[open-ils-commits] r15100 - trunk/Open-ILS/src/perlmods/OpenILS/Application (miker)

[svn at svn.open-ils.org]

Author: miker
Date: 2009-12-08 11:29:53 -0500 (Tue, 08 Dec 2009)
New Revision: 15100

Modified:
   trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm
Log:
check session viability when retrieving resources or reservations, and VIEW_TRANSACTION permission on reservations

Modified: trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm
===================================================================
--- trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm	2009-12-08 16:26:53 UTC (rev 15099)
+++ trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm	2009-12-08 16:29:53 UTC (rev 15100)
@@ -153,6 +153,9 @@
 
     return undef unless ($filters->{type} || $filters->{attribute_values});
 
+    my $e = new_editor(authtoken=>$auth);
+    return $e->event unless $e->checkauth;
+
     my $query = {
         'select'   => { brsrc => [ 'id' ] },
         'from'     => { brsrc => {} },
@@ -284,6 +287,10 @@
 
     return undef unless ($filters->{user} || $filters->{resource} || $filters->{type} || $filters->{attribute_values});
 
+    my $e = new_editor(authtoken=>$auth);
+    return $e->event unless $e->checkauth;
+    return $e->event unless $e->allowed('VIEW_TRANSACTION');
+
     my $query = {
         'select'   => { bresv => [ 'id' ] },
         'from'     => { bresv => {} },