[open-ils-commits] r19478 - trunk/Open-ILS/src/perlmods/lib/OpenILS/Application (erickson)
svn at svn.open-ils.org
svn at svn.open-ils.org
Fri Feb 18 09:35:06 EST 2011
Author: erickson
Date: 2011-02-18 09:35:04 -0500 (Fri, 18 Feb 2011)
New Revision: 19478
Modified:
trunk/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
Log:
retain ability for a user to see his/her own payments and open transactions
Modified: trunk/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
===================================================================
--- trunk/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm 2011-02-18 14:35:03 UTC (rev 19477)
+++ trunk/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm 2011-02-18 14:35:04 UTC (rev 19478)
@@ -1688,7 +1688,9 @@
my $user = $e->retrieve_actor_user($user_id) or return $e->event;
- return $e->event unless $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
+ return $e->event unless
+ $e->requestor->id == $user_id or
+ $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
my $api = $self->api_name();
@@ -3516,7 +3518,9 @@
return $e->die_event unless $e->checkauth;
my $user = $e->retrieve_actor_user($user_id) or return $e->event;
- return $e->event unless $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
+ return $e->event unless
+ $e->requestor->id == $user_id or
+ $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
# Find all payments for all transactions for user $user_id
my $query = {
More information about the open-ils-commits
mailing list