT_CAT_ENTRY',
 			'CREATE_COPY_STAT_CAT_ENTRY_MAP',
 			'RUN_REPORTS',
+			'CREATE_REPORT_TEMPLATE',
 			'SHARE_REPORT_FOLDER',
 			'UPDATE_COPY_LOCATION',
 			'UPDATE_COPY_STAT_CAT',
@@ -2195,6 +2198,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 			'DELETE_INVOICE_METHOD',
 			'DELETE_PROVIDER',
 			'RUN_REPORTS',
+			'CREATE_REPORT_TEMPLATE',
 			'SHARE_REPORT_FOLDER',
 			'UPDATE_ACQ_FUNDING_SOURCE',
 			'UPDATE_INVOICE_ITEM_TYPE',
diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.report_perms.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.report_perms.sql
new file mode 100644
index 0000000000..1eb1ff3dc2
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.report_perms.sql
@@ -0,0 +1,12 @@
+INSERT INTO permission.perm_list ( id, code, description ) VALUES
+ ( 516, 'CREATE_REPORT_TEMPLATE', oils_i18n_gettext( 516,
+    'Allows a user to create report templates', 'ppl', 'description' ));
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+    SELECT grp, 516, depth, grantable
+        FROM permission.grp_perm_map
+        WHERE perm = (
+            SELECT id
+                FROM permission.perm_list
+                WHERE code = 'RUN_REPORTS'
+        );
diff --git a/Open-ILS/web/reports/oils_rpt.js b/Open-ILS/web/reports/oils_rpt.js
index 835e06ec9b..ef6e7e2984 100644
--- a/Open-ILS/web/reports/oils_rpt.js
+++ b/Open-ILS/web/reports/oils_rpt.js
@@ -1,4 +1,4 @@
-var perms = [ 'RUN_REPORTS', 'SHARE_REPORT_FOLDER' ];
+var perms = [ 'RUN_REPORTS', 'SHARE_REPORT_FOLDER', 'VIEW_REPORT_OUTPUT' ];
 
 function oilsInitReports() {
 	oilsRptIdObjects();
@@ -16,7 +16,7 @@ function oilsInitReports() {
 	if( cgi.param('dbg') ) oilsRptDebugEnabled = true;
 
 	fetchHighestPermOrgs(SESSION, USER.id(), perms);
-	if( PERMS.RUN_REPORTS == -1 ) {
+	if( PERMS.RUN_REPORTS == -1 && PERMS.VIEW_REPORT_OUTPUT == -1 ) {
 		unHideMe(DOM.oils_rpt_permission_denied);
 		hideMe(DOM.oils_rpt_tree_loading);
 		return false;
diff --git a/Open-ILS/web/reports/oils_rpt_folders.js b/Open-ILS/web/reports/oils_rpt_folders.js
index 4b9346b031..40c646599e 100644
--- a/Open-ILS/web/reports/oils_rpt_folders.js
+++ b/Open-ILS/web/reports/oils_rpt_folders.js
@@ -169,13 +169,15 @@ oilsRptFolderManager.prototype.createTopFolder = function(type, orgsel) {
 
 oilsRptFolderManager.prototype.fetchFolders = function(auth) {
 	var obj = this;
-	var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'template');
-	req.callback( function(r) { obj.drawFolders('template', r.getResultObject()); } );
-	req.send();
-
-	var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'report');
-	req.callback( function(r) { obj.drawFolders('report', r.getResultObject()); } );
-	req.send();
+	if(PERMS.RUN_REPORTS != -1) {
+		var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'template');
+		req.callback( function(r) { obj.drawFolders('template', r.getResultObject()); } );
+		req.send();
+
+		var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'report');
+		req.callback( function(r) { obj.drawFolders('report', r.getResultObject()); } );
+		req.send();
+	}
 
 	var req = new Request(OILS_RPT_FETCH_FOLDERS, auth, 'output');
 	req.callback( function(r) { obj.drawFolders('output', r.getResultObject()); } );
-- 
2.11.0