From 9d269723c1af17887028bd703e4524f89a692331 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Wed, 19 Jan 2011 22:27:14 +0000
Subject: [PATCH] remove disallowed permission groups from the perm group
 selector in user registration; see bug 699914

git-svn-id: svn://svn.open-ils.org/ILS/trunk@19221 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 .../js/dojo/openils/widget/FilteringTreeSelect.js  |  2 +-
 Open-ILS/web/js/ui/default/actor/user/register.js  | 72 +++++++++++++++++++++-
 2 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/Open-ILS/web/js/dojo/openils/widget/FilteringTreeSelect.js b/Open-ILS/web/js/dojo/openils/widget/FilteringTreeSelect.js
index 1833f95703..6443f89e0a 100644
--- a/Open-ILS/web/js/dojo/openils/widget/FilteringTreeSelect.js
+++ b/Open-ILS/web/js/dojo/openils/widget/FilteringTreeSelect.js
@@ -42,7 +42,7 @@ if(!dojo._hasResource["openils.widget.FilteringTreeSelect"]){
                 if(this.dataList.length > 0) {
                     var storeData = fieldmapper[this.className].initStoreData();
                     storeData.items = this.dataList;
-                    this.store = new dojo.data.ItemFileReadStore({data:storeData});
+                    this.store = new dojo.data.ItemFileWriteStore({data:storeData});
                 }
                 this.inherited(arguments);
 
diff --git a/Open-ILS/web/js/ui/default/actor/user/register.js b/Open-ILS/web/js/ui/default/actor/user/register.js
index b842033b54..fd05db79ea 100644
--- a/Open-ILS/web/js/ui/default/actor/user/register.js
+++ b/Open-ILS/web/js/ui/default/actor/user/register.js
@@ -126,6 +126,7 @@ function load() {
     surveyTemplate = tbody.removeChild(dojo.byId('survey-row-template'));
     surveyQuestionTemplate = tbody.removeChild(dojo.byId('survey-question-row-template'));
 
+    checkGrpAppPerm(); // to do the initial load
     loadStaticFields();
     if(patron.isnew() && patron.addresses().length == 0) 
         uEditNewAddr(null, uEditAddrVirtId, true);
@@ -150,6 +151,56 @@ function load() {
     lock_ready = true;
 }
 
+var permGroups;
+var noPermGroups = [];
+// Returns true if the user is allowed to edit the selected group
+function checkGrpAppPerm(grpId) {
+
+    if(!permGroups) {
+
+        // get the groups
+        permGroups = new openils.PermaCrud().retrieveAll('pgt');
+        var permGroupPerms = []
+
+        // collect the group permissions
+        dojo.forEach(permGroups, 
+            function(grp) {
+                if(grp.application_perm())
+                    permGroupPerms.push(grp.application_perm());
+            }
+        );
+
+        // see which of the group application perms I do not have
+        var myPerms = fieldmapper.standardRequest(
+            ['open-ils.actor', 'open-ils.actor.user.has_work_perm_at.batch'],
+            [openils.User.authtoken, permGroupPerms]
+        );
+
+        var failedPerms = [];
+        for(var p in myPerms) { 
+            if(myPerms[p].length == 0) 
+                failedPerms.push(p); 
+        }
+
+        // identify which groups I cannot edit because I do not have permisssion
+
+        function checkTree(grp, failed) {
+            failed = failed || failedPerms.indexOf(grp.application_perm()) > -1;
+            if(failed) noPermGroups.push(grp.id()+'');
+            dojo.forEach(
+                permGroups.filter(function(g) { return g.parent() == grp.id() } ),
+                function(child) {
+                    checkTree(child, failed);
+                }
+            );
+        }
+
+        checkTree(permGroups.filter(function(g) { return g.parent() == null })[0]);
+    }
+
+    return noPermGroups.indexOf(grpId+'') == -1;
+}
+
 
 function drawAllCards() {
 
@@ -615,12 +666,18 @@ function fleshFMRow(row, fmcls, args) {
         // not overwritten when the profile groups arrive and update
         wargs.forceSync = true;
         wargs.disableQuery = {usergroup : 'f'};
+        if(!patron.isnew() && !checkGrpAppPerm(patron.profile()))
+            wargs.readOnly = true;
     } else {
         wargs.forceSync = false;
     }
 
     var widget = new openils.widget.AutoFieldWidget(wargs);
-    widget.build();
+    widget.build(
+        function(w, ww) {
+            if(fmfield == 'profile') { trimGrpTree(ww); }
+        }
+    );
 
     // now put it back before we register the widget
     if(isPasswd2) fmfield = 'passwd2';
@@ -633,6 +690,19 @@ function fleshFMRow(row, fmcls, args) {
     return widget;
 }
 
+function trimGrpTree(autoWidget) {
+    var store = autoWidget.widget.store;
+    if(!store) return;
+    // remove all groups that this user are not allowed to edit, 
+    // except the profile group of an existing user
+    store.fetch({onItem : 
+        function(item) {
+            if(!checkGrpAppPerm(item.id[0]) && patron.profile() != item.id[0])
+                store.deleteItem(item);
+        }
+    });
+}
+
 function findWidget(wtype, fmfield, callback) {
     return widgetPile.filter(
         function(i){
-- 
2.11.0