[open-ils-commits] [GIT] Evergreen ILS branch master updated. c9af31b7b3a46101bd73bfc0a794b488e1090282

Evergreen Git git at git.evergreen-ils.org
Thu Feb 16 17:00:14 EST 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, master has been updated
       via  c9af31b7b3a46101bd73bfc0a794b488e1090282 (commit)
       via  a02bcf5bd3c2e67e9c32885e5a72c84682e3677e (commit)
       via  e664df4cb7d02b5e5c29890c62cd0cb5c4a8883e (commit)
      from  500b7273183d62a1de67bbac6f0eafa8582bcb59 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c9af31b7b3a46101bd73bfc0a794b488e1090282
Author: Galen Charlton <gmc at equinoxinitiative.org>
Date:   Thu Feb 16 12:13:05 2017 -0500

    LP#16663435: stamp database update
    
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>

diff --git a/Open-ILS/src/sql/Pg/002.schema.config.sql b/Open-ILS/src/sql/Pg/002.schema.config.sql
index b2cb8cb..e7323d5 100644
--- a/Open-ILS/src/sql/Pg/002.schema.config.sql
+++ b/Open-ILS/src/sql/Pg/002.schema.config.sql
@@ -91,7 +91,7 @@ CREATE TRIGGER no_overlapping_deps
     BEFORE INSERT OR UPDATE ON config.db_patch_dependencies
     FOR EACH ROW EXECUTE PROCEDURE evergreen.array_overlap_check ('deprecates');
 
-INSERT INTO config.upgrade_log (version, applied_to) VALUES ('1017', :eg_version); -- gmcharlt/miker
+INSERT INTO config.upgrade_log (version, applied_to) VALUES ('1018', :eg_version); -- csharp/Dyrcona/gmcharlt
 
 CREATE TABLE config.bib_source (
 	id		SERIAL	PRIMARY KEY,
diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.coust_view_perms_stripe.sql b/Open-ILS/src/sql/Pg/upgrade/1018.data.coust_view_perms_stripe.sql
similarity index 88%
rename from Open-ILS/src/sql/Pg/upgrade/XXXX.data.coust_view_perms_stripe.sql
rename to Open-ILS/src/sql/Pg/upgrade/1018.data.coust_view_perms_stripe.sql
index 438ec30..34754f9 100644
--- a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.coust_view_perms_stripe.sql
+++ b/Open-ILS/src/sql/Pg/upgrade/1018.data.coust_view_perms_stripe.sql
@@ -1,6 +1,6 @@
 BEGIN;
 
-SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+SELECT evergreen.upgrade_deps_block_check('1018', :eg_version);
 
 UPDATE config.org_unit_setting_type
     SET view_perm = (SELECT id FROM permission.perm_list

commit a02bcf5bd3c2e67e9c32885e5a72c84682e3677e
Author: Jason Stephenson <jason at sigio.com>
Date:   Tue Feb 14 15:12:47 2017 -0500

    LP#16663435 - Release Note for Missing Stripe Settings Permissions
    
    Signed-off-by: Jason Stephenson <jason at sigio.com>
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>

diff --git a/docs/RELEASE_NOTES_NEXT/Administration/stripe_settings_permission.adoc b/docs/RELEASE_NOTES_NEXT/Administration/stripe_settings_permission.adoc
new file mode 100644
index 0000000..84ca344
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/Administration/stripe_settings_permission.adoc
@@ -0,0 +1,15 @@
+Credit Processor Stripe Settings Permissions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Unprivileged users can retrieve organizational unit setting values for
+setting types lacking a "view" permission.  When the feature adding
+Stripe credit card processing was added, the upgrade script neglected
+to add the VIEW_CREDIT_CARD_PROCESSING permission to the
+organizational unit setting type.  This means that anyone can retrieve
+and view the settings for Stripe credit card processing.
+
+Any system that upgraded from Evergreen version 2.5 to 2.6 is
+affected.  If you use Stripe for credit card processing, it is
+strongly recommended that you apply this upgrade.  Even if you do not
+use Stripe, applying this upgrade is still recommended.  If you did
+not upgrade from version 2.5 to 2.6 of Evergreen, but started with a
+later version, applying this upgrade is harmless.

commit e664df4cb7d02b5e5c29890c62cd0cb5c4a8883e
Author: Chris Sharp <csharp at georgialibraries.org>
Date:   Tue Feb 14 13:27:31 2017 -0500

    LP#16663435 - Stripe org settings lack view permissions.
    
    Unprivileged users can retrieve organizational unit setting values
    for setting types lacking a "view" permission.  When the feature adding
    Stripe credit card processing was added, the upgrade script neglected to
    add the VIEW_CREDIT_CARD_PROCESSING permission to the organizational unit
    setting type (which was included in 0396.data.org-setting-payflowpro.sql).
    
    Fresh installs are not affected, but anyone who upgraded through 0863.data.stripe-payments.sql
    (included in the 2.5.3-2.6.0-upgrade-db.sql version upgrade script) and is
    using Stripe credit card processing should run this script.
    
    Signed-off-by: Chris Sharp <csharp at georgialibraries.org>
    Signed-off-by: Jason Stephenson <jason at sigio.com>
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>

diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.coust_view_perms_stripe.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.coust_view_perms_stripe.sql
new file mode 100644
index 0000000..438ec30
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.coust_view_perms_stripe.sql
@@ -0,0 +1,15 @@
+BEGIN;
+
+SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+UPDATE config.org_unit_setting_type
+    SET view_perm = (SELECT id FROM permission.perm_list
+        WHERE code = 'VIEW_CREDIT_CARD_PROCESSING' LIMIT 1)
+    WHERE name LIKE 'credit.processor.stripe%' AND view_perm IS NULL;
+
+UPDATE config.org_unit_setting_type
+    SET update_perm = (SELECT id FROM permission.perm_list
+        WHERE code = 'ADMIN_CREDIT_CARD_PROCESSING' LIMIT 1)
+    WHERE name LIKE 'credit.processor.stripe%' AND update_perm IS NULL;
+
+COMMIT;

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/src/sql/Pg/002.schema.config.sql          |    2 +-
 .../upgrade/1018.data.coust_view_perms_stripe.sql  |   15 +++++++++++++++
 .../Administration/stripe_settings_permission.adoc |   15 +++++++++++++++
 3 files changed, 31 insertions(+), 1 deletions(-)
 create mode 100644 Open-ILS/src/sql/Pg/upgrade/1018.data.coust_view_perms_stripe.sql
 create mode 100644 docs/RELEASE_NOTES_NEXT/Administration/stripe_settings_permission.adoc


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list