[open-ils-commits] [GIT] Evergreen ILS branch rel_2_0 updated. d5f91cdde6473aa2968e87118cccf3155bce9fa4

Evergreen Git git at git.evergreen-ils.org
Wed Jul 6 12:08:41 EDT 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_0 has been updated
       via  d5f91cdde6473aa2968e87118cccf3155bce9fa4 (commit)
      from  b0c5c26b5249ab4ae5011423ee00586d9d1e1e7c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d5f91cdde6473aa2968e87118cccf3155bce9fa4
Author: Thomas Berezansky <tsbere at mvlc.org>
Date:   Thu Jun 16 17:03:36 2011 -0400

    Delete protection - Ensure you can touch group
    
    Same protection editing a user seems to get:
    If you don't have the right group_application.user perm, reject
    
    Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
    Signed-off-by: Dan Wells <dbw2 at calvin.edu>

diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
index 862019d..7708d19 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
@@ -3477,7 +3477,13 @@ sub really_delete_user {
     my $e = new_editor(authtoken => $auth, xact => 1);
     return $e->die_event unless $e->checkauth;
     my $user = $e->retrieve_actor_user($user_id) or return $e->die_event;
+    # No deleting yourself - UI is supposed to stop you first, though.
+    return $e->die_event unless $e->requestor->id != $user->id;
     return $e->die_event unless $e->allowed('DELETE_USER', $user->home_ou);
+    # Check if you are allowed to mess with this patron permission group at all
+    my $session = OpenSRF::AppSession->create( "open-ils.storage" );
+    my $evt = group_perm_failed($session, $e->requestor, $user);
+    return $e->die_event($evt) if $evt;
     my $stat = $e->json_query(
         {from => ['actor.usr_delete', $user_id, $dest_user_id]})->[0] 
         or return $e->die_event;

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/src/perlmods/OpenILS/Application/Actor.pm |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list