[open-ils-commits] [GIT] Evergreen ILS branch master updated. b17e3b14d28839739764ce4c29bd3bec01f0fc3c

Evergreen Git git at git.evergreen-ils.org
Wed Jul 6 12:08:41 EDT 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, master has been updated
       via  b17e3b14d28839739764ce4c29bd3bec01f0fc3c (commit)
      from  afdf624007f38ff4d9f7d575a6270dc557d3e117 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b17e3b14d28839739764ce4c29bd3bec01f0fc3c
Author: Thomas Berezansky <tsbere at mvlc.org>
Date:   Thu Jun 16 17:03:36 2011 -0400

    Delete protection - Ensure you can touch group
    
    Same protection editing a user seems to get:
    If you don't have the right group_application.user perm, reject
    
    Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
    Signed-off-by: Dan Wells <dbw2 at calvin.edu>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
index 5e704b4..1f0fa93 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
@@ -3515,7 +3515,13 @@ sub really_delete_user {
     my $e = new_editor(authtoken => $auth, xact => 1);
     return $e->die_event unless $e->checkauth;
     my $user = $e->retrieve_actor_user($user_id) or return $e->die_event;
+    # No deleting yourself - UI is supposed to stop you first, though.
+    return $e->die_event unless $e->requestor->id != $user->id;
     return $e->die_event unless $e->allowed('DELETE_USER', $user->home_ou);
+    # Check if you are allowed to mess with this patron permission group at all
+    my $session = OpenSRF::AppSession->create( "open-ils.storage" );
+    my $evt = group_perm_failed($session, $e->requestor, $user);
+    return $e->die_event($evt) if $evt;
     my $stat = $e->json_query(
         {from => ['actor.usr_delete', $user_id, $dest_user_id]})->[0] 
         or return $e->die_event;

-----------------------------------------------------------------------

Summary of changes:
 .../src/perlmods/lib/OpenILS/Application/Actor.pm  |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list