From a7526df453204fc3031390e3048c50bb3805abff Mon Sep 17 00:00:00 2001
From: Dan Wells <dbw2@calvin.edu>
Date: Tue, 18 Aug 2015 10:42:27 -0400
Subject: [PATCH] LP#1479107 Move VOID_BILLING perm check to top-level API

Pemission checks are needed at entry points, but can lead to
undesirable consequences if checked during automated processing.  In
the case of voids, let's move the perm check up to make sure our
automated processing can complete.

Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
---
 Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm | 6 ------
 Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm      | 2 ++
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
index 113e47c77b..62b5b57bab 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/CircCommon.pm
@@ -849,8 +849,6 @@ sub bill_payment_map_for_xact {
 # CStoreEditor, an arrayref of bill ids or bills, and an optional note.
 sub void_bills {
     my ($class, $e, $billids, $note) = @_;
-    return $e->die_event unless $e->checkauth;
-    return $e->die_event unless $e->allowed('VOID_BILLING');
 
     my %users;
     my $bills;
@@ -904,10 +902,6 @@ sub void_bills {
 sub adjust_bills_to_zero {
     my ($class, $e, $billids, $note) = @_;
 
-    # Get with the editor to see if we have permission to void bills.
-    return $e->die_event unless $e->checkauth;
-    return $e->die_event unless $e->allowed('VOID_BILLING');
-
     my %users;
 
     # Let's get all the billing objects and handle them by
diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm
index 30e0ca932e..038761d923 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Money.pm
@@ -907,6 +907,8 @@ __PACKAGE__->register_method(
 sub void_bill {
     my( $s, $c, $authtoken, @billids ) = @_;
     my $editor = new_editor(authtoken=>$authtoken, xact=>1);
+    return $editor->die_event unless $editor->checkauth;
+    return $editor->die_event unless $editor->allowed('VOID_BILLING');
     my $rv = $CC->void_bills($editor, \@billids);
     if (ref($rv) eq 'HASH') {
         # We got an event.
-- 
2.11.0