[open-ils-commits] r19482 - branches/rel_2_1/Open-ILS/src/perlmods/lib/OpenILS/Application (erickson)
svn at svn.open-ils.org
svn at svn.open-ils.org
Fri Feb 18 09:36:13 EST 2011
Author: erickson
Date: 2011-02-18 09:36:11 -0500 (Fri, 18 Feb 2011)
New Revision: 19482
Modified:
branches/rel_2_1/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
Log:
retain ability for a user to see his/her own payments and open transactions
Modified: branches/rel_2_1/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
===================================================================
--- branches/rel_2_1/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm 2011-02-18 14:36:10 UTC (rev 19481)
+++ branches/rel_2_1/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm 2011-02-18 14:36:11 UTC (rev 19482)
@@ -1688,7 +1688,9 @@
my $user = $e->retrieve_actor_user($user_id) or return $e->event;
- return $e->event unless $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
+ return $e->event unless
+ $e->requestor->id == $user_id or
+ $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
my $api = $self->api_name();
@@ -3516,7 +3518,9 @@
return $e->die_event unless $e->checkauth;
my $user = $e->retrieve_actor_user($user_id) or return $e->event;
- return $e->event unless $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
+ return $e->event unless
+ $e->requestor->id == $user_id or
+ $e->allowed('VIEW_USER_TRANSACTIONS', $user->home_ou);
# Find all payments for all transactions for user $user_id
my $query = {
More information about the open-ils-commits
mailing list