[open-ils-commits] r8649 - in branches/acq-experiment/Open-ILS: examples src/sql/Pg

svn at svn.open-ils.org svn at svn.open-ils.org
Tue Feb 5 21:50:16 EST 2008 

Author: miker
Date: 2008-02-05 21:21:52 -0500 (Tue, 05 Feb 2008)
New Revision: 8649

Modified:
   branches/acq-experiment/Open-ILS/examples/fm_IDL.xml
   branches/acq-experiment/Open-ILS/src/sql/Pg/006.schema.permissions.sql
Log:
adding generalized object-permission infrastructure for aquisitions

Modified: branches/acq-experiment/Open-ILS/examples/fm_IDL.xml
===================================================================
--- branches/acq-experiment/Open-ILS/examples/fm_IDL.xml	2008-02-05 22:29:22 UTC (rev 8648)
+++ branches/acq-experiment/Open-ILS/examples/fm_IDL.xml	2008-02-06 02:21:52 UTC (rev 8649)
@@ -2085,6 +2085,23 @@
 			<link field="perm" reltype="has_a" key="id" map="" class="ppl"/>
 		</links>
 	</class>
+	<class id="puopm" controller="open-ils.cstore" oils_obj:fieldmapper="permission::usr_object_perm_map" oils_persist:tablename="permission.usr_object_perm_map">
+		<fields oils_persist:primary="id" oils_persist:sequence="permission.usr_object_perm_map_id_seq">
+			<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
+			<field name="ischanged" oils_obj:array_position="1" oils_persist:virtual="true" />
+			<field name="isdeleted" oils_obj:array_position="2" oils_persist:virtual="true" />
+			<field name="object_id" oils_obj:array_position="3" oils_persist:virtual="false" reporter:datatype="text"/>
+			<field name="grantable" oils_obj:array_position="4" oils_persist:virtual="false" reporter:datatype="bool"/>
+			<field name="id" oils_obj:array_position="5" oils_persist:virtual="false" reporter:datatype="id" />
+			<field name="perm" oils_obj:array_position="6" oils_persist:virtual="false" reporter:datatype="link"/>
+			<field name="usr" oils_obj:array_position="7" oils_persist:virtual="false" reporter:datatype="link"/>
+			<field name="object_type" oils_obj:array_position="8" oils_persist:virtual="false" reporter:datatype="text"/>
+		</fields>
+		<links>
+			<link field="usr" reltype="has_a" key="id" map="" class="au"/>
+			<link field="perm" reltype="has_a" key="id" map="" class="ppl"/>
+		</links>
+	</class>
 	<class id="mp" controller="open-ils.cstore" oils_obj:fieldmapper="money::payment" oils_persist:tablename="money.payment_view" reporter:core="true" reporter:label="Payments: All">
 		<fields oils_persist:primary="id" oils_persist:sequence="">
 			<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />

Modified: branches/acq-experiment/Open-ILS/src/sql/Pg/006.schema.permissions.sql
===================================================================
--- branches/acq-experiment/Open-ILS/src/sql/Pg/006.schema.permissions.sql	2008-02-05 22:29:22 UTC (rev 8648)
+++ branches/acq-experiment/Open-ILS/src/sql/Pg/006.schema.permissions.sql	2008-02-06 02:21:52 UTC (rev 8649)
@@ -39,6 +39,16 @@
 		CONSTRAINT perm_usr_once UNIQUE (usr,perm)
 );
 
+CREATE TABLE permission.usr_object_perm_map (
+	id		SERIAL	PRIMARY KEY,
+	usr		INT	NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
+	perm		INT	NOT NULL REFERENCES permission.perm_list (id) ON DELETE CASCADE,
+    object_type TEXT NOT NULL,
+    object_id   TEXT NOT NULL,
+	grantable	BOOL	NOT NULL DEFAULT FALSE,
+		CONSTRAINT perm_usr_obj_once UNIQUE (usr,perm,object_type,object_id)
+);
+
 CREATE TABLE permission.usr_grp_map (
 	id	SERIAL	PRIMARY KEY,
 	usr	INT	NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
@@ -208,6 +218,41 @@
 END;
 $$ LANGUAGE PLPGSQL;
 
+CREATE OR REPLACE FUNCTION permission.usr_has_object_perm ( iuser INT, tperm TEXT, obj_type TEXT, obj_id TEXT, target_ou INT ) RETURNS BOOL AS $$
+DECLARE
+	r_usr	actor.usr%ROWTYPE;
+    res     BOOL;
+BEGIN
+
+	SELECT * INTO r_usr FROM actor.usr WHERE id = iuser;
+
+	IF r_usr.active = FALSE THEN
+		RETURN FALSE;
+	END IF;
+
+	IF r_usr.super_user = TRUE THEN
+		RETURN TRUE;
+	END IF;
+
+    SELECT TRUE INTO res FROM permission.usr_object_perm_map WHERE usr = r_usr.id AND object_type = obj_type AND object_id = obj_id;
+
+    IF FOUND THEN
+        RETURN TRUE;
+    END IF;
+
+    IF target_ou > -1 THEN
+        RETURN permission.usr_has_perm( iuser, tperm, target_ou);
+	END IF;
+
+    RETURN FALSE;
+
+END;
+$$ LANGUAGE PLPGSQL;
+
+CREATE OR REPLACE FUNCTION permission.usr_has_object_perm ( INT, TEXT, TEXT, TEXT ) RETURNS BOOL AS $$
+    SELECT permission.usr_has_object_perm( $1, $2, $3, $4, -1 );
+$$ LANGUAGE SQL;
+
 CREATE OR REPLACE FUNCTION permission.usr_has_perm ( INT, TEXT, INT ) RETURNS BOOL AS $$
 	SELECT	CASE
 			WHEN permission.usr_has_home_perm( $1, $2, $3 ) THEN TRUE

More information about the open-ils-commits mailing list