From df018fed8d3c3ded0adb20a09c673e342dd44004 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Thu, 17 Aug 2006 14:04:05 +0000
Subject: [PATCH] fixed perm checks

git-svn-id: svn://svn.open-ils.org/ILS/trunk@5553 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/src/perlmods/OpenILS/Application/Actor.pm      | 4 +++-
 Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
index bf98ec11d3..f9fd2a1263 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
@@ -2442,7 +2442,9 @@ sub user_retrieve_fleshed_by_id {
 	my( $self, $client, $auth, $user_id, $fields ) = @_;
 	my $e = new_editor(authtoken => $auth);
 	return $e->event unless $e->checkauth;
-	return $e->event unless $e->allowed('VIEW_USER');
+	if( $e->requestor->id != $user_id ) {
+		return $e->event unless $e->allowed('VIEW_USER');
+	}
 	$fields ||= [
 		"cards",
 		"card",
diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm
index 8ba60c767c..167e29554e 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Circ/Holds.pm
@@ -483,7 +483,10 @@ sub retrieve_hold_status {
 	return $e->event unless $e->checkauth;
 	my $hold = $e->retrieve_action_hold_request($hold_id)
 		or return $e->event;
-	return $e->event unless $e->allowed('VIEW_HOLD');
+
+	if( $e->requestor->id != $hold->usr ) {
+		return $e->event unless $e->allowed('VIEW_HOLD');
+	}
 
 	return 1 unless $hold->current_copy;
 	return 2 unless $hold->capture_time;
-- 
2.11.0