From af40024e50bfee6d763a01305e47e96235ca1d52 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Tue, 23 Dec 2008 18:06:29 +0000
Subject: [PATCH] added support for friends viewing holds.  general code
 update/cleanup

git-svn-id: svn://svn.open-ils.org/ILS/trunk@11664 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 .../src/perlmods/OpenILS/Application/Circ/Holds.pm | 40 ++++++++++++----------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm
index 3c4581a55f..78d77f7f95 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm
@@ -30,6 +30,7 @@ use OpenILS::Utils::PermitHold;
 use OpenSRF::Utils::SettingsClient;
 use OpenILS::Const qw/:const/;
 use OpenILS::Application::Circ::Transit;
+use OpenILS::Application::Actor::Friends;
 
 my $apputils = "OpenILS::Application::AppUtils";
 my $U = $apputils;
@@ -322,32 +323,35 @@ different from the user, then the requestor must have VIEW_HOLD permissions.
 NOTE
 
 sub retrieve_holds {
-	my($self, $client, $login_session, $user_id) = @_;
-
-	my( $user, $target, $evt ) = $apputils->checkses_requestor(
-		$login_session, $user_id, 'VIEW_HOLD' );
-	return $evt if $evt;
+	my($self, $client, $auth, $user_id) = @_;
+
+    my $e = new_editor(authtoken=>$auth);
+    return $e->event unless $e->checkauth;
+    $user_id = $e->requestor->id unless defined $user_id;
+
+    unless($user_id == $e->requestor->id) {
+        my $user = $e->retrieve_actor_user($user_id) or return $e->event;
+        unless($e->allowed('VIEW_HOLD', $user->home_ou)) {
+            my $allowed = OpenILS::Application::Actor::Friends->friend_perm_allowed(
+                $e, $user_id, $e->requestor->id, 'hold.view');
+            return $e->event unless $allowed;
+        }
+    }
 
-	my $holds = $apputils->simplereq(
-		'open-ils.cstore',
-		"open-ils.cstore.direct.action.hold_request.search.atomic",
-		{ 
-			usr =>  $user_id , 
+    my $holds = $e->search_action_hold_request([
+		{   usr =>  $user_id , 
 			fulfillment_time => undef,
 			cancel_time => undef,
 		}, 
-		{ order_by => { ahr => "request_time" } }
-	);
+		{order_by => {ahr => "request_time"}}
+	]);
 	
 	if( ! $self->api_name =~ /id_list/ ) {
 		for my $hold ( @$holds ) {
 			$hold->transit(
-				$apputils->simplereq(
-					'open-ils.cstore',
-					"open-ils.cstore.direct.action.hold_transit_copy.search.atomic",
-					{ hold => $hold->id },
-					{ order_by => { ahtc => 'id desc' }, limit => 1 }
-				)->[0]
+                $e->search_action_hold_transit_copy([
+					{hold => $hold->id},
+					{order_by => {ahtc => 'id desc'}, limit => 1}])->[0]
 			);
 		}
 	}
-- 
2.11.0