[open-ils-commits] r8483 - branches/acq-experiment/Open-ILS/src/perlmods/OpenILS/Application/Acq

svn at svn.open-ils.org svn at svn.open-ils.org
Wed Jan 23 13:30:10 EST 2008 

Author: erickson
Date: 2008-01-23 13:03:33 -0500 (Wed, 23 Jan 2008)
New Revision: 8483

Modified:
   branches/acq-experiment/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm
Log:
repaired perm checks in fund retrieval

Modified: branches/acq-experiment/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm
===================================================================
--- branches/acq-experiment/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm	2008-01-23 17:55:11 UTC (rev 8482)
+++ branches/acq-experiment/Open-ILS/src/perlmods/OpenILS/Application/Acq/Financials.pm	2008-01-23 18:03:33 UTC (rev 8483)
@@ -112,7 +112,7 @@
 	method => 'retrieve_org_funds',
 	api_name	=> 'open-ils.acq.fund.org.retrieve',
 	signature => {
-        desc => 'Retrieves all the funds associated with an org unit',
+        desc => 'Retrieves all the funds associated with an org unit that the requestor has access to see',
         params => [
             {desc => 'Authentication token', type => 'string'},
             {desc => 'Org Unit ID', type => 'number'},
@@ -132,16 +132,21 @@
     return $e->event unless $e->checkauth;
     return $e->event unless $e->allowed('VIEW_FUND', $org_id);
 
-    my $search = {owner => $org_id};
+    my $orglist = [$org_id];
     if($$options{full_path}) {
-        my $orglist = org_descendants($org_id);
+        $orglist = org_descendants($org_id);
         push(@$orglist, @{org_ancestors($org_id)});
-        $search = {owner => $orglist};
     } else {
-        $search = {owner => org_descendants($org_id)} if $$options{descendants};
-        $search = {owner => org_ancestors($org_id)} if $$options{ancestors};
+        $orglist = org_descendants($org_id) if $$options{descendants};
+        $orglist = org_ancestors($org_id) if $$options{ancestors};
     }
 
+    my @search_orgs;
+    for my $orgid (@$orglist) {
+        push(@search_orgs, $orgid) if $e->allowed('VIEW_FUND', $orgid);
+    }
+
+    my $search = {owner => \@search_orgs};
     my $funds = $e->search_acq_fund($search) or return $e->event;
     return $funds; 
 }

More information about the open-ils-commits mailing list