[open-ils-commits] [GIT] Evergreen ILS branch rel_2_1 updated. f0f9e63098245e8b591ed1091172f71c172d45d4

Evergreen Git git at git.evergreen-ils.org
Wed Jul 6 12:08:42 EDT 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_1 has been updated
       via  f0f9e63098245e8b591ed1091172f71c172d45d4 (commit)
      from  3749ed5425b04ec2253197fc5b58870e61c261fc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f0f9e63098245e8b591ed1091172f71c172d45d4
Author: Thomas Berezansky <tsbere at mvlc.org>
Date:   Thu Jun 16 17:03:36 2011 -0400

    Delete protection - Ensure you can touch group
    
    Same protection editing a user seems to get:
    If you don't have the right group_application.user perm, reject
    
    Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
    Signed-off-by: Dan Wells <dbw2 at calvin.edu>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
index 9b9bd13..094bff0 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
@@ -3491,7 +3491,13 @@ sub really_delete_user {
     my $e = new_editor(authtoken => $auth, xact => 1);
     return $e->die_event unless $e->checkauth;
     my $user = $e->retrieve_actor_user($user_id) or return $e->die_event;
+    # No deleting yourself - UI is supposed to stop you first, though.
+    return $e->die_event unless $e->requestor->id != $user->id;
     return $e->die_event unless $e->allowed('DELETE_USER', $user->home_ou);
+    # Check if you are allowed to mess with this patron permission group at all
+    my $session = OpenSRF::AppSession->create( "open-ils.storage" );
+    my $evt = group_perm_failed($session, $e->requestor, $user);
+    return $e->die_event($evt) if $evt;
     my $stat = $e->json_query(
         {from => ['actor.usr_delete', $user_id, $dest_user_id]})->[0] 
         or return $e->die_event;

-----------------------------------------------------------------------

Summary of changes:
 .../src/perlmods/lib/OpenILS/Application/Actor.pm  |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list